Woe_is_Me_n_myPC Posted February 5, 2013 ID:643660 Share Posted February 5, 2013 Apparently, the Trojans are having a family reunion and all of their friends and relatives have shown up and are having a party on my PC...It's now time for these guys to leave, and I need some expert assistance getting that done:I was first attacked on January 29, and have evidence of the following "guests" on my computer:Medfos.BZeroAccess.iaWin32/Karagany.IWin32/Fareit.gen!IWin32/Sirefef!cfgWin64/Sirefef.AEWin32/FareitWin32/Uryusy.CWin32/CeeInject.gen!HLExploit:Java/CVE-2013-0422Exploit:Java/CVE-2013-0422.CRDN/Generic Downloader.xlmFake-Alert-SecurityTool.haMedfos-FAVB!FBC80A1CA097Medfos-FAVB!BFB50AF59AD5Trojan.Ransom.NDFBackdoor.BotStartnow Toolbar/startnow.comFBI-MoneyPakINCIDENT/ATTACK DETAILS:Tuesday, January 29 2013 @ 1642 CST: Browsing in Chrome, I arrived @ designmodo.com (first time at that site). Prompted for permission to run Java, selected "Run this one time." Prompted to install a newer version of Adobe Flash, and selected 'yes.' (This was fake, and I should have known better.) Chrome behaved erratically for a few seconds, after which the FBI-MoneyPak page appeared. I shut down with Ctl=alt-delete. Upon restart, McAfree notified detection and removal of ZeroAccess.ia.SYSTEM ISSUES/SYMPTOMS: Unable to activate Windows Firewall recommended settings (Windows Firewall can't change some of your settings. Error code 0x80070424)Unable to start Windows Security Center ServiceMcAfee Firewall turns itself off every 20 minutes or so, and is sometimes difficult to turn back on.Computer runs slow. Examples: A McAfee full scan initiated on 2/3 required 27 hours to complete. The DDS scan today required about four times longer to run than the one I ran a few days ago.I've not had the opportunity yet to check out my installed applications, so don't know if there are any issues with those.WHAT I HAVE (AND HAVE NOT) DONE SO FAR: Have copied most of my data files to the cloud in prepartion for cleaning my PC.Most days, I have limited time online to checking email and researching these issues. I did need to be online overnight while uploading my data files to the cloud (which required nearly 20 hours over a couple of days). Otherwise, I keep Chrome and IE closed and the power to the wireless router turned off.Have used Internet Explorer 9 since the attack instead of the default browser, Chrome.Ran several quick scans AND full scans with both McAfree VirusScan AND Microsoft Security Essentials, the initial scans occurring immediately (within 2 minutes) following the attack. Each program detects different infections each time, and several scans have been clean. Detections were quarantined, and some detections, but not all, were removed.Visually reviewed every single file on the hard drive that was modified on 1/29/13 after the infection, finding numerous suspicious files (kept a log, but did not delete any files).Installed, updated and ran Malwarebytes Anti-Malware several times. Different infections found on three occasions, and a couple scans were clean, including the most recent one.Installed and ran RogueKiller, which found ZeroAcess amoung other issues: Did NOT delete any found items.Disabled the StartNow extension in Chrome.Uninstalled StartNow Toolbar in WindowsJava is out of date and was likely the vulnerability that allowed this attack. To date, I have not uninstalled, nor updated it.I've kept logs and screenshots of most everything done since the infection began.I normally reboot once each day and delete files in %temp% and the Recycle bin after restarting. I took a screenshot of today's temp files before deleting, as there were several that I thought were suspect.After a good deal of research, I decided early on to request assistance here at Malwarebytes; I ran a DDS scan on 1/31/2013 and another one today. The dds.txt and attach.txt files from today's scan follow. Due to other committments, this is my first opportunity for extended time to get this solved. I need guidance and assistance, as it is critical that I solve/clean this correctly. Thank you in advance for your assistance, and please let me know if there is anything else you require to get started.~Karen'Woe_is_Me_n_myPC'DDS LOG 2/4/2013DDS (Ver_2012-11-20.01) - NTFS_AMD64Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2Run by Karen Diamond at 18:05:36 on 2013-02-04Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.2241 [GMT -6:00].AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\ibmpmsvc.exeC:\Windows\system32\svchost.exe -k RPCSSc:\Program Files\Microsoft Security Client\MsMpEng.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\system32\WLANExt.exeC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exeC:\Program Files\LENOVO\HOTKEY\TPHKSVC.exeC:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exeC:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\Intel\WiFi\bin\EvtEng.exeC:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files\Lenovo\Communications Utility\CAMMUTE.exeC:\Program Files\LENOVO\HOTKEY\MICMUTE.exeC:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exeC:\Program Files\LENOVO\VIRTSCRL\lvvsst.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeC:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exeC:\Windows\system32\mfevtps.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exeC:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exeC:\Program Files (x86)\Spyware Terminator\sp_rsser.exec:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\rundll32.exeC:\Windows\system32\rundll32.exeC:\Windows\SysWOW64\rundll32.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Windows\system32\wbem\unsecapp.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exeC:\Program Files\Common Files\McAfee\SystemCore\mcshield.exeC:\Program Files\Common Files\McAfee\SystemCore\mfefire.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exeC:\Windows\system32\taskhost.exeC:\Program Files\LENOVO\HOTKEY\tposdsvc.exeC:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exeC:\Program Files\Lenovo\HOTKEY\TPONSCR.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exeC:\Program Files\Logitech\ScrollApp\KhalScroll.exeC:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exeC:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exeC:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exeC:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXEC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exeC:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exeC:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exec:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exeC:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exeC:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTE.EXEC:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXEc:\PROGRA~1\mcafee.com\agent\mcagent.exeC:\Windows\system32\svchost.exe -k SDRSVCC:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Program Files\Microsoft Security Client\msseces.exeC:\Program Files\Common Files\McAfee\Core\mchost.exeC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\SysWOW64\NOTEPAD.EXEC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.google.com/uDefault_Page_URL = hxxp://lenovo.msn.comuProxyOverride = 192.168.*.*;*.localuURLSearchHooks: {ba14329e-9550-4989-b3f2-9732e92d17cc} - <orphaned>mWinlogon: Userinit = userinit.exe,BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllBHO: PE_IE_Helper Class: {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dllBHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllBHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dllBHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLBHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllBHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120625085447.dllBHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllBHO: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllBHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllBHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLLBHO: IePasswordManagerHelper Class: {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllBHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dllBHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllBHO: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dllBHO: Softonic Helper Object: {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dllBHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: AVG Security Toolbar: {A057A204-BACC-4D26-9990-79A187E2698E} -TB: Softonic Toolbar: {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dllTB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllTB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [skyDrive] "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /backgrounduRun: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BI29JVB05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1uRunOnce: [uninstall C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\System32\cmd.exe /q /c rmdir /s /q "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"mRun: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /startmRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesmRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [Online Backup Auto Update] "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe"mRun: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exemRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exemRun: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEStartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SECURE~1.LNK - C:\Windows\System32\schtasks.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exemPolicies-Explorer: NoActiveDesktop = dword:1mPolicies-Explorer: NoActiveDesktopChanges = dword:1mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllIE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllIE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllIE: {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dllDPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cabDPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CABDPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabTCP: NameServer = 68.105.28.11 68.105.29.11 68.105.28.12TCP: Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8} : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12TCP: Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8}\C696E6B6379737F5B656C6C6F6577686 : DHCPNameServer = 192.168.254.254TCP: Interfaces\{D2E38DC4-14B8-4C06-919A-DFB509A236E6} : DHCPNameServer = 192.168.1.1Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dllFilter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLHandler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dllHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllHandler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} -Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dllSSODL: WebCheck - <orphaned>SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLLLSA: Notification Packages = scecli ACGinamASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mWinlogon: Userinit = userinit.exe,x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLLx64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120625085447.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLLx64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllx64-BHO: Logitech Scroll App: {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\LogiSmooth.dllx64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [AcWin7Hlpr] ABLER.EXEx64-Run: [cssauth] Tx64-Run: [synTPEnh] H.EXEx64-Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXEx64-Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXEx64-Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXEx64-Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exex64-Run: [EvtMgr6] Gx64-Run: [MSC] KEYx64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dllx64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dllx64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabx64-DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabx64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cabx64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dllx64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLx64-Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - <orphaned>x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>x64-Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - <orphaned>x64-Handler: x-owacid - {0215258f-f0a8-49de-bf1b-0ff02eda8807} - <orphaned>x64-SSODL: WebCheck - <orphaned>x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL.============= SERVICES / DRIVERS ===============.R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-10-15 771096]R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2012-4-18 339776]R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]R0 TPDIGIMN;TPDIGIMN;C:\Windows\System32\drivers\ApsHM64.sys [2009-10-9 23592]R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\System32\drivers\smiifx64.sys [2011-11-29 15472]R2 FilesystemWatcher;Filesystem Watcher;C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe [2011-7-16 24576]R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2012-10-4 50536]R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-29 101736]R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2012-10-4 74088]R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2011-11-29 133992]R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2012-4-18 241016]R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2012-4-18 218320]R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-4-18 182312]R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-9-13 229392]R2 OnlineBackupSchedulerService;Online Backup Scheduler;C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe [2011-7-17 24576]R2 sp_rsdrv2;Spyware Terminator Driver Filter;C:\Windows\System32\drivers\stflt.sys [2010-7-7 50696]R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-29 145256]R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-29 142696]R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-5-27 2320920]R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-5-27 56344]R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-5-27 158848]R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-5-27 271872]R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2012-4-18 309400]R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2012-4-18 515528]R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2009-9-15 6952960]R3 PCDSRVC{127174DC-C366ED8B-06020101}_0;PCDSRVC{127174DC-C366ED8B-06020101}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor\pcdsrvc_x64.pkms [2010-12-9 25072]R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]R3 usbsmi;Integrated Camera;C:\Windows\System32\drivers\SMIksdrv.sys [2010-5-27 206080]S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]S2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2012-10-27 201304]S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]S3 azvusb;Virtual USB Hub;C:\Windows\System32\drivers\azvusb.sys [2009-8-24 54784]S3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2012-4-18 69672]S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-1-15 16776]S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-1-15 9096]S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-10-27 196440]S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2012-4-18 106112]S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]S3 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]S3 PCTV340_801;YUAN based TV tuner device;C:\Windows\System32\drivers\dvb7700all.sys [2010-3-10 946176]S3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2010-5-27 75112]S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-27 239136]S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-21 59392]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-5-10 51712]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-14 1255736]S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys [2011-8-18 29288]S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys [2011-8-18 29288]S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys [2011-8-18 29288]S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys [2011-8-18 29288]S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys [2011-8-18 29288]S3 WSDScan;WSD Scan Support via UMB;C:\Windows\System32\drivers\WSDScan.sys [2009-7-13 25088]S4 PCPitstop Scheduling;PCPitstop Scheduling;C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [2012-2-8 77312].=============== Created Last 30 ================.2013-02-04 23:21:02 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CEC694FB-FFAA-4A80-A8AC-24F38FDE15DF}\mpengine.dll2013-02-04 00:15:35 9161176 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll2013-02-01 16:51:09 -------- d-----w- C:\Program Files (x86)\Belarc2013-01-31 03:07:59 -------- d-----w- C:\Users\Christian\AppData\Roaming\Malwarebytes2013-01-31 03:07:32 -------- d-----w- C:\ProgramData\Malwarebytes2013-01-31 03:07:31 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-01-31 03:07:31 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-17 02:06:18 -------- d-----w- C:\Users\Christian\AppData\Roaming\CmapTools2013-01-17 02:06:16 -------- d-----w- C:\Users\Christian\CmapToolsLogs2013-01-17 02:04:11 -------- d-----w- C:\Program Files\IHMC CmapTools2013-01-17 02:04:10 -------- d--h--w- C:\Program Files\Zero G Registry2013-01-17 01:58:39 -------- d--h--w- C:\Users\Christian\InstallAnywhere2013-01-16 18:02:01 -------- d-----w- C:\Users\Christian\AppData\Roaming\Blackboard2013-01-09 12:09:41 2002432 ----a-w- C:\Windows\System32\msxml6.dll2013-01-09 12:09:39 1882624 ----a-w- C:\Windows\System32\msxml3.dll2013-01-09 12:09:39 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll2013-01-09 12:09:38 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll2013-01-09 12:09:14 750592 ----a-w- C:\Windows\System32\win32spl.dll2013-01-09 12:09:14 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll2013-01-09 12:09:12 307200 ----a-w- C:\Windows\System32\ncrypt.dll2013-01-09 12:09:12 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll2013-01-09 12:09:09 800768 ----a-w- C:\Windows\System32\usp10.dll2013-01-09 12:09:09 626688 ----a-w- C:\Windows\SysWow64\usp10.dll2013-01-09 12:07:40 424448 ----a-w- C:\Windows\System32\KernelBase.dll2013-01-09 12:05:46 3149824 ----a-w- C:\Windows\System32\win32k.sys2013-01-09 02:15:42 -------- d-----w- C:\Users\Christian\AppData\Roaming\Elluminate.==================== Find3M ====================.2013-01-30 10:53:22 273840 ------w- C:\Windows\System32\MpSigStub.exe2013-01-08 23:05:34 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-01-08 23:05:34 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2012-12-26 15:55:26 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys2012-12-26 15:52:44 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys2012-12-26 15:52:34 182312 ----a-w- C:\Windows\System32\mfevtps.exe2012-12-26 15:51:34 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys2012-12-26 15:51:24 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys2012-12-26 15:50:48 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys2012-12-26 15:49:42 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys2012-12-26 15:49:00 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys2012-12-26 15:48:30 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll2012-11-23 03:13:57 68608 ----a-w- C:\Windows\System32\taskhost.exe2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll2012-11-08 17:29:12 1402312 ----a-w- C:\Windows\SysWow64\msxml4.dll.============= FINISH: 18:05:50.52 ===============ATTACH.TXT 2/4/2013.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home PremiumBoot Device: \Device\HarddiskVolume1Install Date: 1/13/2011 11:20:47 PMSystem Uptime: 2/4/2013 3:07:15 PM (3 hours ago).Motherboard: LENOVO | | 0578A25Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | CPU 1 | 2266/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 297 GiB total, 159.524 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318}Description: Officejet 4500 G510n-zDevice ID: ROOT\MULTIFUNCTION\0000Manufacturer: HPName: Officejet 4500 G510n-zPNP Device ID: ROOT\MULTIFUNCTION\0000Service:.==== System Restore Points ===================.RP246: 1/23/2013 9:01:12 AM - Windows UpdateRP247: 1/27/2013 7:02:11 AM - Windows UpdateRP248: 1/31/2013 10:03:13 AM - Windows UpdateRP249: 2/3/2013 6:11:43 PM - Windows Update.==== Installed Programs ======================.Registry Patch to arrange icons in Device and Printers folder of Windows 74500_G510nz_Help4500G510nz4500G510nz_Software_Min64 Bit HP CIO Components InstallerABC Inventory SoftwareAccess HelpAdobe AIRAdobe Download AssistantAdobe Flash Player 11 ActiveXAdobe Flash Player 11 PluginAdobe Reader X (10.1.4)Amazon KindleApple Application SupportApple Mobile Device SupportApple Software UpdateAT&T Service ActivationAVG PC Tuneup 2011Belarc Advisor 8.3Bing BarBing Rewards Client InstallerBonjourBufferChmBurn.Now 4.5Business Contact Manager for Outlook 2007 SP2Canvas for Microsoft® OneNote® 2007Celtx (2.9.1)Cisco ConnectClient Security - Password ManagerCorel Burn.Now Lenovo EditionCorel DVD MovieFactory 7Corel DVD MovieFactory Lenovo EditionCoupon Printer for WindowsCox Secure Online Backup for WindowsCreate Recovery MediaD3DX10Definition Update for Microsoft Office 2010 (KB982726) 32-Bit EditionDestinationsDeviceDiscoveryDirect DiscRecorderDivX SetupDocMgrDocProcEASEUS Partition Master 6.5.2 Home EditioneRegEvernote v. 4.5.8FaxFeedDemonGIMP 2.8.2Google ChromeGoogle Earth Plug-inGoogle Toolbar for Internet ExplorerGoogle Update HelperGoToMeeting 5.2.0.952GPBaseService2Hewlett-Packard ACLM.NET v1.1.0.0HomyFads Wardrobe Manager 2.3HP Customer Participation Program 13.0HP Document Manager 2.0HP FWUpdateEDO2HP Imaging Device Functions 13.0HP Officejet 4500 G510n-zHP Photo CreationsHP Photosmart 5510 series Basic Device SoftwareHP Photosmart 5510 series HelpHP Product DetectionHP Smart Web Printing 4.51HP Solution Center 13.0HP UpdateHPProductAssistantIBM Lotus Forms Viewer 3.5.1IHMC CmapTools v5.05.01Inkscape 0.48.2Integrated CameraIntel AppUp(SM) centerIntel PROSet WirelessIntel® Graphics Media Accelerator DriverIntel® Management Engine ComponentsIntel® PROSet/Wireless WiFi SoftwareIntel® Rapid Storage TechnologyInternet TV for Windows Media CenterInterVideo WinDVD 8IrfanView (remove only)iTunesJava 7 Update 9Java Auto UpdaterJava™ 6 Update 17 (64-bit)Java™ 6 Update 24JavaFX 2.1.1Junk Mail filter updateLenovo Auto Scroll UtilityLenovo Patch UtilityLenovo Patch Utility 64 bitLenovo Power Management DriverLenovo System Interface DriverLenovo System UpdateLenovo ThinkVantage ToolboxLenovo Warranty InformationLenovo WelcomeLogitech Scroll App 3.0Logitech SetPoint 6.32Malwarebytes Anti-Malware version 1.70.0.1100MarketResearchMcAfee Security Scan PlusMcAfee SecurityCenterMcAfee Virtual TechnicianMessage Center PlusMicrosoft .NET Framework 4 Client ProfileMicrosoft Application Error ReportingMicrosoft Office 2003 Web ComponentsMicrosoft Office 2007 Primary Interop AssembliesMicrosoft Office 2010 Service Pack 1 (SP1)Microsoft Office Access MUI (English) 2010Microsoft Office Access Runtime (English) 2007Microsoft Office Access Setup Metadata MUI (English) 2010Microsoft Office Excel MUI (English) 2010Microsoft Office Groove MUI (English) 2010Microsoft Office InfoPath MUI (English) 2010Microsoft Office Office 64-bit Components 2010Microsoft Office OneNote MUI (English) 2010Microsoft Office Outlook MUI (English) 2010Microsoft Office PowerPoint MUI (English) 2010Microsoft Office PowerPoint Viewer 2007 (English)Microsoft Office Professional Plus 2010Microsoft Office Proof (English) 2010Microsoft Office Proof (French) 2010Microsoft Office Proof (Spanish) 2010Microsoft Office Proofing (English) 2010Microsoft Office Publisher MUI (English) 2010Microsoft Office Shared 64-bit MUI (English) 2010Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010Microsoft Office Shared MUI (English) 2010Microsoft Office Shared Setup Metadata MUI (English) 2010Microsoft Office Small Business Connectivity ComponentsMicrosoft Office Suite Activation AssistantMicrosoft Office Word MUI (English) 2010Microsoft Outlook Web Access S/MIMEMicrosoft Outlook Web Access S/MIME (2007)Microsoft Research AutoCollage Touch 2009Microsoft Security ClientMicrosoft Security EssentialsMicrosoft SilverlightMicrosoft SkyDriveMicrosoft SQL Server 2005Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)Microsoft SQL Server Native ClientMicrosoft SQL Server Setup Support Files (English)Microsoft SQL Server VSS WriterMicrosoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Microsoft WSE 3.0 RuntimeMicrosoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64Microsoft_VC90_MFCLOC_x86Microsoft_VC90_MFCLOC_x86_x64MindMaple Lite 1.23Mobile Broadband ConnectMotoHelper MergeModulesMozilla Maintenance ServiceMozilla Thunderbird 17.0.2 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)MSXML 4.0 SP3 Parser (KB973685)Network64Nikon File Uploader 2Nitro Reader 2OCR Software by I.R.I.S. 13.0On Screen DisplayOpenOffice.org 3.2Opera 12.00PC Pitstop Exterminate2 2.0PCTV Package - Windows Media CenterPicture Control UtilityPlayReady PC Runtime amd64pptPlex from Microsoft Office LabsPrimoPDF -- brought to you by Nitro PDF SoftwareQuickTimeRealtek Ethernet Controller Driver For Windows Vista and LaterRealtek High Definition Audio DriverRealtek USB 2.0 Card ReaderRegistry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7Rescue and RecoverySamsung MasterSamsung USB DriverScanScreenpressoSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2446708)Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit EditionSecurity Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553091)Security Update for Microsoft Office 2010 (KB2553096)Security Update for Microsoft Office 2010 (KB2553371) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2553447) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2589320) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2597986) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2598243) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687501) 32-Bit EditionSecurity Update for Microsoft Office 2010 (KB2687510) 32-Bit EditionSecurity Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit EditionSecurity Update for Microsoft Visio 2010 (KB2687508) 32-Bit EditionSecurity Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit EditionSecurity Update for Microsoft Word 2010 (KB2760410) 32-Bit EditionShared C Run-time for x64SimpleDiagramsSkype Click to CallSkype™ 6.0SmartWebPrintingSoftonic toolbar on IE and ChromeSolutionCenterSpyware TerminatorStatusThinkPad Power ManagerThinkPad UltraNav DriverThinkVantage Access ConnectionsThinkVantage Active Protection SystemThinkVantage Communications UtilityTodoist version 2.1ToolboxTrayAppUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217)Update for Microsoft Office 2010 (KB2494150)Update for Microsoft Office 2010 (KB2553065)Update for Microsoft Office 2010 (KB2553092)Update for Microsoft Office 2010 (KB2553181) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553267) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2553310) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2566458)Update for Microsoft Office 2010 (KB2596964) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2598242) 32-Bit EditionUpdate for Microsoft Office 2010 (KB2687509) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2553290) 32-Bit EditionUpdate for Microsoft OneNote 2010 (KB2687277) 32-Bit EditionUpdate for Microsoft Outlook 2010 (KB2687623) 32-Bit EditionUpdate for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit EditionUpdate for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit EditionVC80CRTRedist - 8.0.50727.6195Verizon Wireless Mobile Broadband Self ActivationViewNX 2Visual C++ 8.0 Runtime Setup Package (x64)Visual Studio 2008 x64 RedistributablesWebRegWinAce ArchiverWindows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)Windows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MessengerWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live SyncWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer Resources.==== Event Viewer Messages From Past Week ========.2/4/2013 5:48:29 PM, Error: Service Control Manager [7023] - The HP Network Devices Support service terminated with the following error: The specified module could not be found.2/4/2013 5:34:28 PM, Error: Service Control Manager [7003] - The McAfee Personal Firewall Service service depends the following service: MpsSvc. This service might not be installed.2/4/2013 5:21:09 PM, Error: Service Control Manager [7003] - The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.2/4/2013 5:21:09 PM, Error: Service Control Manager [7001] - The Microsoft Network Inspection service depends on the Microsoft Network Inspection System service which failed to start because of the following error: The dependency service does not exist or has been marked for deletion.2/4/2013 5:21:09 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/4/2013 5:21:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/4/2013 3:09:22 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.2/4/2013 3:08:34 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/4/2013 3:08:20 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.2/4/2013 3:08:14 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.2/4/2013 3:07:49 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-21470248912/4/2013 3:07:44 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.2/4/2013 2:16:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D3DCB472-7261-43CE-924B-0704BD730D5F} and APPID {D3DCB472-7261-43CE-924B-0704BD730D5F} to the user laptop\Karen Diamond SID (S-1-5-21-3141890560-1126282600-1657700442-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.2/4/2013 2:16:05 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {145B4335-FE2A-4927-A040-7C35AD3180EF} and APPID {145B4335-FE2A-4927-A040-7C35AD3180EF} to the user laptop\Karen Diamond SID (S-1-5-21-3141890560-1126282600-1657700442-1003) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.2/4/2013 12:02:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/3/2013 6:20:11 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/3/2013 3:42:16 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/2/2013 5:57:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/2/2013 5:21:42 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/2/2013 4:18:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/1/2013 9:57:46 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.2/1/2013 9:53:21 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:53:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {D3DCB472-7261-43CE-924B-0704BD730D5F}2/1/2013 9:53:21 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service fdPHost with arguments "" in order to run the server: {145B4335-FE2A-4927-A040-7C35AD3180EF}2/1/2013 9:52:30 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}2/1/2013 9:52:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}2/1/2013 9:50:00 AM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}2/1/2013 9:48:34 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}2/1/2013 9:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}2/1/2013 9:48:32 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}2/1/2013 9:48:31 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}2/1/2013 9:48:20 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}2/1/2013 9:48:00 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache lenovo.smi mfehidk MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx TPPWRIF vwififlt Wanarpv6 WfpLwf2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.2/1/2013 9:48:00 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.2/1/2013 9:05:45 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR4.2/1/2013 8:38:36 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.2/1/2013 10:13:24 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 9:58:49 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 9:58:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 8:53:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 7:08:04 PM, Error: Service Control Manager [7031] - The McAfee McShield service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.1/31/2013 4:31:12 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 2:09:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 2:09:39 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 10:09:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 10:09:41 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/31/2013 10:05:18 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/30/2013 9:46:23 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/30/2013 9:44:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UNS service.1/30/2013 9:17:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/30/2013 9:17:38 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/30/2013 6:40:53 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer.1/29/2013 8:33:39 AM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.1/29/2013 4:52:33 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Network Inspection System Error Code: 0x8007042c Error description: The dependency service or group failed to start. Reason: The system is missing updates that are required for running Network Inspection System. Install the required updates and restart the computer..==== End Of File =========================== Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 5, 2013 ID:643672 Share Posted February 5, 2013 I am TheDarkKnight and will be assisting you. Please ask questions if anything is unclear. Well you certainly seem to have the motherlode of infections here.Do you have your Windows disc handy? Some of those infections are backdoors and could have compromised your computer.=====Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:http://www.bleepingcomputer.com/combofix/how-to-use-combofix* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).Please go here to see a list of programs that need to be disabled.**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.****Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**Please include the C:\ComboFix.txt in your next reply for further review.=====Also, please download Malwarebytes Anti-Rootkit here.Unzip the contents to a folder on the Desktop.Open the folder where the contents were unzipped and run mbar.exe ( right-click and select Run as administrator for Vista and Windows 7).Follow the instructions in the wizard to update and allow the program to scan your computer for threats.Click on the Cleanup button to remove any threats and reboot if prompted to do so.Wait while the system shuts down and the cleanup process is performed.Please post the two logs produced.Please note: This tool is still in BETA mode, so please ensure you have backed up any important files.=====In your reply please provide the contents of the following:ComboFix.txt.Both MBAR logs. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 5, 2013 Author ID:643969 Share Posted February 5, 2013 Hello, DarkKnight, thank you for your reply and assistance.TheDarkKnight, on 04 February 2013 - 11:06 PM, said: Do you have your Windows disc handy? Some of those infections are backdoors and could have compromised your computer.To answer your question, I do have three recovery discs and a boot disc on DVD. Of course I have no actual Windows installation discs (haven't seen any of those for years), due to the pre-installed OS on this laptop.Meanwhile, I ran ComboFix first, and then MBAR. Surprisingly, the MBAR result was no malware found, and indicated no cleanup was needed.Issues with ComboFix: A pre-scan warning dialog indicated two copies each of McAfree AV and Microsoft Security Essentials were enabled and running, when I had actually disabled both. I double-checked both apps, which were indeed disabled, and even used Task Manager, viewing all users, to figure out exactly what was running. (Found only McAfree processes, no MSE processes). After several attempts to end processes or stop services on a number of McAfree-related items, (Operation could not be completed, Access denied), I gave up, unable to kill them all. ComboFix Warning dialog: Real time scanners still active - CF shall continue to run....be advised at your own risk. I proceeded with the scan. Note, the MBAM log from yesterday also indicated AV software was running, when I had in fact disabled RT scanning in both. So that issue remains a mystery.ComboFix ran nearly 20 minutes, then restarted my machine. No other issues.Spoke too soon..... while attaching the log files, I received two BSODs: 'Workerthread returned at Bad IRQL'. Saved the Problems signatures if you need them. Meanwhile, am trying for a third time to attach the CF and MBAR logs.Awaiting your next directive, DarkKnight. Thank you!~KarenWoe_is_Me_n_myPCComboFix and MBAR logs attachedComboFix.txtmbar-log-2013-02-05 (13-00-58).txtsystem-log.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 6, 2013 ID:644083 Share Posted February 6, 2013 Good afternoon Woe_is_Me_n_myPC,To answer your question, I do have three recovery discs and a boot disc on DVD. Of course I have no actual Windows installation discs (haven't seen any of those for years), due to the pre-installed OS on this laptop.OK well time to take the infections out, one by one.I see you have the Softtonic Toolbar installed. It has been known to exhibit suspicious behaviour (please see here for more information). I recommend removing it.I notice that you are running multiple antivirus programs:McAfeeMicrosoft Security EssentialsRunning multiple antivirus programs is dangerous because the programs can conflict with each other and actually reduce your security. I recommend removing McAfee and keeping Microsoft Security Essentials as your antivirus program.Please go to Start>Control Panel>Programs and uninstall the following programs:McAfee AntivirusSofttonic ToolbarPlease restart your computer after these program removals.=====Also, please download OTL.exe by OldTimer to your Desktop.Close all windows and double click OTL.exe.In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:netsvcsdrivers32%SYSTEMDRIVE%\*.*%systemroot%\*. /mp /sCREATERESTOREPOINTHKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AUHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rsClick Run Scan and let the program run uninterrupted.When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.You may need to use two posts to get it all. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 6, 2013 Author ID:644110 Share Posted February 6, 2013 Hello DarkKnight,Uninstalled Softtonic, which I intended to do anyway...don't need or want. Q - On that topic, may I go ahead and uninstall the Bing Toolbar as well? (Was not aware it was on my system.)Uninstalled McAfee Security Center, but left McAfee Site Advisor on, as it turned out to be a separate module with a seperate uninstall option. Please advise if this is okay.Also uninstalled an older, abandoned (non-running) version of McAfree Security Scan Plus.Thanks for the tip on retaining Microsoft Security Essentials...I intended to ask you which one I ought to keep anyway. Since the infection occurred, I have run both programs (despite knowing I should not!), but they were each detecting different infections and I was trying to capture everything possible.OTL logs follow, perhaps in two posts, as you suggested.I'll stand by for a short while in case you reply, otherwise I'll resume work in 7-8 hours or so. Thanks,~KarenWoe_is_Me_n_myPCOTL logfile created on: 2/6/2013 12:44:18 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.80 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.26% Memory free7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.14% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 296.92 Gb Total Space | 158.36 Gb Free Space | 53.33% Space Free | Partition Type: NTFSComputer Name: LAPTOP | User Name: Karen Diamond | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - [2013/02/06 00:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exePRC - [2012/11/16 10:39:10 | 000,255,992 | ---- | M] (Microsoft Corporation) -- C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exePRC - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exePRC - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXEPRC - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXEPRC - [2011/11/04 14:37:16 | 000,330,304 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPONSCR.exePRC - [2011/07/12 18:03:32 | 000,069,568 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPOSDSVC.exePRC - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\micmute.exePRC - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exePRC - [2010/07/27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exePRC - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) -- C:\Program Files\Lenovo\Communications Utility\CamMute.exePRC - [2010/03/01 12:31:32 | 000,402,792 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exePRC - [2010/03/01 12:29:12 | 000,259,432 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exePRC - [2010/03/01 12:29:10 | 000,124,264 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exePRC - [2010/03/01 12:17:52 | 000,344,064 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exePRC - [2009/11/03 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exePRC - [2009/11/03 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exePRC - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exePRC - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exePRC - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exePRC - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe========== Modules (No Company Name) ==========MOD - [2009/05/27 23:09:36 | 000,049,976 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Message Center Plus\MCPLaunch.exe========== Services (SafeList) ==========SRV:64bit: - [2012/09/13 00:44:42 | 000,229,392 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)SRV:64bit: - [2012/09/12 20:21:48 | 000,368,896 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)SRV:64bit: - [2012/09/12 20:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)SRV:64bit: - [2012/04/11 15:27:06 | 000,047,440 | ---- | M] (Lenovo.) [Auto | Running] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)SRV:64bit: - [2011/09/27 13:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)SRV:64bit: - [2011/07/12 16:53:58 | 000,133,992 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe -- (Lenovo.VIRTSCRLSVC)SRV:64bit: - [2011/07/12 16:53:40 | 000,145,256 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\tphkload.exe -- (TPHKLOAD)SRV:64bit: - [2011/07/12 16:53:24 | 000,101,736 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\micmute.exe -- (LENOVO.MICMUTE)SRV:64bit: - [2011/07/12 16:53:18 | 000,142,696 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe -- (TPHKSVC)SRV:64bit: - [2010/07/27 12:51:56 | 000,074,088 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe -- (LENOVO.TPKNRSVC)SRV:64bit: - [2010/07/27 12:51:42 | 000,050,536 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files\Lenovo\Communications Utility\CamMute.exe -- (LENOVO.CAMMUTE)SRV:64bit: - [2009/10/09 13:12:52 | 000,047,656 | ---- | M] (Lenovo.) [On_Demand | Stopped] -- C:\Windows\SysNative\TPHDEXLG64.exe -- (TPHDEXLGSVC)SRV:64bit: - [2009/09/21 17:24:40 | 001,420,560 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)SRV:64bit: - [2009/09/21 17:00:44 | 000,831,760 | ---- | M] (Intel® Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)SRV:64bit: - [2009/07/13 19:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)SRV - [2013/01/12 12:35:33 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)SRV - [2013/01/08 17:05:35 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)SRV - [2012/11/23 15:20:54 | 000,021,416 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe -- (SUService)SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)SRV - [2012/07/27 14:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)SRV - [2012/06/15 12:26:32 | 000,103,472 | ---- | M] (McAfee, Inc.) [Auto | Running] -- c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe -- (McAfee SiteAdvisor Service)SRV - [2012/06/11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)SRV - [2012/06/11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)SRV - [2011/07/17 00:06:32 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe -- (OnlineBackupSchedulerService)SRV - [2011/07/16 23:59:02 | 000,024,576 | ---- | M] (DigiData Corp.) [Auto | Running] -- C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe -- (FilesystemWatcher)SRV - [2011/05/20 17:01:33 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)SRV - [2010/03/01 12:29:12 | 000,259,432 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe -- (AcSvc)SRV - [2010/03/01 12:29:10 | 000,124,264 | ---- | M] (Lenovo) [Auto | Running] -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe -- (AcPrfMgrSvc)SRV - [2010/01/05 12:12:00 | 000,075,112 | ---- | M] (Lenovo) [On_Demand | Stopped] -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe -- (Power Manager DBC Service)SRV - [2009/11/03 22:45:46 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe -- (UNS)SRV - [2009/11/03 22:45:44 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe -- (LMS)SRV - [2009/08/28 15:09:58 | 001,019,904 | ---- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe -- (ThinkVantage Registry Monitor Service)SRV - [2009/06/10 15:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)SRV - [2008/10/21 12:50:02 | 000,077,312 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe -- (PCPitstop Scheduling)SRV - [2008/01/11 18:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)SRV - [2007/01/04 20:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)========== Driver Services (SafeList) ==========DRV:64bit: - [2012/08/30 21:03:48 | 000,128,456 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)DRV:64bit: - [2012/04/11 15:27:04 | 000,042,280 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ibmpmdrv.sys -- (IBMPMDRV)DRV:64bit: - [2012/03/01 00:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)DRV:64bit: - [2011/12/26 19:10:44 | 000,040,248 | ---- | M] (Lenovo Information Product(ShenZhen China) Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\psadd.sys -- (psadd)DRV:64bit: - [2011/09/02 00:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)DRV:64bit: - [2011/09/02 00:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)DRV:64bit: - [2011/06/10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)DRV:64bit: - [2011/03/11 00:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)DRV:64bit: - [2011/03/11 00:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)DRV:64bit: - [2010/12/09 16:52:42 | 000,025,072 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- c:\Program Files\PC-Doctor\pcdsrvc_x64.pkms -- (PCDSRVC{127174DC-C366ED8B-06020101}_0)DRV:64bit: - [2010/11/29 04:23:18 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)DRV:64bit: - [2010/11/20 07:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)DRV:64bit: - [2010/11/20 05:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)DRV:64bit: - [2010/11/20 03:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)DRV:64bit: - [2010/11/19 17:02:42 | 000,029,288 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)DRV:64bit: - [2010/09/07 14:09:34 | 000,015,472 | ---- | M] (Lenovo Group Limited) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\smiifx64.sys -- (lenovo.smi)DRV:64bit: - [2010/07/15 08:44:20 | 000,016,776 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv)DRV:64bit: - [2010/07/15 08:44:20 | 000,009,096 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv)DRV:64bit: - [2010/07/07 10:26:46 | 000,050,696 | ---- | M] (Windows ® Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)DRV:64bit: - [2010/04/22 23:17:40 | 000,318,000 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)DRV:64bit: - [2010/03/10 13:36:54 | 000,946,176 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (PCTV340_801)DRV:64bit: - [2010/03/10 13:36:54 | 000,946,176 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dvb7700all.sys -- (mod7700)DRV:64bit: - [2010/02/08 06:57:22 | 000,239,136 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)DRV:64bit: - [2010/01/15 13:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)DRV:64bit: - [2010/01/07 12:51:38 | 000,271,872 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)DRV:64bit: - [2010/01/06 06:33:14 | 000,158,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)DRV:64bit: - [2010/01/05 12:12:00 | 000,013,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\TPPWR64V.SYS -- (TPPWRIF)DRV:64bit: - [2009/10/26 15:06:18 | 000,206,080 | ---- | M] (SMI) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SMIksdrv.sys -- (usbsmi)DRV:64bit: - [2009/10/09 13:11:38 | 000,136,744 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsX64.sys -- (Shockprf)DRV:64bit: - [2009/10/09 13:10:00 | 000,023,592 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ApsHM64.sys -- (TPDIGIMN)DRV:64bit: - [2009/09/16 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)DRV:64bit: - [2009/09/15 13:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)DRV:64bit: - [2009/08/24 09:14:30 | 000,054,784 | ---- | M] (AzureWave Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\azvusb.sys -- (azvusb)DRV:64bit: - [2009/07/13 19:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)DRV:64bit: - [2009/07/13 19:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)DRV:64bit: - [2009/07/13 19:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)DRV:64bit: - [2009/07/13 18:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)DRV:64bit: - [2009/07/13 18:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)DRV:64bit: - [2009/07/13 18:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)DRV:64bit: - [2009/07/13 17:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)DRV:64bit: - [2009/06/10 15:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)DRV:64bit: - [2009/06/10 15:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)DRV:64bit: - [2009/06/10 15:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)DRV:64bit: - [2009/06/10 14:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)DRV:64bit: - [2009/06/10 14:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)DRV:64bit: - [2009/06/10 14:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)DRV:64bit: - [2009/06/10 14:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)DRV:64bit: - [2009/06/10 14:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)DRV:64bit: - [2009/05/18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)DRV - [2010/07/15 08:44:20 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv)DRV - [2010/07/15 08:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv)DRV - [2009/07/13 19:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{BC3FA9F5-3E72-4774-BD60-286EF9A8F7B8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}IE - HKLM\..\SearchScopes\{01FD8782-EAB1-4421-A9BC-6AFE864B9BC8}: "URL" = http://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com/welcome/thinkpad [binary data]IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/IE - HKCU\..\SearchScopes,DefaultScope = {A2053CA9-89A8-4ACB-95C8-F69E86A27C55}IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCIE - HKCU\..\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}: "URL" = http://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60446IE - HKCU\..\SearchScopes\{1EFF7ECB-05A9-4E61-A43C-5E70F1E5643B}: "URL" = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8IE - HKCU\..\SearchScopes\{389A7F9C-4701-4590-8C7F-EE9C475B0F28}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}IE - HKCU\..\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}: "URL" = http://search.softonic.com/MON00086/tb_v1?q={searchTerms}&SearchSource=4&cc=IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={36F06055-0672-4752-A82D-21D851DBFC15}&mid=74ae845516a047d68bcb1943ef772fe1-943ad73ac82dc575a21ec82be29eb80d936eaee7〈=en&ds=AVG&pr=fr&d=2012-01-20 13:21:31&v=10.0.0.7&sap=dsp&q={searchTerms}IE - HKCU\..\SearchScopes\{A2053CA9-89A8-4ACB-95C8-F69E86A27C55}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_enIE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local========== FireFox ==========FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not foundFF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF - HKCU\Software\MozillaPlugins\intel.com/AppUp: C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll (Intel)FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2011/11/21 08:14:51 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/02/14 13:20:25 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012/12/13 14:51:11 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/02 12:31:32 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:34:53 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\pluginsFF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSKFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/07/02 12:31:32 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/01/12 12:34:53 | 000,000,000 | ---D | M]FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins[2012/01/09 09:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions[2012/01/09 09:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christian\AppData\Roaming\mozilla\Extensions\celtx@celtx.com[2012/03/16 14:29:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions========== Chrome ==========CHR - homepage: http://www.google.com/CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},CHR - homepage: http://www.google.com/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Disabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dllCHR - plugin: HP Product Detection Plugin for Mozilla (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npProductDetectPlugin.dllCHR - plugin: HP Active Check Plugin (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npAclmPlugin.dllCHR - plugin: HP Pit Plugin (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\plugins/npPitPlugin.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dllCHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dllCHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dllCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLLCHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLLCHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dllCHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dllCHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dllCHR - plugin: AppUp (Disabled) = C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dllCHR - plugin: Java Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dllCHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dllCHR - plugin: McAfee Virtual Technician (Enabled) = C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dllCHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: RocketLife Secure Plug-In Layer (Enabled) = C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dllCHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dllCHR - plugin: McAfee SecurityCenter (Enabled) = c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLLCHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dllCHR - Extension: HP Product Detection Plugin = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aelbknmfcacjffmgnoaaonhgoghlmlkp\1.0.19.2_0\CHR - Extension: Slinky Elegant = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmanlajnpdncmhfkiccmbgeocgbncfln\19.6_0\CHR - Extension: Adblock Plus = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\CHR - Extension: DoNotTrackMe = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\epanfjkfahimkgomnigadpkobaefekcd\2.2.8.109_0\CHR - Extension: SiteAdvisor = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\CHR - Extension: Logitech Scroll App = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi\3.0.29_1\CHR - Extension: Mind42 = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\icodbndgedclejcmgnjfigcclgafddhh\2.0_0\CHR - Extension: Skype Click to Call = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\CHR - Extension: Ghostery = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.1.0_0\CHR - Extension: Do It (Tomorrow) = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.1.0_0\CHR - Extension: DivX Plus Web Player HTML5 video = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\CHR - Extension: Vyew = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogcldakngnllchlnncngiailfhidjjdp\4.11.0_0\O1 HOSTS File: ([2013/02/05 11:16:04 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O2:64bit: - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll (Logitech, Inc.)O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.O2 - BHO: (PE_IE_Helper Class) - {0941C58F-E461-4E03-BD7D-44C27392ADE1} - C:\Program Files (x86)\IBM\Lotus Forms\Viewer\3.5\PEhelper.dll (IBM Corporation)O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)O2 - BHO: (Java Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)O2 - BHO: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL File not foundO2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O2 - BHO: (IePasswordManagerHelper Class) - {BF468356-BB7E-42D7-9F15-4F3B9BCFCED2} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)O2 - BHO: (Logitech Scroll App) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Program Files\Logitech\ScrollApp\32-bit\LogiSmooth.dll (Logitech, Inc.)O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~2\AVG\AVG8\AVGTOO~1.DLL File not foundO3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [AcWin7Hlpr] ABLER.EXE File not foundO4:64bit: - HKLM..\Run: [cssauth] T File not foundO4:64bit: - HKLM..\Run: [EvtMgr6] G File not foundO4:64bit: - HKLM..\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE File not foundO4:64bit: - HKLM..\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE File not foundO4:64bit: - HKLM..\Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe (Logitech, Inc.)O4:64bit: - HKLM..\Run: [MSC] KEY File not foundO4:64bit: - HKLM..\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE File not foundO4:64bit: - HKLM..\Run: [synTPEnh] H.EXE File not foundO4 - HKLM..\Run: [] File not foundO4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()O4 - HKLM..\Run: [Online Backup Auto Update] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe ()O4 - HKLM..\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe (DigiData Corp.)O4 - HKCU..\Run: [HP Photosmart 5510 series (NET)] C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)O4 - HKCU..\Run: [skyDrive] C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Secure Online Backup.lnk = C:\Windows\SysWOW64\schtasks.exe (Microsoft Corporation)O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel presentO7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0O8:64bit: - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)O9 - Extra 'Tools' menuitem : Lenovo Password Manager... - {F4F55DC8-0B69-4DFE-BA94-CB677B88B2A3} - C:\Program Files (x86)\Lenovo\Client Security Solution\tvtpwm_ie_com.dll (Lenovo Group Limited)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O13 - gopher Prefix: missingO16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16:64bit: - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab (Microsoft Office Template and Media Control)O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/betapit/PCPitStop.CAB (PCPitstop Utility)O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927AAC25-52C7-4C26-9BB2-44D644A5EFB8}: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D2E38DC4-14B8-4C06-919A-DFB509A236E6}: DhcpNameServer = 192.168.1.1O18:64bit: - Protocol\Handler\belarc - No CLSID value foundO18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\livecall - No CLSID value foundO18:64bit: - Protocol\Handler\ms-help - No CLSID value foundO18:64bit: - Protocol\Handler\msnim - No CLSID value foundO18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value foundO18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)O18:64bit: - Protocol\Handler\skype4com - No CLSID value foundO18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value foundO18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value foundO18:64bit: - Protocol\Handler\wlpg - No CLSID value foundO18:64bit: - Protocol\Handler\x-excid - No CLSID value foundO18:64bit: - Protocol\Handler\x-owacid - No CLSID value foundO18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)O18 - Protocol\Handler\x-excid {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\Windows\Downloaded Program Files\mimectl.dll File not foundO18 - Protocol\Handler\x-owacid {0215258f-f0a8-49de-bf1b-0ff02eda8807} - C:\Program Files (x86)\Microsoft\Outlook Web Access SMIME Client\mimectl.dll (Microsoft Corporation)O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.O32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = ComFile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.dvacm - C:\Program Files (x86)\Common Files\Ulead Systems\vio\DVACM.acm (Ulead Systems, Inc.)Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)Drivers32: msacm.mpegacm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\MPEGACM.acm (Ulead Systems, Inc.)Drivers32: msacm.ulmp3acm - C:\Program Files (x86)\Common Files\Ulead Systems\MPEG\ulmp3acm.acm (Ulead systems)Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.) CREATERESTOREPOINTRestore point Set: OTL Restore Point========== Files/Folders - Created Within 30 Days ==========[2013/02/06 00:35:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe[2013/02/05 11:51:27 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\mbar-1.01.0.1017[2013/02/05 11:28:08 | 000,000,000 | ---D | C] -- C:\Windows\temp[2013/02/05 11:19:21 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN[2013/02/05 10:57:36 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe[2013/02/05 10:57:36 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe[2013/02/05 10:57:36 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe[2013/02/05 10:31:31 | 000,000,000 | ---D | C] -- C:\Qoobox[2013/02/05 10:31:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt[2013/02/05 10:20:20 | 005,029,686 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe[2013/02/05 09:06:39 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\GETWELLSOON[2013/02/04 18:04:45 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\first[2013/02/04 17:29:52 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\Christian\Desktop\dds.com[2013/02/04 15:15:37 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\temp1515[2013/02/02 18:46:30 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\Desktop Organization[2013/02/02 18:10:28 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\__Shortcuts to Sort[2013/02/01 10:51:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Belarc[2013/02/01 10:29:07 | 010,749,984 | ---- | C] (McAfee Inc.) -- C:\Users\Christian\Desktop\Stinger.exe[2013/01/31 20:10:53 | 000,000,000 | ---D | C] -- C:\Users\Christian\Desktop\RK_Quarantine[2013/01/30 21:07:59 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Malwarebytes[2013/01/30 21:07:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013/01/30 21:07:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013/01/30 21:07:31 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013/01/30 21:07:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013/01/30 19:42:05 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\___________suspect[2013/01/30 18:14:09 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe[2013/01/16 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\Documents\My Cmaps[2013/01/16 20:06:18 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\CmapTools[2013/01/16 20:06:16 | 000,000,000 | ---D | C] -- C:\Users\Christian\CmapToolsLogs[2013/01/16 20:04:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IHMC CmapTools[2013/01/16 20:04:11 | 000,000,000 | ---D | C] -- C:\Program Files\IHMC CmapTools[2013/01/16 20:04:10 | 000,000,000 | -H-D | C] -- C:\Program Files\Zero G Registry[2013/01/16 19:58:39 | 000,000,000 | -H-D | C] -- C:\Users\Christian\InstallAnywhere[2013/01/16 12:02:01 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Blackboard[2013/01/12 12:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird[2013/01/09 06:09:14 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll[2013/01/09 06:09:14 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll[2013/01/09 06:09:12 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll[2013/01/09 06:09:09 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll[2013/01/09 06:08:47 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs[2013/01/09 06:08:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs[2013/01/09 06:08:46 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs[2013/01/09 06:08:46 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs[2013/01/09 06:08:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs[2013/01/09 06:08:46 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs[2013/01/09 06:08:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs[2013/01/09 06:08:45 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs[2013/01/09 06:08:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs[2013/01/09 06:08:45 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs[2013/01/09 06:08:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs[2013/01/09 06:08:44 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs[2013/01/09 06:08:44 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs[2013/01/09 06:08:43 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs[2013/01/09 06:08:43 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs[2013/01/09 06:08:42 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs[2013/01/09 06:08:42 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs[2013/01/09 06:08:40 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs[2013/01/09 06:08:40 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs[2013/01/09 06:08:39 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll[2013/01/09 06:08:39 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll[2013/01/09 06:08:39 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll[2013/01/09 06:08:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs[2013/01/09 06:08:32 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs[2013/01/09 06:08:32 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs[2013/01/09 06:08:31 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs[2013/01/09 06:08:31 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs[2013/01/09 06:08:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs[2013/01/09 06:08:31 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs[2013/01/09 06:08:31 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs[2013/01/09 06:08:08 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2013/01/09 06:07:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll[2013/01/09 06:07:37 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll[2013/01/09 06:07:35 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll[2013/01/09 06:07:35 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll[2013/01/09 06:07:34 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe[2013/01/09 06:07:34 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll[2013/01/09 06:07:34 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll[2013/01/09 06:07:33 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll[2013/01/09 06:07:33 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll[2013/01/09 06:07:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll[2013/01/09 06:07:31 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll[2013/01/09 06:07:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll[2013/01/09 06:07:26 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll[2013/01/09 06:07:25 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll[2013/01/09 06:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll[2013/01/09 06:07:24 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll[2013/01/09 06:07:23 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll[2013/01/09 06:07:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll[2013/01/09 06:07:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll[2013/01/09 06:07:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll[2013/01/09 06:07:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll[2013/01/09 06:07:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll[2013/01/09 06:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll[2013/01/09 06:07:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll[2013/01/09 06:07:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll[2013/01/09 06:07:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll[2013/01/09 06:07:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll[2013/01/09 06:07:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll[2013/01/09 06:07:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll[2013/01/09 06:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll[2013/01/09 06:07:19 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll[2013/01/09 06:07:19 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll[2013/01/09 06:07:18 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll[2013/01/09 06:07:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll[2013/01/09 06:07:18 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll[2013/01/09 06:07:18 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll[2013/01/09 06:07:17 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll[2013/01/09 06:07:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll[2013/01/09 06:07:17 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll[2013/01/09 06:07:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll[2013/01/09 06:07:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll[2013/01/09 06:07:14 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll[2013/01/09 06:07:14 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll[2013/01/09 06:07:13 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll[2013/01/09 06:07:13 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll[2013/01/09 06:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll[2013/01/09 06:07:13 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll[2013/01/09 06:07:12 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe[2013/01/09 06:07:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe[2013/01/09 06:07:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll[2013/01/09 06:07:09 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll[2013/01/09 06:07:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll[2013/01/09 06:07:08 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll[2013/01/09 06:07:06 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe[2013/01/08 20:15:42 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Elluminate[2 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ][1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]========== Files - Modified Within 30 Days ==========[2013/02/06 00:50:18 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job[2013/02/06 00:43:28 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0[2013/02/06 00:43:28 | 000,018,736 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0[2013/02/06 00:38:22 | 000,792,128 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013/02/06 00:38:22 | 000,671,120 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013/02/06 00:38:22 | 000,124,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013/02/06 00:37:16 | 000,001,307 | ---- | M] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk[2013/02/06 00:35:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Christian\Desktop\OTL.exe[2013/02/06 00:34:18 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013/02/06 00:34:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013/02/06 00:30:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013/02/06 00:30:13 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys[2013/02/06 00:15:00 | 000,000,354 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job[2013/02/06 00:05:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job[2013/02/05 15:18:03 | 537,549,394 | ---- | M] () -- C:\Windows\MEMORY.DMP[2013/02/05 11:16:04 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts[2013/02/05 10:20:23 | 005,029,686 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\ComboFix.exe[2013/02/05 09:29:12 | 013,562,257 | ---- | M] () -- C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip[2013/02/04 17:30:15 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\Christian\Desktop\dds.com[2013/02/04 09:45:59 | 000,487,100 | ---- | M] () -- C:\Users\Christian\Documents\bookmarks_2_4_13.html[2013/02/04 09:37:21 | 000,065,249 | ---- | M] () -- C:\Users\Christian\Documents\bookmark.htm[2013/02/01 10:51:11 | 000,002,103 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk[2013/02/01 10:29:08 | 010,749,984 | ---- | M] (McAfee Inc.) -- C:\Users\Christian\Desktop\Stinger.exe[2013/01/30 21:07:33 | 000,001,124 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/01/30 18:16:18 | 000,768,512 | ---- | M] () -- C:\Users\Christian\Desktop\RogueKiller.exe[2013/01/30 18:14:24 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe[2013/01/29 22:16:15 | 000,007,623 | ---- | M] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg[2013/01/20 20:24:02 | 004,656,329 | ---- | M] () -- C:\Users\Christian\Desktop\windows_phone_8x_by_htc_manual.pdf[2013/01/16 20:06:11 | 000,001,970 | ---- | M] () -- C:\Users\Christian\.powerupdate.user.properties[2013/01/13 08:56:45 | 000,002,125 | ---- | M] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk[2013/01/10 05:32:02 | 005,038,280 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013/01/08 17:05:34 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013/01/08 17:05:34 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013/01/08 07:35:04 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job[2 C:\Users\Christian\Desktop\*.tmp files -> C:\Users\Christian\Desktop\*.tmp -> ][1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]========== Files Created - No Company Name ==========[2013/02/05 10:57:36 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe[2013/02/05 10:57:36 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe[2013/02/05 10:57:36 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe[2013/02/05 10:57:36 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe[2013/02/05 10:57:36 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe[2013/02/05 09:29:05 | 013,562,257 | ---- | C] () -- C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip[2013/02/04 09:45:57 | 000,487,100 | ---- | C] () -- C:\Users\Christian\Documents\bookmarks_2_4_13.html[2013/02/04 09:37:21 | 000,065,249 | ---- | C] () -- C:\Users\Christian\Documents\bookmark.htm[2013/02/01 10:51:11 | 000,002,103 | ---- | C] () -- C:\Users\Christian\Application Data\Microsoft\Internet Explorer\Quick Launch\Belarc Advisor.lnk[2013/02/01 10:51:11 | 000,002,091 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk[2013/01/30 21:07:33 | 000,001,124 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013/01/30 18:15:53 | 000,768,512 | ---- | C] () -- C:\Users\Christian\Desktop\RogueKiller.exe[2013/01/20 20:23:56 | 004,656,329 | ---- | C] () -- C:\Users\Christian\Desktop\windows_phone_8x_by_htc_manual.pdf[2013/01/16 20:06:11 | 000,001,970 | ---- | C] () -- C:\Users\Christian\.powerupdate.user.properties[2013/01/15 20:39:37 | 000,002,851 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Performance, Learning, Leadership, & Knowledge Site.lnk[2012/11/07 14:32:10 | 000,000,848 | ---- | C] () -- C:\Users\Christian\AppData\Local\recently-used.xbel[2012/07/26 16:14:21 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini[2012/07/02 12:11:47 | 000,204,982 | ---- | C] () -- C:\Windows\hpwins28.dat[2012/07/02 12:11:47 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat[2012/07/01 15:17:30 | 000,207,571 | ---- | C] () -- C:\Windows\hpwins28.dat.temp[2012/07/01 15:17:30 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat.temp[2011/11/18 17:15:24 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll[2011/11/18 17:15:24 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll[2011/11/18 17:15:24 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\vidccleaner.exe[2011/11/11 09:24:09 | 000,000,000 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\customDictionary.lex[2011/08/21 19:37:17 | 000,033,134 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\UserTile.png[2011/03/21 14:09:49 | 000,013,776 | ---- | C] () -- C:\Windows\SysWow64\SDEarlyDelete.exe[2011/03/21 14:09:49 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\SDEarlyDelete.ini[2011/03/21 14:09:45 | 000,000,104 | ---- | C] () -- C:\Windows\SysWow64\ProxySettings.ini[2011/03/21 14:09:44 | 000,000,006 | ---- | C] () -- C:\Windows\SysWow64\PSLog.ini[2011/03/21 14:09:43 | 000,004,977 | ---- | C] () -- C:\Windows\SysWow64\DEFAULT.INI[2011/03/21 14:09:43 | 000,000,175 | ---- | C] () -- C:\Windows\SysWow64\MAIL.INI[2011/03/21 14:09:43 | 000,000,174 | ---- | C] () -- C:\Windows\SysWow64\LiveUpdate.ini[2011/03/21 14:09:43 | 000,000,172 | ---- | C] () -- C:\Windows\SysWow64\ManagementConsole.ini[2011/03/21 14:09:43 | 000,000,122 | ---- | C] () -- C:\Windows\SysWow64\COUNTER.INI[2011/03/21 14:09:43 | 000,000,030 | ---- | C] () -- C:\Windows\SysWow64\SessionDetails.ini[2011/02/20 17:47:51 | 000,038,438 | ---- | C] () -- C:\Users\Christian\AppData\Roaming\Comma Separated Values (Windows).ADR[2011/02/16 22:02:51 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Analog Sync[2011/02/16 22:02:51 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Ambient[2011/02/16 22:02:51 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLck.DAT[2011/02/16 22:02:51 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Examples[2011/02/16 22:02:50 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Animals[2011/02/16 22:02:50 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Analog Mono[2011/02/16 22:02:50 | 000,000,012 | RH-- | C] () -- C:\ProgramData\External Build System[2011/02/16 19:15:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLbx.DAT[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Standard[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sports[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Spacious[2011/02/11 21:45:33 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Space Choir[2011/02/11 21:45:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT[2011/02/11 21:45:33 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT[2011/02/11 21:45:32 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Speech Enhancer[2011/02/11 21:45:32 | 000,000,268 | RH-- | C] () -- C:\Users\Christian\AppData\Roaming\Soundtrack[2011/02/11 21:45:32 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT[2011/02/09 22:03:48 | 000,000,326 | ---- | C] () -- C:\Windows\primopdf.ini[2011/01/15 10:01:02 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat[2011/01/14 21:34:33 | 000,007,623 | ---- | C] () -- C:\Users\Christian\AppData\Local\resmon.resmoncfg========== ZeroAccess Check ==========[2009/07/13 22:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 23:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 22:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 19:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 06:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 19:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]========== Custom Scans ==========< %SYSTEMDRIVE%\*.* >[2009/07/13 19:38:58 | 000,383,562 | RHS- | M] () -- C:\bootmgr[2009/07/24 11:28:58 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK[2013/02/05 11:28:06 | 000,029,821 | ---- | M] () -- C:\ComboFix.txt[2013/02/06 00:30:13 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys[2006/12/02 00:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll[2013/02/06 00:30:15 | 4081,639,424 | -HS- | M] () -- C:\pagefile.sys[2010/05/27 23:19:24 | 000,003,065 | ---- | M] () -- C:\RHDSetup.log[2010/05/27 23:18:00 | 000,000,205 | ---- | M] () -- C:\setup.log[2011/02/14 12:44:13 | 000,758,052 | ---- | M] () -- C:\sma.txt[2011/01/15 14:28:12 | 000,001,732 | ---- | M] () -- C:\tvtpktfilter.dat[2009/08/26 16:31:50 | 000,644,096 | ---- | M] () -- C:\tvtpwm_message_hook.dll[2012/03/16 14:29:49 | 000,000,109 | ---- | M] () -- C:\user.js< %systemroot%\*. /mp /s >< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >< >========== Alternate Data Streams ==========@Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:0B4227B4< End of report > Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 6, 2013 Author ID:644112 Share Posted February 6, 2013 DarkKnight....Second OTL log:OTL Extras logfile created on: 2/6/2013 12:44:18 AM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Christian\Desktop64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstationInternet Explorer (Version = 9.0.8112.16421)Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy3.80 Gb Total Physical Memory | 1.95 Gb Available Physical Memory | 51.26% Memory free7.60 Gb Paging File | 5.56 Gb Available in Paging File | 73.14% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 296.92 Gb Total Space | 158.36 Gb Free Space | 53.33% Space Free | Partition Type: NTFSComputer Name: LAPTOP | User Name: Karen Diamond | Logged in as Administrator.Boot Mode: Normal | Scan Mode: Current user | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>].html [@ = ChromeHTML] -- Reg Error: Key error. File not found========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 1"FirewallDisableNotify" = 0"AntiVirusDisableNotify" = 0"UpdatesDisableNotify" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== System Restore Settings ==========[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR" = 0========== Firewall Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"DisableNotifications" = 0"EnableFirewall" = 1[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"DisableNotifications" = 0"EnableFirewall" = 1========== Authorized Applications List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List][HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]========== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{0294BB2F-6178-459D-8C46-8D1C40D6AD6B}" = rport=445 | protocol=6 | dir=out | app=system |"{057550CC-1C7E-4C7B-A2F8-3A8DDC978C8C}" = lport=138 | protocol=17 | dir=in | app=system |"{08E024BB-596A-4DFF-A430-159062EB67CE}" = lport=10243 | protocol=6 | dir=in | app=system |"{19A5737B-0BEE-43C8-BCD3-3CC714AA4FD3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |"{25B9D31D-64EC-44F5-900B-17177C3E5D3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{295EF879-34FC-4A05-A484-51AA1443280E}" = lport=445 | protocol=6 | dir=in | app=system |"{2FA65B31-3A9D-4C20-AFC6-469495F0EF44}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{4084E937-EAAA-47EE-9520-7BE7CE434C09}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |"{4BF5EB07-06A2-40E2-B5B6-244EF5C49A0F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |"{5456EA1E-AF45-48BD-9C96-AB99A6CCF1D9}" = lport=139 | protocol=6 | dir=in | app=system |"{6364B77A-8796-4078-B3CC-5963A3E70B4F}" = rport=139 | protocol=6 | dir=out | app=system |"{6EFD3216-D4DB-448C-81DA-E8838C66FFD2}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{7C7BD74E-D59D-40F9-8481-A74C4729E9DD}" = rport=138 | protocol=17 | dir=out | app=system |"{86444BB3-291D-4D31-A046-BB4AA3243C28}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |"{AF8150A9-8B4A-4262-900E-D368942052B3}" = lport=2869 | protocol=6 | dir=in | app=system |"{BE10AB93-C4A6-464B-BE93-069E778BFF99}" = rport=10243 | protocol=6 | dir=out | app=system |"{C232D951-55E7-4D04-9346-F88A07FC0B22}" = lport=137 | protocol=17 | dir=in | app=system |"{C428A183-FD79-40B5-990D-895328F43AC8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |"{CF0676E6-E2EC-438A-9741-7029DEBD00CE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |"{F534D21D-02A4-4E48-A237-A3745ED5E6D3}" = rport=137 | protocol=17 | dir=out | app=system |"{F9C1EEE5-72B7-40C6-BC7C-64E9DF7DEB39}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{003C7A18-60D9-4C89-94D8-DE42C1AA1D76}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |"{02A4D600-582A-4C14-ADFE-C125CF0CB18F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{1473D86F-6F04-46A3-9153-CD04272511DC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |"{4849799C-D8E9-4360-8F9A-6B5F2BCC7EA4}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |"{56E808A1-BFD0-4B79-B567-B9FA848D697F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |"{61FB8AD2-C831-45AB-9DFB-D685C3A8300D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{62F27534-2769-4D2F-B42F-E96E62F64F44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |"{65901CFC-D156-4C8F-90EA-C26D256CA195}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{68F6992D-6E9D-4F14-88EC-3E0B8BEC7EFF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |"{8642AF85-31DC-4BB3-8E9D-1E478C224084}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{A5589677-56C4-46C1-A86B-1F0B5425786F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{AB3FBA72-52C3-4476-9A38-230DBE05659B}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{BC7833D1-AE4B-4CAB-BDD5-6EA587E5C763}" = protocol=6 | dir=out | app=system |"{CE504808-152F-4073-8BB9-0F8E7C4D30C6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{D3648D1D-2BA3-4973-9B7E-EDC907B6E342}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |"{E8715BB0-E132-4617-B344-62E03BFE2C1C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |"{E926E57D-011D-4F63-BCC5-FFCFDC28D091}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |"{EFA98652-B437-42AA-B7D3-EFFD71ED4ECD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"{F7DCF881-DB9D-4779-8D1C-CCCBAC7C73FF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |"TCP Query User{45A550D7-4565-45DA-8D69-1F6C3C7F3DC0}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |"TCP Query User{6753D0B3-D632-49D7-892B-141B90A44A77}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=6 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |"UDP Query User{1F2F0C99-06FE-4EC7-AE26-C55E17E28BF9}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |"UDP Query User{BE5D426A-4F99-42D4-AB7A-7D0513A90137}C:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe" = protocol=17 | dir=in | app=c:\program files\hp\hp photosmart 5510 series\bin\hpnetworkcommunicator.exe |========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64"{26A24AE4-039D-4CA4-87B4-2F86416017FF}" = Java 6 Update 17 (64-bit)"{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}" = McAfee SiteAdvisor"{39A04221-294E-4D90-A0F2-CCB1EF15CB56}" = Lenovo Patch Utility 64 bit"{3FD730D4-755F-439B-8082-B55E00924A44}" = Client Security - Password Manager"{424E8E17-A7B7-45B5-8C79-D58F04D9D920}" = HP Photosmart 5510 series Basic Device Software"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64"{46A84694-59EC-48F0-964C-7E76E9F8A2ED}" = ThinkVantage Active Protection System"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64"{88C6A6D9-324C-46E8-BA87-563D14021442}_is1" = ThinkVantage Communications Utility"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010"{90140000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2010"{90140000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010"{90BF0360-A1DB-4599-A643-95AB90A52C1E}" = Microsoft_VC90_MFCLOC_x86_x64"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{9ACF3FDB-C8E6-444C-8C64-13A221F7BFFD}" = Microsoft SQL Server Native Client"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)"{B636C9B9-A3F2-4DCE-ADCC-72E095018385}" = Microsoft SQL Server VSS Writer"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64"{C30BB9AD-F9E4-4506-B416-57C03702998D}" = Nitro Reader 2"{C78D3032-9DFD-41D0-9DE9-58EAE750CBA4}" = Microsoft Security Client"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64"{CCAFF072-4DDB-4846-963D-15F02A8E9472}" = Intel® PROSet/Wireless WiFi Software"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter"{DD2AFE07-5DA8-41E9-BB2B-FF0A91A4EB76}" = PCTV Package - Windows Media Center"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer"114EB224AD576F278686036AA9E1EFB7847E3935" = Windows Driver Package - Lenovo 1.60.0.4 (11/18/2009 1.60.0.4)"1AE98C75AE2DD1284F66876FA76F46BFDF6B9D31" = Windows Driver Package - Intel hdc (06/04/2009 7.0.0.1013)"3512AA88B7C41B232F5FF5219DFEEDB41AFC3AEA" = Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (12/10/2009 6.0.1.6000)"573C3C32A1DB5625CA00E633E584E8A0E6383672" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)"A7B0B8D913E4DC2FA0B31E392E1512A901CA66B9" = Windows Driver Package - Intel USB (08/20/2009 9.1.1.1020)"D94DFF1289C7A7BEBA126E4CDADE0E85B99E60F1" = Windows Driver Package - Intel System (10/28/2009 9.1.1.1022)"E7B58217635B8F723D4744A328A4B3237DB35FA9" = Windows Driver Package - Intel System (06/04/2009 1.0.0.0002)"EnablePS" = Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7"GIMP-2_is1" = GIMP 2.8.2"HP Document Manager" = HP Document Manager 2.0"HP Imaging Device Functions" = HP Imaging Device Functions 13.0"HP Smart Web Printing" = HP Smart Web Printing 4.51"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0"HPExtendedCapabilities" = HP Customer Participation Program 13.0"HPOCR" = OCR Software by I.R.I.S. 13.0"IHMC CmapTools v5.05.01" = IHMC CmapTools v5.05.01"LENOVO.SMIIF" = Lenovo System Interface Driver"LenovoAutoScrollUtility" = Lenovo Auto Scroll Utility"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile"Microsoft Security Client" = Microsoft Security Essentials"OnScreenDisplay" = On Screen Display"PC-Doctor for Windows" = Lenovo ThinkVantage Toolbox"Power Management Driver" = Lenovo Power Management Driver"ProInst" = Intel PROSet Wireless"Sn1" = Logitech Scroll App 3.0"sp6" = Logitech SetPoint 6.32"SynTPDeinstKey" = ThinkPad UltraNav Driver"W7DevOR" = Registry Patch to arrange icons in Device and Printers folder of Windows 7[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}" = Visual C++ 8.0 Runtime Setup Package (x64)"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update"{1F8DA253-3C27-4B01-A63A-BA3533120833}" = Microsoft Research AutoCollage Touch 2009"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{24E92E7A-6848-4747-A3EA-3AAC0576BE52}" = Lenovo Patch Utility"{25C64847-B900-48AD-A164-1B4F9B774650}" = Lenovo System Update"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java 6 Update 24"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel® Rapid Storage Technology"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg"{415FA9AD-DA10-4ABE-97B6-5051D4795C90}" = HP FWUpdateEDO2"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter"{4F38594F-2C4A-4C42-B2C4-505E225F6F80}" = HP Product Detection"{4FCAA65E-086D-4D49-A292-A5E764667263}" = pptPlex from Microsoft Office Labs"{50120000-1105-0000-0000-0000000FF1CE}" = Microsoft Office 2007 Primary Interop Assemblies"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011"{50DC5136-21E8-48BC-97E5-1AD055F6B0B6}" = Create Recovery Media"{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory 7"{512FA709-D3E8-4094-A1B5-39A2A08A8400}" = Microsoft Outlook Web Access S/MIME (2007)"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5A13987D-55F4-4271-A40E-76AC9B1B38FD}" = OpenOffice.org 3.2"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer"{630251F6-D575-4FCC-94B8-ABCEFB77A15F}" = Canvas for Microsoft® OneNote® 2007"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox"{6CEFBCFC-602C-492B-A9AE-DFCA56A58FFE}" = ABC Inventory Software"{6CF08AD2-00C5-4A63-B74B-2EFFFAFEBE1A}" = Microsoft Outlook Web Access S/MIME"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{79872596-B887-E700-8D56-CADBC78BA5DE}" = Adobe Download Assistant"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync"{86D6A20D-3910-4441-A3E5-EB6977251C86}" = Samsung USB Driver"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E537894-A559-4D60-B3CB-F4485E3D24E3}" = ThinkVantage Access Connections"{90120000-001C-0409-0000-0000000FF1CE}" = Microsoft Office Access Runtime (English) 2007"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002A-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0116-0409-1000-0000000FF1CE}_Office14.PROPLUSR_{D6C6B46A-6CE1-4561-84A0-EFD58B8AB979}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)"{90A40409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195"{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}" = MotoHelper MergeModules"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9D318C86-AF4C-409F-A6AC-7183FF4CF424}" = Internet TV for Windows Media Center"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail"{A0BBF7AB-2F47-47DC-BB02-4C826F2BC73C}" = IBM Lotus Forms Viewer 3.5.1"{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Burn.Now 4.5"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status"{AEC0CEBC-0FC7-4716-8222-1C4A742719B1}" = Samsung Master"{B1B3C79A-FFD9-4B28-A456-62B6E55E2A5C}_is1" = Todoist version 2.1"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2"{B383F243-0ABC-4E56-AA30-923B8D85076E}" = Rescue and Recovery"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call"{B6D38690-755E-4F40-A35A-23F8BC2B86AC}" = Microsoft_VC90_MFCLOC_x86"{BBF08789-06CB-4D2F-9330-CD617AFDE528}" = Fax"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant"{C64A877E-DF8D-4017-AA82-000A77C6D809}" = Verizon Wireless Mobile Broadband Self Activation"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail"{C6FA39A7-26B1-480A-BC74-6D17531AC222}" = Access Help"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{D81486A1-2371-4059-AC70-1AB894AC96E6}" = AT&T Service Activation"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86"{DAC01CEE-5BAE-42D5-81FC-B687E84E8405}" = ThinkPad Power Manager"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2"{DED01768-E634-11E1-AEB0-984BE15F174E}" = Evernote v. 4.5.8"{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}" = HP Photosmart 5510 series Help"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E173E4C5-FB43-4B3E-AC08-CCCE4CE54825}" = Cox Secure Online Backup for Windows"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0"{EC8B14A3-923A-2C8A-912D-033D24DB28D6}" = SimpleDiagrams"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Graphics Media Accelerator Driver"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver"{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"{F4BD11FE-8C8E-4FB8-826E-D3FDBF1CF037}" = Mobile Broadband Connect"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables"{FD331A3B-F7A5-4C31-B8D4-DF413C85AF7A}" = Message Center Plus"{FD4EC278-C1B1-4496-99ED-C0BE1B0AA521}" = Lenovo Warranty Information"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FE7AD27A-62B1-44F6-B69C-25D1ECA94F5D}" = Integrated Camera"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe AIR" = Adobe AIR"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin"Belarc Advisor" = Belarc Advisor 8.3"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2"Celtx (2.9.1)" = Celtx (2.9.1)"Cisco Connect" = Cisco Connect"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant"com.simplediagrams" = SimpleDiagrams"Coupon Printer for Windows5.0.0.0" = Coupon Printer for Windows"DivX Setup" = DivX Setup"EASEUS Partition Master Home Edition_is1" = EASEUS Partition Master 6.5.2 Home Edition"FeedDemon_is1" = FeedDemon"Google Chrome" = Google Chrome"HomyFads Wardrobe Manager_is1" = HomyFads Wardrobe Manager 2.3"HP Photo Creations" = HP Photo Creations"Inkscape" = Inkscape 0.48.2"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8"InstallShield_{50F68032-B5B7-4513-9116-C978DBD8F27A}" = Corel DVD MovieFactory Lenovo Edition"InstallShield_{A3BE3F1E-2472-4211-8735-E8239BE49D9F}" = Corel Burn.Now Lenovo Edition"InstallShield_{F2004B8D-7791-4B35-A3FA-D8CA8BB4DD81}" = Direct DiscRecorder"Intel AppUp(SM) center 35228" = Intel AppUp(SM) center"IrfanView" = IrfanView (remove only)"Lenovo Welcome_is1" = Lenovo Welcome"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100"McAfee Security Scan" = McAfee Security Scan Plus"McAfee Virtual Technician" = McAfee Virtual Technician"Microsoft SQL Server 2005" = Microsoft SQL Server 2005"MindMaple_is1" = MindMaple Lite 1.23"Mozilla Thunderbird 17.0.2 (x86 en-US)" = Mozilla Thunderbird 17.0.2 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010"Opera 12.00.1467" = Opera 12.00"PC Pitstop Exterminate2_is1" = PC Pitstop Exterminate2 2.0"PrimoPDF" = PrimoPDF -- brought to you by Nitro PDF Software"Spyware Terminator_is1" = Spyware Terminator"WinAce Archiver" = WinAce Archiver"WinLiveSuite" = Windows Live Essentials========== HKEY_CURRENT_USER Uninstall List ==========[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"Amazon Kindle" = Amazon Kindle"GoToMeeting" = GoToMeeting 5.2.0.952"Screenpresso" = Screenpresso"SkyDriveSetup.exe" = Microsoft SkyDrive========== Last 20 Event Log Errors ==========[ Application Events ]Error - 2/3/2013 4:32:58 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.Error - 2/3/2013 3:15:24 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1Description =Error - 2/3/2013 3:33:16 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1Description =Error - 2/3/2013 9:01:37 PM | Computer Name = laptop | Source = Windows Backup | ID = 4103Description =Error - 2/4/2013 9:11:50 AM | Computer Name = laptop | Source = SideBySide | ID = 16842827Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\ProgramFiles (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.Multiple requestedPrivileges elements are not allowed in manifest.Error - 2/4/2013 9:15:47 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.Error - 2/4/2013 5:25:07 PM | Computer Name = laptop | Source = PC-Doctor | ID = 1Description =Error - 2/4/2013 5:37:56 PM | Computer Name = laptop | Source = Application Hang | ID = 1002Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 15d4 Start Time: 01ce031f0422978a Termination Time: 5 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 1cf88c08-6f13-11e2-91ac-c80aa993c612 Error - 2/4/2013 5:40:46 PM | Computer Name = laptop | Source = Application Hang | ID = 1002Description = The program mbam.exe version 1.70.0.9 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel. Process ID: 1b58 Start Time: 01ce032033df1d54 Termination Time: 4 Application Path: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe Report Id: 85b880de-6f13-11e2-91ac-c80aa993c612 Error - 2/5/2013 4:19:09 AM | Computer Name = laptop | Source = SideBySide | ID = 16842827Description = Activation context generation failed for "C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe".Error in manifest or policy file "C:\ProgramFiles (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPluginBroker.exe" on line 2.Multiple requestedPrivileges elements are not allowed in manifest.Error - 2/5/2013 4:21:44 AM | Computer Name = laptop | Source = SideBySide | ID = 16842811Description = Activation context generation failed for "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll".Error in manifest or policy file "C:\Program Files (x86)\Lenovo\Access Connections\AcCryptHlpr.dll" on line 0. Invalid Xml syntax.[ Lenovo-Message Center Plus/Admin Events ]Error - 3/22/2011 11:30:18 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp does not have a Lenovo Digital Signature. The file will be deletedError - 3/28/2011 3:56:58 AM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp does not have a Lenovo Digital Signature. The file will be deletedError - 3/29/2011 5:57:59 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 4Description = The file C:\ProgramData\Lenovo\MessageCenterPlus\ServerRepository\temp\index.adp does not have a Lenovo Digital Signature. The file will be deletedError - 6/26/2012 1:28:20 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object.Error - 10/22/2012 11:34:26 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object.Error - 10/29/2012 8:30:48 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object.Error - 1/14/2013 7:25:25 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object.Error - 1/21/2013 6:58:32 PM | Computer Name = laptop | Source = Lenovo-Message Center Plus/Admin | ID = 2Description = Object reference not set to an instance of an object. -> Exception message: Object reference not set to an instance of an object.[ Media Center Events ]Error - 11/4/2011 7:12:05 AM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 6:11:59 AM - Error connecting to the internet. 6:11:59 AM - Unable to contact server.. Error - 11/4/2011 7:14:42 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 6:14:42 PM - Error connecting to the internet. 6:14:42 PM - Unable to contact server.. Error - 11/4/2011 7:14:53 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 6:14:47 PM - Error connecting to the internet. 6:14:47 PM - Unable to contact server.. Error - 11/5/2011 7:33:45 AM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 6:33:45 AM - Error connecting to the internet. 6:33:45 AM - Unable to contact server.. Error - 11/5/2011 7:34:03 AM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 6:33:50 AM - Error connecting to the internet. 6:33:50 AM - Unable to contact server.. Error - 11/6/2011 7:41:28 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 5:41:28 PM - Error connecting to the internet. 5:41:28 PM - Unable to contact server.. Error - 11/6/2011 7:42:11 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 5:41:59 PM - Failed to retrieve NetTV (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 11/6/2011 7:42:35 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 5:42:23 PM - Failed to retrieve MCESpotlight (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 11/6/2011 7:43:52 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 5:42:47 PM - Failed to retrieve MCEClientUX (Error: The remote name could not be resolved: 'data.tvdownload.microsoft.com') Error - 11/6/2011 7:44:39 PM | Computer Name = laptop | Source = MCUpdate | ID = 0Description = 5:44:06 PM - Failed to retrieve SportsSchedule (Error: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.) [ System Events ]Error - 2/6/2013 2:32:28 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:33:00 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:33:58 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:34:20 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:37:40 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:38:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7011Description = A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.Error - 2/6/2013 2:38:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:48:10 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:48:41 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126Error - 2/6/2013 2:50:35 AM | Computer Name = laptop | Source = Service Control Manager | ID = 7023Description = The HP Network Devices Support service terminated with the following error: %%126< End of report > Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 6, 2013 ID:644124 Share Posted February 6, 2013 Good evening Woe_is_Me_n_myPC,There are signs of the AVG Security Toolbar in your log. This toolbar comes bundled with Yahoo! and makes changes to your browser settings without your consent. Please see here for more information. I recommend you remove it.Also, there are signs of the Yahoo! Toolbar in your log. This toolbar comes bundled with other third party applications you may not want installed. Please see here for more information. I recommend you remove it.I also see the Google Toolbar in your log. This toolbar has been known to exhibit suspicious behaviour. Please see here for more information. I recommend you remove it.Please go to Start>Control Panel>Programs and uninstall the following program (if present):AVG Security ToolbarGoogle ToolbarYahoo! CompanionYahoo! ToolbarPlease restart your computer after these program removals.=====Please run OTL.exe.Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy)::OTLIE - HKCU\..\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}: "URL" = http://search.softon...archSource=4=IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.localO6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions presentO7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present:Commands[EmptyTemp] Return to OTL.exe, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.Click the red Run Fix button.A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.Close OTL.exeIf a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.=====Then, please read all these directions before proceeding.When you have the .ISO file downloaded, you need to create a bootable disk or flash drive with it, using a clean PC to do that. The .ISO file is a disk image. It should NOT be burned as a regular file. You need a program like ImgBurn that can burn an .ISO image. I think a CD is best as there is no way anything can write on it after it is made, but the USB may be more convenient and easier.Be sure to read these:Download Kaspersky Rescue Disk 10How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it?How to record Kaspersky Rescue Disk 10 to a CD/DVD and boot my computer from the disk?Please go to a clean computerDownload the .iso image file.Create a CD (or flash drive if you prefer).On the infected computer: put the disk in the drive and reboot.Follow the directions here, but you will find some differences. Familiarise yourself with How to create a report file in Kaspersky Rescue Disk 10?Then, please print the following directions:Boot from Kaspersky Rescue Disk 10:Restart your computer and put the disk in the drive while booting.Press any key. A loading wizard will start (you will see the menu to select the required language). If you do not press any key in 10 seconds, the computer boots from hard drive automatically.Select the required interface language using the arrow-keys on your keyboard.Press the Enter key on the keyboard.In the start up wizard window that opens, select the Kaspersky Rescue Disk. Graphic ModeClick Enter.Click 'A' to accept the agreement.Select operating system from dropdown menu (select Windows whatever).Select Objects to scan: check Disk boot sectors, Hidden startup objects, C:Click My Update Center and update.Back to other tab and click Start Object Scan.When scan has completed save a report:On the upper part of the Kaspersky Rescue Disk window, click on the Report link.On the bottom right hand corner of the Protection status - Kaspersky Rescue Disk window, click on the Detailed Report button.On the upper right hand corner of the Detailed report window, click on the Save button.After clicking Detailed Report and 'SAVE', a browse window opens.Double-click on the \Click 'disks'.All your drives will be shown and you can easily double-click C and save the report to C:\KasperskyRescueDisk10.txt.Click on the Save button.The report has been saved to the file.Remove the disk from the drive (or disconnect USB) and reboot normally.=====In your reply please provide the contents of the following:OTL fix log.Detected portion of the Kaspersky log. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 8, 2013 Author ID:644785 Share Posted February 8, 2013 Hello DarkKnight,Update: I do not have access to a clean machine for burning the Kaspersky disk for another 24 hours or so; my apologies for the delay. Meanwhile…Q - Is it permissible to run OTL with the associated commands NOW, posting the OTL fix log by itself, then complete the Kaspersky Rescue Disk boot/scan 24-plus hours later, then post its report?? Or, is it best to do the OTL, then the Kaspersky tasks consecutively?I read all materials regarding the Rescue disk boot/scan, but have these questions:Q1 - To verify, I DO need to load the BIOS menu and configure my computer to boot from a removable device, then change it back after completion, correct? (Not in the post instructions, but mentioned here: How to record Kaspersky Rescue Disk 10 to an USB device and boot my computer from it? )The next two items are mentioned here Virus Removal using Kaspersky Rescue Disk, but not in the post instructions:Q2 - Verify that I should move the Current security level slider to High? Q3 - After the scan ends, an alarm window with information about malware found appears, and the user is directed to click on the recommended action to clear the system of malware. Please verify if this should be completed as stated?Thanks for your patience as I juggle my time and resources.~KarenWoe_is_Me_n_myPC Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 8, 2013 ID:644824 Share Posted February 8, 2013 Good afternoon Woe_is_Me_n_myPC. Is it permissible to run OTL with the associated commands NOW, posting the OTL fix log by itself, then complete the Kaspersky Rescue Disk boot/scan 24-plus hours later, then post its report?? Or, is it best to do the OTL, then the Kaspersky tasks consecutively?You may run OTL now as I mentioned above, and run Kaspersky later.Q1 - To verify, I DO need to load the BIOS menu and configure my computer to boot from a removable device, then change it back after completion, correct? (Not in the post instructions, but mentioned here:Yes, please do so.Verify that I should move the Current security level slider to High? You may do so if you wish. You are already infected so this will only (likely) help prevent any further reinfection.After the scan ends, an alarm window with information about malware found appears, and the user is directed to click on the recommended action to clear the system of malware. Please verify if this should be completed as stated?Yes please. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 8, 2013 Author ID:644937 Share Posted February 8, 2013 Hello DarkKnight,Thanks for the clarifications on the Rescue disk operations. I plan to complete this within the next 24 hours.In the meantime, here is the OTL Fix Log:All processes killed========== OTL ==========Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4A0FE87B-3640-4E2A-A237-645B533666F4}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A0FE87B-3640-4E2A-A237-645B533666F4}\ not found.HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.========== COMMANDS ==========[EMPTYTEMP]User: All UsersUser: Christian->Temp folder emptied: 12377021 bytes->Temporary Internet Files folder emptied: 18077898 bytes->Java cache emptied: 62623682 bytes->Google Chrome cache emptied: 6968625 bytes->Opera cache emptied: 53164674 bytes->Flash cache emptied: 60361 bytesUser: Default->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 67 bytes->Flash cache emptied: 56504 bytesUser: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes->Flash cache emptied: 0 bytesUser: Public->Temp folder emptied: 0 bytes%systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 5 bytes%systemroot%\System32 (64bit) .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 86184 bytes%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67630 bytesRecycleBin emptied: 0 bytesTotal Files Cleaned = 146.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 02082013_084731Files\Folders moved on Reboot...C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.PendingFileRenameOperations files...Registry entries deleted on Reboot... Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 8, 2013 ID:645057 Share Posted February 8, 2013 OK sounds good. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 14, 2013 Author ID:647006 Share Posted February 14, 2013 Howdy DarkKnight,Apologies for the five-day absence...a clean computer for creating the Kaspersky Resuce Disk was a two-hour road trip away, AND I didn't realize the KRD scan would take so long (36 hours!!). KRD scan result is NO THREATS DETECTED, an outcome that surprised me. KRD scan details below, as an FYI..... After a number of issues, I actually completed TWO scans...the first with an outdated database (2/3/2013) because I couldn't get it to update successfully; and the second scan completed a couple of hours ago with an up-to-date database (2/11/13). Security level was set to 'high' and both signature and heuristic analysis were selected for each of the two scans. I'm not sure why, but each scan required 36 HOURS to complete! Is this normal?? (The second time around, I attempted to pare down the scan time by excluding Microsoft Live Mail files, since the first scan had plodded through these for nearly 24 hours, 'stuck' at 86% complete, but finally finishing. I apparently did not set up the exclusions correctly, because the second scan did exactly the same thing.) I am impressed with KRD, and although the user experience really tested my patience, I did not want to leave a stone unturned.Two issues:Regarding Windows Update for February: I have automatic updates enabled, and usually I would get these sometime in the next 12 hours or so...shall I leave automatic update ON, or temporarily disable it to avoid any conflicts with the work we are doing?I'm sure you will have me updating Java soon, but just wanted to remind you it is out-of-date.Okay... what's next? ~KarenWoe_is_Me_n_myPC Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 14, 2013 ID:647040 Share Posted February 14, 2013 Howdy Woe_is_Me_n_myPC,Updates we can do later. For the interim don't do Windows Updates.For x32 (x86) bit systems please download the Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.For x64 bit systems please download the Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.Plug the flashdrive into the infected PC.Enter System Recovery Options.To enter System Recovery Options from the Advanced Boot Options:Restart the computer.As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.Use the arrow keys to select the Repair your computer menu item.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.To enter System Recovery Options by using the Windows installation disc:Insert the installation disc.Restart your computer.If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.Click Repair your computer.Select US as the keyboard language settings, and then click Next.Select the operating system you want to repair, and then click Next.Select your user account and click Next.On the System Recovery Options menu you will get the following options:Startup RepairSystem RestoreWindows Complete PC RestoreWindows Memory Diagnostic ToolCommand Prompt[*]Select Command Prompt.[*]In the command window type in notepad and press Enter.[*]The notepad opens. Under File menu select Open.[*]Select Computer, find your flash drive letter and close the notepad.[*]In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter.Note: Replace letter e with the drive letter of your flash drive.[*]The tool will start to run.[*]When the tool opens click Yes to the disclaimer.[*]Press the Scan button.[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it in your reply. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 14, 2013 Author ID:647199 Share Posted February 14, 2013 Unfortunately, I did not catch the Windows Updates before they were pushed, DarkKnight, and the machine was updated... :-[Farbar Tool scan results are below.Here and available for your next instruction...thank you!~KarenWoe_is_Me_n_myPCScan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 12-02-2013Ran by SYSTEM at 14-02-2013 16:10:18Running from F:\Windows 7 Home Premium (X64) OS Language: English(US)The current controlset is ControlSet001==================== Registry (Whitelisted) ===================HKLM\...\Run: [AcWin7Hlpr] ABLER.EXE [x]HKLM\...\Run: [cssauth] T [x]HKLM\...\Run: [synTPEnh] H.EXE [x]HKLM\...\Run: [igfxTray] DOWS\SYSTEM32\IGFXTRAY.EXE [x]HKLM\...\Run: [HotKeysCmds] DOWS\SYSTEM32\HKCMD.EXE [x]HKLM\...\Run: [Persistence] DOWS\SYSTEM32\IGFXPERS.EXE [x]HKLM\...\Run: [LogiScrollApp] C:\Program Files\Logitech\ScrollApp\KhalScroll.exe [148760 2011-11-02] (Logitech, Inc.)HKLM\...\Run: [EvtMgr6] G [x]HKLM\...\Run: [MSC] KEY [x]HKLM-x32\...\Run: [Message Center Plus] C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe /start [49976 2009-05-27] ()HKLM-x32\...\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [919008 2012-07-27] (Adobe Systems Incorporated)HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)HKLM-x32\...\Run: [Online Backup Auto Update] "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Auto Update\OnlineBackup.UpdateSystemTray.exe" [233472 2011-07-16] ()HKLM-x32\...\Run: [Vault Explorer Cache Watcher] C:\Program Files (x86)\Cox\Secure Online Backup for Windows\vewatch.exe [28672 2011-03-23] (DigiData Corp.)HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM-x32\...\Run: [] [x]HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)HKLM-x32\...\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)HKU\Christian\...\Run: [skyDrive] "C:\Users\Christian\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background [255992 2012-11-16] (Microsoft Corporation)HKU\Christian\...\Run: [HP Photosmart 5510 series (NET)] "C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN1BI29JVB05NR:NW" -scfn "HP Photosmart 5510 series (NET)" -AutoStart 1 [2676584 2011-09-16] (Hewlett-Packard Co.)HKU\Default\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]HKU\Default\...\RunOnce: [] [x]HKU\Default\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()HKU\Default User\...\RunOnce: [wlstart] %ProgramFiles(x86)%\Windows Live\Installer\wlstart.exe /nosearch /nohomepage [x]HKU\Default User\...\RunOnce: [] [x]HKU\Default User\...\RunOnce: [Lenovoautoqdrive] C:\PROGRA~2\Common~1\Lenovo\Lenovo~1\LenovoAutorunreg.exe /DRIVE=Q [159744 2009-03-24] ()Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12Startup: C:\Users\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Users\Christian\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnkShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)Startup: C:\Users\Christian\Start Menu\Programs\Startup\Secure Online Backup.lnkShortcutTarget: Secure Online Backup.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)==================== Services (Whitelisted) ===================3 Adobe LM Service; "C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" [72704 2011-04-16] (Adobe Systems)2 FilesystemWatcher; "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Filesystem Watcher\DigiData.FilesystemWatcher.Service.Watcher.exe" [24576 2011-07-16] (DigiData Corp.)2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited)2 McAfee SiteAdvisor Service; C:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe [103472 2012-12-04] (McAfee, Inc.)2 MsMpSvc; "C:\Program Files\Microsoft Security Client\MsMpEng.exe" [22072 2012-09-12] (Microsoft Corporation)3 NisSrv; "C:\Program Files\Microsoft Security Client\NisSrv.exe" [368896 2012-09-12] (Microsoft Corporation)2 NitroReaderDriverReadSpool2; "C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe" [229392 2012-09-12] (Nitro PDF Software)2 OnlineBackupSchedulerService; "C:\Program Files (x86)\Cox\Secure Online Backup for Windows\Scheduler\OnlineBackup.SchedulerService.exe" [24576 2011-07-16] ()4 PCPitstop Scheduling; C:\Program Files (x86)\PCPitstop\PCPitstopScheduleService.exe [77312 2008-10-21] ()2 sp_rssrv; "C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe" [948775 2011-05-20] (Crawler.com)3 SUService; "C:\Program Files (x86)\Lenovo\System Update\SUService.exe" [22376 2013-02-04] ()2 ThinkVantage Registry Monitor Service; "C:\Program Files (x86)\Common Files\Lenovo\tvt_reg_monitor_svc.exe" [1019904 2009-08-28] (Lenovo Group Limited)3 TVT Backup Service; "C:\Program Files (x86)\Lenovo\Rescue and Recovery\rrservice.exe" [1475896 2010-07-06] (Lenovo Group Limited)2 HPSLPSVC; C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dll [x]==================== Drivers (Whitelisted) =====================3 azvusb; C:\Windows\System32\Drivers\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)3 epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()3 EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()3 mod7700; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)0 MpFilter; C:\Windows\System32\Drivers\MpFilter.sys [228768 2012-08-30] (Microsoft Corporation)2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [128456 2012-08-30] (Microsoft Corporation)3 PCTV340_801; C:\Windows\System32\Drivers\dvb7700all.sys [946176 2010-03-10] (DiBcom)2 sp_rsdrv2; C:\Windows\System32\DRIVERS\stflt.sys [50696 2010-07-07] (Windows ® Win 7 DDK provider)1 TPPWRIF; C:\Windows\System32\drivers\Tppwr64v.sys [13104 2010-01-05] ()3 usbsmi; C:\Windows\System32\DRIVERS\SMIksdrv.sys [206080 2009-10-26] (SMI)3 BTCFilterService; C:\Windows\System32\DRIVERS\motfilt.sys [x]3 catchme; \??\C:\ComboFix\catchme.sys [x]3 motccgp; C:\Windows\System32\DRIVERS\motccgp.sys [x]3 motccgpfl; C:\Windows\System32\DRIVERS\motccgpfl.sys [x]3 motmodem; C:\Windows\System32\DRIVERS\motmodem.sys [x]3 MotoSwitchService; C:\Windows\System32\DRIVERS\motswch.sys [x]3 Motousbnet; C:\Windows\System32\DRIVERS\Motousbnet.sys [x]3 motusbdevice; C:\Windows\System32\DRIVERS\motusbdevice.sys [x]3 PCDSRVC{127174DC-C366ED8B-06020101}_0; \??\c:\program files\pc-doctor\pcdsrvc_x64.pkms [x]==================== NetSvcs (Whitelisted) ======================================== One Month Created Files and Folders ========2013-02-14 16:09 - 2013-02-14 16:09 - 00000000 ____D C:\FRST2013-02-14 10:08 - 2013-02-14 11:25 - 00000000 ____D C:\Users\Christian\Documents\PNY_TPG_062820092013-02-14 01:02 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll2013-02-14 01:02 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll2013-02-14 01:02 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll2013-02-14 01:02 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll2013-02-14 01:02 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl2013-02-14 01:02 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll2013-02-14 01:02 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll2013-02-14 01:02 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll2013-02-14 01:02 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll2013-02-14 01:02 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe2013-02-14 01:02 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll2013-02-14 01:02 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll2013-02-14 01:02 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb2013-02-14 01:02 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll2013-02-14 01:02 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll2013-02-14 01:02 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2013-02-14 01:02 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2013-02-14 01:02 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2013-02-14 01:02 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2013-02-14 01:02 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2013-02-14 01:02 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll2013-02-14 01:02 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2013-02-14 01:02 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2013-02-14 01:02 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2013-02-14 01:02 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2013-02-14 01:02 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2013-02-14 01:02 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2013-02-14 01:02 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2013-02-14 01:02 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2013-02-14 01:02 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2013-02-14 01:01 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll2013-02-14 01:01 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2013-02-13 17:06 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe2013-02-13 17:06 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe2013-02-13 17:06 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe2013-02-13 17:06 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll2013-02-13 17:06 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2013-02-13 17:06 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys2013-02-13 17:06 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2013-02-13 17:06 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2013-02-13 17:06 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2013-02-13 17:06 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2013-02-13 17:06 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys2013-02-13 17:06 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS2013-02-13 16:59 - 2013-02-13 16:59 - 00000000 ____D C:\Program Files\McAfee2013-02-13 10:36 - 2013-02-13 10:36 - 01961065 ____A C:\KasperskyRescueDisk1012.txt2013-02-13 10:33 - 2013-02-13 10:33 - 01961065 ____A C:\KasperskyRescueDisk1011.txt2013-02-11 15:47 - 2013-02-11 15:51 - 276502528 ____A C:\Users\Christian\Downloads\kav_rescue_10 (1).iso2013-02-11 01:05 - 2013-02-11 01:05 - 00000307 ____A C:\KasperskyRescueDisk10.txt2013-02-09 11:05 - 2013-02-09 11:06 - 00323072 ____A C:\Users\Christian\Downloads\Slideshop free slide - Shipping-Distribution.ppt2013-02-08 06:47 - 2013-02-08 06:47 - 00000000 ____D C:\_OTL2013-02-06 19:24 - 2013-02-06 19:24 - 00387584 ____A C:\Users\Christian\Downloads\rescue2usb.exe2013-02-06 19:11 - 2013-02-06 19:15 - 301768704 ____A C:\Users\Christian\Downloads\kav_rescue_10.iso2013-02-05 23:11 - 2013-02-05 23:11 - 00092006 ____A C:\Users\Christian\Desktop\Extras.Txt2013-02-05 23:09 - 2013-02-05 23:09 - 00157936 ____A C:\Users\Christian\Desktop\OTL.Txt2013-02-05 22:35 - 2013-02-05 22:35 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe2013-02-05 18:19 - 2013-02-05 18:19 - 00029821 ____A C:\Users\Christian\Downloads\ComboFix.txt2013-02-05 13:18 - 2013-02-05 13:18 - 00266288 ____A C:\Windows\Minidump\020513-26878-01.dmp2013-02-05 13:03 - 2013-02-05 13:03 - 00266288 ____A C:\Windows\Minidump\020513-18314-01.dmp2013-02-05 09:51 - 2013-02-05 09:51 - 00000000 ____D C:\Users\Christian\Desktop\mbar-1.01.0.10172013-02-05 09:28 - 2013-02-05 09:28 - 00029821 ____A C:\ComboFix.txt2013-02-05 08:57 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe2013-02-05 08:57 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe2013-02-05 08:57 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe2013-02-05 08:57 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe2013-02-05 08:57 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe2013-02-05 08:57 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe2013-02-05 08:57 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe2013-02-05 08:57 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe2013-02-05 08:31 - 2013-02-05 09:28 - 00000000 ____D C:\Qoobox2013-02-05 08:31 - 2013-02-05 09:25 - 00000000 ____D C:\Windows\erdnt2013-02-05 08:20 - 2013-02-05 08:20 - 05029686 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe2013-02-05 07:29 - 2013-02-05 07:29 - 13562257 ____A C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip2013-02-05 07:06 - 2013-02-05 22:39 - 00000000 ____D C:\Users\Christian\Desktop\GETWELLSOON2013-02-04 17:59 - 2013-02-04 20:13 - 00004362 ____A C:\Users\Christian\Desktop\MWB Forum Summary1.txt2013-02-04 16:06 - 2013-02-04 16:06 - 00034476 ____A C:\Users\Christian\Desktop\attach.txt2013-02-04 16:06 - 2013-02-04 16:05 - 00033245 ____A C:\Users\Christian\Desktop\dds.txt2013-02-04 16:04 - 2013-02-04 16:04 - 00000000 ____D C:\Users\Christian\Desktop\first2013-02-04 15:29 - 2013-02-04 15:30 - 00688992 ____R (Swearware) C:\Users\Christian\Desktop\dds.com2013-02-04 13:15 - 2013-02-04 15:21 - 00000000 ____D C:\Users\Christian\Desktop\temp15152013-02-04 07:45 - 2013-02-04 07:45 - 00487100 ____A C:\Users\Christian\Documents\bookmarks_2_4_13.html2013-02-04 07:37 - 2013-02-04 07:37 - 00065249 ____A C:\Users\Christian\Documents\bookmark.htm2013-02-02 19:51 - 2013-02-02 19:51 - 00070093 ____A C:\Users\Christian\Downloads\Agile Learning.zip2013-02-02 16:46 - 2013-02-02 19:29 - 00000000 ____D C:\Users\Christian\Desktop\Desktop Organization2013-02-02 16:10 - 2013-02-02 16:34 - 00000000 ____D C:\Users\Christian\Documents\__Shortcuts to Sort2013-02-01 08:51 - 2013-02-01 08:51 - 00000000 ____D C:\Program Files (x86)\Belarc2013-02-01 08:29 - 2013-02-01 08:29 - 10749984 ____A (McAfee Inc.) C:\Users\Christian\Desktop\Stinger.exe2013-01-31 18:10 - 2013-01-31 18:15 - 00000000 ____D C:\Users\Christian\Desktop\RK_Quarantine2013-01-31 16:49 - 2013-01-31 16:50 - 00347424 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\MicrosoftFixit.WinSecurity.RNP.108283107025588528.2.1.Run.exe2013-01-31 14:54 - 2013-01-31 14:54 - 00025565 ____A C:\Users\Christian\Downloads\Readiness-template1.xlsx2013-01-31 14:03 - 2013-01-31 14:03 - 00002699 ____A C:\Users\Christian\Downloads\callHistory.csv2013-01-31 09:08 - 2013-01-31 09:08 - 00001205 ____A C:\Users\Christian\Downloads\FixNCR.reg2013-01-30 19:07 - 2013-01-30 19:07 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-30 19:07 - 2012-12-14 14:49 - 00024176 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys2013-01-30 17:42 - 2013-01-30 18:03 - 00000000 ____D C:\Users\Christian\Documents\___________suspect2013-01-30 16:38 - 2013-01-30 16:40 - 72218696 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\mpam-fe.exe2013-01-30 16:15 - 2013-01-30 16:16 - 00768512 ____A C:\Users\Christian\Desktop\RogueKiller.exe2013-01-30 16:14 - 2013-01-30 16:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe2013-01-27 21:39 - 2013-01-27 21:40 - 00599552 ____A C:\Users\Christian\Downloads\Virtuoso_Honeymoon_.ppt2013-01-27 10:03 - 2013-01-27 10:03 - 00015675 ____A C:\Users\Christian\Downloads\miscellaneous_timmy-woods_.kml2013-01-24 08:20 - 2013-01-24 08:20 - 00093584 ____A C:\Users\Christian\Downloads\tracy.lloyd.final.project.swf2013-01-24 08:12 - 2013-01-24 08:12 - 01757514 ____A C:\Users\Christian\Downloads\eNyota_Portfolio.swf2013-01-24 07:48 - 2013-01-24 07:48 - 07435623 ____A C:\Users\Christian\Downloads\LSAMS_Intro_Training_Module_i_Sample.swf2013-01-24 07:48 - 2013-01-24 07:48 - 05140480 ____A C:\Users\Christian\Downloads\Webinar_Sample_Excerpt.ppt2013-01-24 07:47 - 2013-01-24 07:47 - 03137304 ____A C:\Users\Christian\Downloads\Follow_Me_Tutorial_921x533.swf2013-01-24 07:45 - 2013-01-24 07:46 - 13783040 ____A C:\Users\Christian\Downloads\SAMPLE_PPT_STATE_FARM_2.ppt2013-01-24 05:47 - 2013-01-24 05:47 - 06671360 ____A C:\Users\Christian\Downloads\demoeffectivemeetings-100928163220-phpapp02.ppt2013-01-24 05:46 - 2013-01-24 05:46 - 03828294 ____A C:\Users\Christian\Downloads\Untitledpresentation.pptx2013-01-23 19:04 - 2013-01-23 19:04 - 00262144 ____A C:\Windows\Minidump\012313-24601-01.dmp2013-01-23 14:06 - 2013-01-23 14:06 - 00669184 ____A C:\Users\Christian\Downloads\Slideshop free slide - Maslow-Hierarchy-of-Needs-Blue-Corporate.ppt2013-01-22 06:01 - 2013-01-22 06:01 - 00262144 ____A C:\Windows\Minidump\012213-20545-01.dmp2013-01-21 20:15 - 2013-01-21 20:15 - 00000811 ____A C:\Users\Christian\Downloads\event (1).ics2013-01-19 19:58 - 2013-01-19 19:58 - 00239616 ____A C:\Users\Christian\Downloads\Slideshop free slide - Chinese-Culture.ppt2013-01-19 12:36 - 2013-01-19 12:36 - 05442160 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\Windows8-UpgradeAssistant.exe2013-01-17 10:02 - 2013-01-17 10:02 - 00009132 ____A C:\Users\Christian\Downloads\meeting (1).jnlp2013-01-16 18:40 - 2013-01-16 18:41 - 04048201 ____A C:\Users\Christian\Downloads\LifeExpectancy.pptx2013-01-16 18:06 - 2013-01-16 18:23 - 00000000 ____D C:\Users\Christian\Documents\My Cmaps2013-01-16 18:06 - 2013-01-16 18:23 - 00000000 ____D C:\Users\Christian\AppData\Roaming\CmapTools2013-01-16 18:06 - 2013-01-16 18:06 - 00001970 ____A C:\Users\Christian\.powerupdate.user.properties2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ___HD C:\Program Files\Zero G Registry2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ____D C:\Program Files\IHMC CmapTools2013-01-16 17:58 - 2013-01-16 17:58 - 00000000 ___HD C:\Users\Christian\InstallAnywhere2013-01-16 17:56 - 2013-01-16 17:57 - 75998533 ____A (Flexera Software) C:\Users\Christian\Downloads\Winx64CmapTools_v5.05.01_11-01-12.exe2013-01-16 10:02 - 2013-01-16 10:55 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Blackboard2013-01-16 10:00 - 2013-01-16 10:01 - 00009076 ____A C:\Users\Christian\Downloads\meeting.jnlp2013-01-15 11:19 - 2013-01-15 11:19 - 00001477 ____A C:\Users\Christian\Downloads\webinar.ics2013-01-15 10:36 - 2013-01-15 10:36 - 00000407 ____A C:\Users\Christian\Downloads\event.ics==================== One Month Modified Files and Folders =======2013-02-14 16:09 - 2013-02-14 16:09 - 00000000 ____D C:\FRST2013-02-14 14:01 - 2010-05-27 21:10 - 01134916 ____A C:\Windows\WindowsUpdate.log2013-02-14 14:00 - 2012-10-28 05:52 - 00000000 ___RD C:\Users\Christian\SkyDrive2013-02-14 13:58 - 2011-01-15 04:45 - 00000382 ____A C:\Windows\Tasks\SystemToolsDailyTest.job2013-02-14 13:42 - 2011-11-07 16:35 - 00000000 ____D C:\Users\Christian\Documents\Outlook Files2013-02-14 13:34 - 2011-08-19 13:50 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2013-02-14 13:15 - 2012-11-07 12:26 - 00000354 ____A C:\Windows\Tasks\HP Photo Creations Communicator.job2013-02-14 13:05 - 2012-04-04 16:33 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job2013-02-14 11:25 - 2013-02-14 10:08 - 00000000 ____D C:\Users\Christian\Documents\PNY_TPG_062820092013-02-14 06:13 - 2009-07-13 21:13 - 00792128 ____A C:\Windows\System32\PerfStringBackup.INI2013-02-14 05:53 - 2011-08-19 13:50 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2013-02-14 01:50 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-02-14 01:50 - 2009-07-13 20:45 - 00018736 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-02-14 01:42 - 2012-04-18 06:42 - 00000000 ____D C:\Program Files (x86)\McAfee2013-02-14 01:42 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT2013-02-14 01:42 - 2009-07-13 20:51 - 00042817 ____A C:\Windows\setupact.log2013-02-14 01:42 - 2009-07-13 20:45 - 05038280 ____A C:\Windows\System32\FNTCACHE.DAT2013-02-14 01:40 - 2011-01-13 23:17 - 00316594 ____A C:\Windows\PFRO.log2013-02-14 01:23 - 2010-05-27 21:59 - 00000000 ____D C:\Users\All Users\Microsoft Help2013-02-14 01:13 - 2011-01-15 12:15 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe2013-02-13 16:59 - 2013-02-13 16:59 - 00000000 ____D C:\Program Files\McAfee2013-02-13 10:36 - 2013-02-13 10:36 - 01961065 ____A C:\KasperskyRescueDisk1012.txt2013-02-13 10:33 - 2013-02-13 10:33 - 01961065 ____A C:\KasperskyRescueDisk1011.txt2013-02-11 15:51 - 2013-02-11 15:47 - 276502528 ____A C:\Users\Christian\Downloads\kav_rescue_10 (1).iso2013-02-11 07:46 - 2010-05-27 21:18 - 00000000 ____D C:\Program Files (x86)\Lenovo2013-02-11 01:05 - 2013-02-11 01:05 - 00000307 ____A C:\KasperskyRescueDisk10.txt2013-02-09 18:08 - 2009-07-13 23:44 - 00000000 ___RD C:\Users\Public\Recorded TV2013-02-09 12:52 - 2012-02-14 16:47 - 00000000 ____D C:\Users\Christian\Documents\IAC-FAI-CIVA2013-02-09 11:06 - 2013-02-09 11:05 - 00323072 ____A C:\Users\Christian\Downloads\Slideshop free slide - Shipping-Distribution.ppt2013-02-08 22:05 - 2012-04-04 16:33 - 00697712 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2013-02-08 22:05 - 2011-05-21 06:45 - 00074096 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2013-02-08 06:47 - 2013-02-08 06:47 - 00000000 ____D C:\_OTL2013-02-08 05:44 - 2011-08-19 13:50 - 00000000 ____D C:\Program Files\Google2013-02-08 05:44 - 2011-08-19 13:50 - 00000000 ____D C:\Program Files (x86)\Google2013-02-08 05:33 - 2011-08-19 13:50 - 00000000 ____D C:\Users\All Users\Google2013-02-07 17:34 - 2010-05-27 21:44 - 00000000 ____D C:\Users\All Users\PCDr2013-02-06 21:29 - 2011-05-03 08:43 - 00000000 ____D C:\Users\Christian\AppData\Local\Microsoft Games2013-02-06 19:24 - 2013-02-06 19:24 - 00387584 ____A C:\Users\Christian\Downloads\rescue2usb.exe2013-02-06 19:15 - 2013-02-06 19:11 - 301768704 ____A C:\Users\Christian\Downloads\kav_rescue_10.iso2013-02-05 23:11 - 2013-02-05 23:11 - 00092006 ____A C:\Users\Christian\Desktop\Extras.Txt2013-02-05 23:09 - 2013-02-05 23:09 - 00157936 ____A C:\Users\Christian\Desktop\OTL.Txt2013-02-05 22:39 - 2013-02-05 07:06 - 00000000 ____D C:\Users\Christian\Desktop\GETWELLSOON2013-02-05 22:35 - 2013-02-05 22:35 - 00602112 ____A (OldTimer Tools) C:\Users\Christian\Desktop\OTL.exe2013-02-05 22:24 - 2011-03-01 04:52 - 00000000 ____D C:\Users\All Users\McAfee2013-02-05 18:19 - 2013-02-05 18:19 - 00029821 ____A C:\Users\Christian\Downloads\ComboFix.txt2013-02-05 13:18 - 2013-02-05 13:18 - 00266288 ____A C:\Windows\Minidump\020513-26878-01.dmp2013-02-05 13:18 - 2011-02-19 22:46 - 00000000 ____D C:\Windows\Minidump2013-02-05 13:18 - 2011-02-19 22:45 - 537549394 ____A C:\Windows\MEMORY.DMP2013-02-05 13:03 - 2013-02-05 13:03 - 00266288 ____A C:\Windows\Minidump\020513-18314-01.dmp2013-02-05 09:51 - 2013-02-05 09:51 - 00000000 ____D C:\Users\Christian\Desktop\mbar-1.01.0.10172013-02-05 09:28 - 2013-02-05 09:28 - 00029821 ____A C:\ComboFix.txt2013-02-05 09:28 - 2013-02-05 08:31 - 00000000 ____D C:\Qoobox2013-02-05 09:28 - 2009-07-13 19:20 - 00000000 __RHD C:\users\Default2013-02-05 09:25 - 2013-02-05 08:31 - 00000000 ____D C:\Windows\erdnt2013-02-05 09:17 - 2009-07-13 18:34 - 92798976 ____A C:\Windows\System32\config\software.bak2013-02-05 09:17 - 2009-07-13 18:34 - 27787264 ____A C:\Windows\System32\config\system.bak2013-02-05 09:17 - 2009-07-13 18:34 - 01048576 ____A C:\Windows\System32\config\default.bak2013-02-05 09:17 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\security.bak2013-02-05 09:17 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\sam.bak2013-02-05 09:15 - 2011-01-13 21:20 - 00000000 ____D C:\users\Christian2013-02-05 08:20 - 2013-02-05 08:20 - 05029686 ____R (Swearware) C:\Users\Christian\Desktop\ComboFix.exe2013-02-05 07:29 - 2013-02-05 07:29 - 13562257 ____A C:\Users\Christian\Desktop\mbar-1.01.0.1017.zip2013-02-04 22:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF2013-02-04 20:13 - 2013-02-04 17:59 - 00004362 ____A C:\Users\Christian\Desktop\MWB Forum Summary1.txt2013-02-04 16:06 - 2013-02-04 16:06 - 00034476 ____A C:\Users\Christian\Desktop\attach.txt2013-02-04 16:05 - 2013-02-04 16:06 - 00033245 ____A C:\Users\Christian\Desktop\dds.txt2013-02-04 16:04 - 2013-02-04 16:04 - 00000000 ____D C:\Users\Christian\Desktop\first2013-02-04 15:30 - 2013-02-04 15:29 - 00688992 ____R (Swearware) C:\Users\Christian\Desktop\dds.com2013-02-04 15:21 - 2013-02-04 13:15 - 00000000 ____D C:\Users\Christian\Desktop\temp15152013-02-04 15:12 - 2012-11-08 14:24 - 00000000 ____D C:\Users\Christian\Desktop\Photos - Current2013-02-04 07:45 - 2013-02-04 07:45 - 00487100 ____A C:\Users\Christian\Documents\bookmarks_2_4_13.html2013-02-04 07:37 - 2013-02-04 07:37 - 00065249 ____A C:\Users\Christian\Documents\bookmark.htm2013-02-02 19:51 - 2013-02-02 19:51 - 00070093 ____A C:\Users\Christian\Downloads\Agile Learning.zip2013-02-02 19:38 - 2012-09-27 13:39 - 00000000 ____D C:\Users\Christian\Desktop\SHORTCUTS2013-02-02 19:29 - 2013-02-02 16:46 - 00000000 ____D C:\Users\Christian\Desktop\Desktop Organization2013-02-02 17:11 - 2012-01-12 13:12 - 00000000 ____D C:\Users\Christian\Documents\User Guides_Equipment2013-02-02 17:02 - 2012-04-13 07:34 - 00000000 ____D C:\Users\Christian\Desktop\___My LISTS2013-02-02 17:01 - 2012-06-19 13:45 - 00000000 ____D C:\Users\Christian\Desktop\BIZ2013-02-02 16:50 - 2012-01-03 09:47 - 00000000 ____D C:\Users\Christian\Documents\___JOB_HUNT & RESUME2013-02-02 16:49 - 2012-01-03 10:11 - 00000000 ____D C:\Users\Christian\Documents\Public Assistance2013-02-02 16:40 - 2012-08-22 14:30 - 00000000 ____D C:\Users\Christian\Documents\People2013-02-02 16:37 - 2012-12-13 16:13 - 00000000 ____D C:\Users\Christian\Documents\________________________SELL DEC20122013-02-02 16:34 - 2013-02-02 16:10 - 00000000 ____D C:\Users\Christian\Documents\__Shortcuts to Sort2013-02-02 13:48 - 2012-01-29 10:17 - 00000000 ____D C:\Users\Christian\Documents\__Desktop dropbox2013-02-02 13:41 - 2012-07-05 06:55 - 00000000 ____D C:\Users\Christian\Documents\___Desktop Drop - 7-5-20122013-02-02 13:36 - 2012-03-24 03:21 - 00000000 ____D C:\Users\Christian\Documents\__Desktop Drop III2013-02-02 13:06 - 2010-05-27 21:38 - 00000000 ____D C:\Users\All Users\Adobe2013-02-01 08:51 - 2013-02-01 08:51 - 00000000 ____D C:\Program Files (x86)\Belarc2013-02-01 08:29 - 2013-02-01 08:29 - 10749984 ____A (McAfee Inc.) C:\Users\Christian\Desktop\Stinger.exe2013-01-31 18:15 - 2013-01-31 18:10 - 00000000 ____D C:\Users\Christian\Desktop\RK_Quarantine2013-01-31 16:50 - 2013-01-31 16:49 - 00347424 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\MicrosoftFixit.WinSecurity.RNP.108283107025588528.2.1.Run.exe2013-01-31 14:54 - 2013-01-31 14:54 - 00025565 ____A C:\Users\Christian\Downloads\Readiness-template1.xlsx2013-01-31 14:03 - 2013-01-31 14:03 - 00002699 ____A C:\Users\Christian\Downloads\callHistory.csv2013-01-31 12:46 - 2011-11-15 10:57 - 00132065 ____A C:\Users\Christian\Desktop\Karen_-_new_life.xlsx2013-01-31 09:08 - 2013-01-31 09:08 - 00001205 ____A C:\Users\Christian\Downloads\FixNCR.reg2013-01-30 19:07 - 2013-01-30 19:07 - 00001124 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Malwarebytes2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Users\All Users\Malwarebytes2013-01-30 19:07 - 2013-01-30 19:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-01-30 18:03 - 2013-01-30 17:42 - 00000000 ____D C:\Users\Christian\Documents\___________suspect2013-01-30 16:40 - 2013-01-30 16:38 - 72218696 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\mpam-fe.exe2013-01-30 16:16 - 2013-01-30 16:15 - 00768512 ____A C:\Users\Christian\Desktop\RogueKiller.exe2013-01-30 16:14 - 2013-01-30 16:14 - 10156344 ____A (Malwarebytes Corporation ) C:\Users\Christian\Desktop\mbam-setup-1.70.0.1100.exe2013-01-30 02:53 - 2011-01-14 20:10 - 00273840 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe2013-01-29 20:16 - 2011-01-14 19:34 - 00007623 ____A C:\Users\Christian\AppData\Local\resmon.resmoncfg2013-01-27 21:40 - 2013-01-27 21:39 - 00599552 ____A C:\Users\Christian\Downloads\Virtuoso_Honeymoon_.ppt2013-01-27 10:03 - 2013-01-27 10:03 - 00015675 ____A C:\Users\Christian\Downloads\miscellaneous_timmy-woods_.kml2013-01-24 08:20 - 2013-01-24 08:20 - 00093584 ____A C:\Users\Christian\Downloads\tracy.lloyd.final.project.swf2013-01-24 08:12 - 2013-01-24 08:12 - 01757514 ____A C:\Users\Christian\Downloads\eNyota_Portfolio.swf2013-01-24 07:48 - 2013-01-24 07:48 - 07435623 ____A C:\Users\Christian\Downloads\LSAMS_Intro_Training_Module_i_Sample.swf2013-01-24 07:48 - 2013-01-24 07:48 - 05140480 ____A C:\Users\Christian\Downloads\Webinar_Sample_Excerpt.ppt2013-01-24 07:47 - 2013-01-24 07:47 - 03137304 ____A C:\Users\Christian\Downloads\Follow_Me_Tutorial_921x533.swf2013-01-24 07:46 - 2013-01-24 07:45 - 13783040 ____A C:\Users\Christian\Downloads\SAMPLE_PPT_STATE_FARM_2.ppt2013-01-24 05:47 - 2013-01-24 05:47 - 06671360 ____A C:\Users\Christian\Downloads\demoeffectivemeetings-100928163220-phpapp02.ppt2013-01-24 05:46 - 2013-01-24 05:46 - 03828294 ____A C:\Users\Christian\Downloads\Untitledpresentation.pptx2013-01-23 19:04 - 2013-01-23 19:04 - 00262144 ____A C:\Windows\Minidump\012313-24601-01.dmp2013-01-23 14:06 - 2013-01-23 14:06 - 00669184 ____A C:\Users\Christian\Downloads\Slideshop free slide - Maslow-Hierarchy-of-Needs-Blue-Corporate.ppt2013-01-23 08:47 - 2012-12-14 07:19 - 00000000 ____D C:\Users\Christian\AppData\Local\TodoistCache2013-01-22 06:01 - 2013-01-22 06:01 - 00262144 ____A C:\Windows\Minidump\012213-20545-01.dmp2013-01-21 20:15 - 2013-01-21 20:15 - 00000811 ____A C:\Users\Christian\Downloads\event (1).ics2013-01-19 19:58 - 2013-01-19 19:58 - 00239616 ____A C:\Users\Christian\Downloads\Slideshop free slide - Chinese-Culture.ppt2013-01-19 18:41 - 2011-11-29 12:29 - 00000000 ____D C:\Users\Christian\Documents\OneNote Notebooks2013-01-19 13:12 - 2012-12-27 14:22 - 00000000 ____D C:\Users\Christian\Documents\__________________________2013BIZ2013-01-19 12:36 - 2013-01-19 12:36 - 05442160 ____A (Microsoft Corporation) C:\Users\Christian\Downloads\Windows8-UpgradeAssistant.exe2013-01-17 10:02 - 2013-01-17 10:02 - 00009132 ____A C:\Users\Christian\Downloads\meeting (1).jnlp2013-01-16 18:41 - 2013-01-16 18:40 - 04048201 ____A C:\Users\Christian\Downloads\LifeExpectancy.pptx2013-01-16 18:23 - 2013-01-16 18:06 - 00000000 ____D C:\Users\Christian\Documents\My Cmaps2013-01-16 18:23 - 2013-01-16 18:06 - 00000000 ____D C:\Users\Christian\AppData\Roaming\CmapTools2013-01-16 18:06 - 2013-01-16 18:06 - 00001970 ____A C:\Users\Christian\.powerupdate.user.properties2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ___HD C:\Program Files\Zero G Registry2013-01-16 18:04 - 2013-01-16 18:04 - 00000000 ____D C:\Program Files\IHMC CmapTools2013-01-16 17:58 - 2013-01-16 17:58 - 00000000 ___HD C:\Users\Christian\InstallAnywhere2013-01-16 17:57 - 2013-01-16 17:56 - 75998533 ____A (Flexera Software) C:\Users\Christian\Downloads\Winx64CmapTools_v5.05.01_11-01-12.exe2013-01-16 10:55 - 2013-01-16 10:02 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Blackboard2013-01-16 10:01 - 2013-01-16 10:00 - 00009076 ____A C:\Users\Christian\Downloads\meeting.jnlp2013-01-15 11:19 - 2013-01-15 11:19 - 00001477 ____A C:\Users\Christian\Downloads\webinar.ics2013-01-15 10:36 - 2013-01-15 10:36 - 00000407 ____A C:\Users\Christian\Downloads\event.ics2013-01-15 09:52 - 2011-01-14 15:54 - 00000000 ____D C:\Users\Christian\AppData\Roaming\Skype==================== Known DLLs (Whitelisted) ===================================== Bamital & volsnap Check =================C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit==================== EXE ASSOCIATION =====================HKLM\...\.exe: exefile => OKHKLM\...\exefile\DefaultIcon: %1 => OKHKLM\...\exefile\open\command: "%1" %* => OK==================== Restore Points =========================Restore point made on: 2013-02-03 16:13:04Restore point made on: 2013-02-05 22:48:10Restore point made on: 2013-02-06 22:43:52Restore point made on: 2013-02-11 07:51:44Restore point made on: 2013-02-14 01:01:31==================== Memory info ===========================Percentage of memory in use: 18%Total physical RAM: 3892.55 MBAvailable physical RAM: 3174.84 MBTotal Pagefile: 3890.7 MBAvailable Pagefile: 3168.89 MBTotal Virtual: 8192 MBAvailable Virtual: 8191.9 MB==================== Partitions =============================1 Drive c: (Windows7_OS) (Fixed) (Total:296.92 GB) (Free:142.11 GB) NTFS ==>[system with boot components (obtained from reading drive)]3 Drive f: () (Removable) (Total:14.92 GB) (Free:2.06 GB) FAT325 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS6 Drive y: (SYSTEM_DRV) (Fixed) (Total:1.17 GB) (Free:0.32 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 298 GB 1024 KB Disk 1 Online 14 GB 0 B Disk 2 No Media 0 B 0 B Partitions of Disk 0:===============Disk ID: 3BD1986D Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 1200 MB 1024 KB Partition 2 Primary 296 GB 1201 MB==================================================================================Disk: 0Partition 1Type : 07Hidden: NoActive: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 1 Y SYSTEM_DRV NTFS Partition 1200 MB Healthy =========================================================Disk: 0Partition 2Type : 07Hidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 2 C Windows7_OS NTFS Partition 296 GB Healthy =========================================================Partitions of Disk 1:===============Disk ID: 00000000 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 14 GB 26 KB==================================================================================Disk: 1Partition 1Type : 0CHidden: NoActive: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- --------* Volume 3 F FAT32 Removable 14 GB Healthy =========================================================Last Boot: 2013-02-13 23:56==================== End Of Log ============================= Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 15, 2013 ID:647270 Share Posted February 15, 2013 Hello Woe_is_Me_n_myPC,To do this, please set Win7 to show hidden/system files and folders so that you can find them:Please click Start and open My Computer.On the Organize tab, click on Folder and search options.On the View tab, uncheck Hide file extensions for known file types.Also uncheck Hide protected operating system files (Recommended) and click Yes on the warning message.Under Hidden files and folders, check Show hidden files, folders, or drives.Click Apply.Click OK and close My Computer.I will give you instructions for hiding them again after it looks like your computer is clean.=====Then, please go to http://www.virustotal.com, click on Choose File, and upload the following file for analysis: You will only be able to have one file scanned at a time.C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dllThen click Scan It!. Allow the file to be scanned, and then please copy/paste the results here for me to see.Note: If a message appears saying the file has already been analysed, please resend the file. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 16, 2013 Author ID:647657 Share Posted February 16, 2013 Hi DarkKnight,I was unable to locate C:\Users\CHRIST~1\AppData\Local\Temp\7zS7737\hpslpsvc64.dllThere is no 7zS7737 folder ... This is likely due to my deletion of files in &temp& after most reboots. If I find something funny there, I may grab a screenshot, which in fact I did yesterday morning. However, this particular folder wasn't present in that screenshot.I found two instances of this file... HPSLPSVC64.DLL found here: C:\Program Files (x86)\HP\Digital Imaging\binhpslpsvc64.dll.926C3A5D_FE1O_435B_9448_0ADCA90BAB80 was found here: C:\Windows\Installer\$PatchCache$\Managed\BA2BDD4ADCCEA3C46833775D1A0A5E24\130.0.374I scanned both files at virustotal, with what I believe to be normal results. I captured the detailed info on these, which follows.I'll be around this evening if you care to give me another task Thanks,~KarenWoe_is_Me_n_myPCHPSLPSVC64.DLL @ VIRUSTOTAL: SHA256: 2f9d21613500f092dfc0db879180b549ee615d9b07408a5cc1a7f84663b2f47a SHA1: d6670325932fe25820a260e4b125172058f15c5d MD5: f37882f128efacefe353e0bae2766909 File size: 1015.0 KB ( 1039360 bytes ) File name: HPSLP__.DLL File type: Win32 DLL Detection ratio: 0 / 46 Analysis date: 2013-02-15 14:53:11 UTC ( 0 minutes ago ) ssdeep 12288:tZY16LWLnH/EgBh+jq3ZnSVPrb1in0DViNEsG/+E4fh3333y3yis8LCsxj:A16LWLFfZSVE0DUNPBh3333y3yz8Csx TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool ProductFileFlags.........: 1 CodeSize.................: 650752 SubsystemVersion.........: 5.2 Comments.................: HP Network Devices Support InitializedDataSize......: 387584 ImageVersion.............: 0.0 ProductName..............: HP Digital Imaging FileVersionNumber........: 140.0.331.0 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f VersionDate..............: October 22, 2010 CharacterSet.............: Windows, Latin1 LinkerVersion............: 9.0 OriginalFilename.........: HPSLP??.DLL MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 140.0.331.000 TimeStamp................: 2010:10:22 21:06:55+01:00 FileType.................: Win64 DLL PEType...................: PE32+ InternalName.............: HPSLP?? ProductVersion...........: 140.000.000.000 FileDescription..........: HP Network Devices Support OSVersion................: 5.2 ProductVersionNumber.....: 140.0.0.0 FileOS...................: Windows 32-bit LegalCopyright...........: Copyright © Hewlett-Packard Co. 1995-2010 MachineType..............: AMD AMD64 CompanyName..............: Hewlett-Packard Co. LegalTrademarks..........: FileSubtype..............: 0 ProductFamily............: HP Digital Imaging EntryPoint...............: 0x6b378 ObjectFileType...........: Dynamic link library Sigcheck publisher................: Hewlett-Packard Co. product..................: HP Digital Imaging internal name............: HPSLP__ copyright................: Copyright © Hewlett-Packard Co. 1995-2010 original name............: HPSLP__.DLL comments.................: HP Network Devices Support file version.............: 140.0.331.000 description..............: HP Network Devices Support Portable Executable structural information Compilation timedatestamp.....: 2010-10-22 20:06:55 Target machine................: 0x8664 (x64) Entry point address...........: 0x0006B378 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 650711 650752 6.29 a7355223c5ba29e5a122877fec5ea9ba .rdata 655360 261463 261632 4.41 696b77854dd6c504cf664a1654444df1 .data 917504 368696 21504 4.42 c3e60444203b90381417e383f3e085f0 .pdata 1290240 57324 57344 5.65 096208cbef7f78afb026590871dd4a0f .rsrc 1347584 32060 32256 4.93 437f598d6ec9c0ae5bcf19c6c191ef1b .reloc 1380352 14786 14848 2.26 e792a75396a24f9a972da03a243a3ccf PE Imports....................: [[OLEAUT32.dll]] Ord(161), Ord(12), Ord(149), Ord(313), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(4), Ord(162), Ord(163), Ord(8), Ord(2), Ord(9) [[CRYPT32.dll]] CryptUnprotectData [[KERNEL32.dll]] SetThreadLocale, GetStdHandle, GetConsoleOutputCP, GetOverlappedResult, WaitForSingleObject, HeapDestroy, EncodePointer, FlsGetValue, GetFileAttributesW, GetExitCodeProcess, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, LocalAlloc, GetLogicalDrives, FreeEnvironmentStringsW, SetStdHandle, GetCPInfo, GetStringTypeA, WriteFile, GetTimeZoneInformation, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, SetEvent, LocalFree, FormatMessageW, ResumeThread, InitializeCriticalSection, OutputDebugStringW, GlobalHandle, FindClose, TlsGetValue, QueryDosDeviceW, SetLastError, GlobalFindAtomW, LoadResource, GetModuleFileNameW, TryEnterCriticalSection, IsDebuggerPresent, HeapAlloc, GetVersionExA, GetModuleFileNameA, LoadLibraryA, RaiseException, HeapSetInformation, SetThreadPriority, RtlVirtualUnwind, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetPrivateProfileStringW, GlobalAddAtomW, CreateThread, GetSystemDirectoryW, GetExitCodeThread, FlushFileBuffers, SetUnhandledExceptionFilter, ExitThread, DecodePointer, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, VirtualQuery, GetCurrentThreadId, GetProcAddress, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, GetOEMCP, QueryPerformanceCounter, GetTickCount, IsBadWritePtr, TlsAlloc, VirtualProtect, FlsSetValue, lstrcmpiW, FreeLibrary, GetStartupInfoA, GetDateFormatA, RtlPcToFileHeader, GetWindowsDirectoryW, GetFileSize, GlobalDeleteAtom, OpenProcess, WaitForMultipleObjects, GetProcessHeap, CompareStringW, GlobalReAlloc, lstrcmpA, FindNextFileW, RtlLookupFunctionEntry, ResetEvent, FindFirstFileW, lstrcmpW, RtlUnwindEx, GetTempPathW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, LocalReAlloc, SystemTimeToFileTime, LCMapStringW, GetSystemInfo, lstrlenA, GlobalFree, GetConsoleCP, LCMapStringA, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, SizeofResource, GetCurrentProcessId, LockResource, GetCommandLineW, HeapQueryInformation, WideCharToMultiByte, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, CancelIo, SuspendThread, GetSystemDefaultLangID, QueryPerformanceFrequency, SetFilePointer, ReadFile, GlobalFlags, RtlCaptureContext, CloseHandle, GetTimeFormatA, GetACP, GlobalLock, GetModuleHandleW, FindResourceExW, GetEnvironmentStrings, IsValidCodePage, HeapCreate, FindResourceW, Sleep, IsBadReadPtr, VirtualAlloc, CompareStringA [[WINSPOOL.DRV]] GetPrinterDriverDirectoryW, DeletePrinter, GetPrinterDataExW, DocumentPropertiesW, SetPrinterDataExW, GetPrintProcessorDirectoryW, EnumPortsW, EnumPrinterDriversW, SetPrinterW, EnumPrintersW, AddPrinterW, GetPrinterW, XcvDataW, ClosePrinter, OpenPrinterW [[ADVAPI32.dll]] SetSecurityDescriptorOwner, RegCreateKeyExW, RegCloseKey, CopySid, GetSecurityDescriptorControl, GetAce, OpenServiceW, ControlService, InitializeAcl, RegDeleteKeyW, DeleteService, RegCreateKeyW, GetAclInformation, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, ChangeServiceConfig2W, RegisterEventSourceW, DeregisterEventSource, MakeAbsoluteSD, AddAccessAllowedAce, RegOpenKeyExW, GetSecurityDescriptorOwner, LookupAccountNameW, ConvertSidToStringSidW, CreateServiceW, GetTokenInformation, SetServiceStatus, IsValidSid, RegQueryInfoKeyW, GetSecurityDescriptorDacl, RegEnumKeyExW, GetSecurityDescriptorSacl, GetSidSubAuthority, GetLengthSid, InitializeSid, CreateProcessAsUserW, RegDeleteValueW, RevertToSelf, RegSetValueExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, SetSecurityDescriptorGroup, GetSidLengthRequired, OpenSCManagerW, ReportEventW, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, GetSecurityDescriptorGroup, ImpersonateLoggedOnUser, AddAce [[ole32.dll]] CoInitializeEx, CoUninitialize, CoTaskMemAlloc, CoRevokeClassObject, CoTaskMemRealloc, CoCreateInstance, CoInitializeSecurity, CoSuspendClassObjects, CoResumeClassObjects, CoRegisterClassObject, CoTaskMemFree, StringFromGUID2 [[sETUPAPI.dll]] SetupDiSetSelectedDevice, SetupDiOpenDevRegKey, SetupFindNextLine, SetupDiRemoveDevice, SetupDiSetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW, SetupGetLineCountW, SetupGetMultiSzFieldW, SetupGetFieldCount, SetupDiGetDriverInfoDetailW, SetupDiDestroyDeviceInfoList, SetupDiCallClassInstaller, SetupDiSetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiGetSelectedDriverW, SetupOpenInfFileW, SetupDiBuildDriverInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDevRegKeyW, SetupDiClassGuidsFromNameW, SetupDiSetDeviceInstallParamsW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceInstanceIdW, SetupGetLineTextW, SetupFindFirstLineW, SetupGetLineByIndexW, SetupDiOpenClassRegKey, SetupDiDestroyDriverInfoList, SetupDiCreateDeviceInfoList, SetupGetStringFieldW, SetupCloseInfFile [[OLEACC.dll]] CreateStdAccessibleObject, LresultFromObject PE Exports....................: DllCanUnloadNow, DllRegisterServer, DllUnregisterServer, MapNetworkDrive, ServiceMain, UnmapNetworkDrive PE Resources..................: Resource type Number of resources RT_STRING 23 REGISTRY 4 RT_MANIFEST 1 TYPELIB 1 RT_VERSION 1 Resource language Number of resources NEUTRAL 4 TURKISH DEFAULT 3 ENGLISH US 2 HEBREW DEFAULT 1 SWEDISH 1 DUTCH 1 FRENCH 1 CHINESE SIMPLIFIED 1 CZECH DEFAULT 1 ITALIAN 1 NORWEGIAN BOKMAL 1 PORTUGUESE BRAZILIAN 1 SPANISH NEUTRAL 1 FINNISH DEFAULT 1 KOREAN 1 HUNGARIAN DEFAULT 1 POLISH DEFAULT 1 JAPANESE DEFAULT 1 DANISH DEFAULT 1 GREEK DEFAULT 1 CHINESE TRADITIONAL 1 GERMAN NEUTRAL 1 ARABIC SAUDI ARABIA 1 RUSSIAN 1 Symantec Reputation Suspicious.Insight First seen by VirusTotal 2010-12-04 00:40:53 UTC ( 2 years, 2 months ago ) Last seen by VirusTotal 2013-02-15 14:53:11 UTC ( 3 minutes ago ) File names (max. 25) < >HPSLPSVC64.DLL HPSLPSVC64.DLL.vir tsk0000.dta hpslpsvc64.dll FILE_36 d6670325932fe25820a260e4b125172058f15c5d HPSLP__ file-5107163_DLL HPSLP__.DLL HPSLPSVC64.DLL HPSLPSVC64.DLLvr Pasted from <https://www.virustotal.com/en/file/2f9d21613500f092dfc0db879180b549ee615d9b07408a5cc1a7f84663b2f47a/analysis/1360939991/>hpslpsvc64.dll.926C3A5D_FE1O_435B_9448_0ADCA90BAB80 @ VIRUSTOTAL: ssdeep 12288:xgpiPIXEr2GcVOClSgHUTfINqzgwJOGGY1souwUewq3zxO2H:OWIxsgHWIiOGGosoxRwazxO2H TrID Generic Win/DOS Executable (49.9%) DOS Executable Generic (49.8%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%) ExifTool ProductFileFlags.........: 1 CodeSize.................: 571904 SubsystemVersion.........: 5.2 Comments.................: HP Network Devices Support InitializedDataSize......: 350208 ImageVersion.............: 0.0 ProductName..............: HP Digital Imaging FileVersionNumber........: 130.0.80.0 UninitializedDataSize....: 0 LanguageCode.............: English (U.S.) FileFlagsMask............: 0x003f VersionDate..............: May 21, 2009 CharacterSet.............: Windows, Latin1 LinkerVersion............: 9.0 OriginalFilename.........: HPSLP??.DLL MIMEType.................: application/octet-stream Subsystem................: Windows GUI FileVersion..............: 130.0.80.000 TimeStamp................: 2009:05:22 05:35:04+01:00 FileType.................: Win64 DLL PEType...................: PE32+ InternalName.............: HPSLP?? ProductVersion...........: 130.000.999.000 FileDescription..........: HP Network Devices Support OSVersion................: 5.2 ProductVersionNumber.....: 130.0.999.0 FileOS...................: Windows 32-bit LegalCopyright...........: Copyright © Hewlett-Packard Co. 1995-2009 MachineType..............: AMD AMD64 CompanyName..............: Hewlett-Packard Co. LegalTrademarks..........: FileSubtype..............: 0 ProductFamily............: HP Digital Imaging EntryPoint...............: 0x62b50 ObjectFileType...........: Dynamic link library Sigcheck publisher................: Hewlett-Packard Co. product..................: HP Digital Imaging internal name............: HPSLP__ copyright................: Copyright © Hewlett-Packard Co. 1995-2009 original name............: HPSLP__.DLL comments.................: HP Network Devices Support file version.............: 130.0.80.000 description..............: HP Network Devices Support Portable Executable structural information Compilation timedatestamp.....: 2009-05-22 04:35:04 Target machine................: 0x8664 (x64) Entry point address...........: 0x00062B50 PE Sections...................: Name Virtual Address Virtual Size Raw Size Entropy MD5 .text 4096 571583 571904 6.31 2ba86fd99fb2ec75d2a37ab5e2d806eb .rdata 577536 238391 238592 4.37 fd845bce599a37fee30e9d1a3ef7bae5 .data 819200 369208 22528 4.67 104733f944057ad8e52bbd447c29aac4 .pdata 1191936 41892 41984 5.76 54e78834c1cf6b283b2d9799a4362403 .rsrc 1236992 32052 32256 4.93 e3208821e06e25f00136d40464721c2c .reloc 1269760 14450 14848 2.23 c97ecd6e7d6e8b6bd5e43dba609615de PE Imports....................: [[OLEAUT32.dll]] Ord(12), Ord(161), Ord(149), Ord(277), Ord(6), Ord(186), Ord(150), Ord(7), Ord(162), Ord(163), Ord(8), Ord(2), Ord(9) [[CRYPT32.dll]] CryptUnprotectData [[KERNEL32.dll]] SetThreadLocale, GetStdHandle, GetConsoleOutputCP, GetOverlappedResult, WaitForSingleObject, HeapDestroy, EncodePointer, FlsGetValue, GetFileAttributesW, FreeEnvironmentStringsA, DeleteCriticalSection, GetCurrentProcess, GetConsoleMode, GetLocaleInfoA, LocalAlloc, RtlUnwindEx, GetLogicalDrives, FreeEnvironmentStringsW, SetStdHandle, WideCharToMultiByte, GetStringTypeA, WriteFile, GetSystemTimeAsFileTime, HeapReAlloc, GetStringTypeW, FreeLibrary, LocalFree, FormatMessageW, ResumeThread, GetTimeZoneInformation, LoadResource, GlobalHandle, FindClose, TlsGetValue, QueryDosDeviceW, SetLastError, InitializeCriticalSection, GlobalFindAtomW, OutputDebugStringW, GetModuleFileNameW, TryEnterCriticalSection, IsDebuggerPresent, HeapAlloc, GetVersionExA, GetModuleFileNameA, LoadLibraryA, RaiseException, HeapSetInformation, SetThreadPriority, RtlVirtualUnwind, UnhandledExceptionFilter, LoadLibraryExW, MultiByteToWideChar, GetPrivateProfileStringW, GlobalAddAtomW, CreateThread, GetExitCodeThread, FlushFileBuffers, SetUnhandledExceptionFilter, ExitThread, DecodePointer, SetEnvironmentVariableA, SetPriorityClass, TerminateProcess, WriteConsoleA, VirtualQuery, GetCurrentThreadId, WriteConsoleW, InitializeCriticalSectionAndSpinCount, HeapFree, EnterCriticalSection, SetHandleCount, LoadLibraryW, GetVersionExW, GetExitCodeProcess, QueryPerformanceCounter, GetTickCount, IsBadWritePtr, TlsAlloc, VirtualProtect, FlsSetValue, lstrcmpiW, GetStartupInfoA, GetDateFormatA, RtlPcToFileHeader, GetWindowsDirectoryW, GetFileSize, GlobalDeleteAtom, OpenProcess, SetEvent, WaitForMultipleObjects, GetProcessHeap, CompareStringW, GlobalReAlloc, lstrcmpA, FindNextFileW, RtlLookupFunctionEntry, ResetEvent, FindFirstFileW, lstrcmpW, GetProcAddress, GetTempPathW, CreateEventW, CreateFileW, GetFileType, TlsSetValue, CreateFileA, ExitProcess, LeaveCriticalSection, GetLastError, LocalReAlloc, LCMapStringW, GetSystemInfo, lstrlenA, GlobalFree, GetConsoleCP, FindResourceW, LCMapStringA, GetThreadLocale, GetEnvironmentStringsW, GlobalUnlock, GlobalAlloc, lstrlenW, GetEnvironmentStrings, GetCurrentProcessId, LockResource, GetCommandLineW, HeapQueryInformation, GetCPInfo, HeapSize, FlsAlloc, GetCommandLineA, FlsFree, CancelIo, SuspendThread, GetSystemDefaultLangID, QueryPerformanceFrequency, CompareStringA, SetFilePointer, ReadFile, GlobalFlags, RtlCaptureContext, CloseHandle, GetACP, GlobalLock, GetModuleHandleW, SizeofResource, IsValidCodePage, HeapCreate, FindResourceExW, Sleep, IsBadReadPtr, VirtualAlloc, GetOEMCP, GetTimeFormatA [[WINSPOOL.DRV]] GetPrinterDataExW, DocumentPropertiesW, EnumPortsW, SetPrinterW, EnumPrintersW, XcvDataW, ClosePrinter, OpenPrinterW [[ADVAPI32.dll]] SetSecurityDescriptorOwner, RegCreateKeyExW, RegCloseKey, CopySid, GetSecurityDescriptorControl, GetAce, OpenServiceW, ControlService, InitializeAcl, RegDeleteKeyW, DeleteService, RegCreateKeyW, GetAclInformation, RegQueryValueExW, SetSecurityDescriptorDacl, CloseServiceHandle, ChangeServiceConfig2W, RegisterEventSourceW, DeregisterEventSource, MakeAbsoluteSD, AddAccessAllowedAce, RegOpenKeyExW, GetSecurityDescriptorOwner, LookupAccountNameW, ConvertSidToStringSidW, CreateServiceW, GetTokenInformation, SetServiceStatus, IsValidSid, RegQueryInfoKeyW, GetSecurityDescriptorDacl, RegEnumKeyExW, GetSecurityDescriptorSacl, GetSidSubAuthority, GetLengthSid, InitializeSid, CreateProcessAsUserW, RegDeleteValueW, RevertToSelf, RegSetValueExW, ConvertSecurityDescriptorToStringSecurityDescriptorW, SetSecurityDescriptorGroup, GetSidLengthRequired, OpenSCManagerW, ReportEventW, InitializeSecurityDescriptor, RegisterServiceCtrlHandlerExW, GetSecurityDescriptorGroup, ImpersonateLoggedOnUser, AddAce [[ole32.dll]] CoInitializeEx, CoUninitialize, CoTaskMemAlloc, CoRegisterClassObject, CoCreateInstance, CoSuspendClassObjects, CoTaskMemRealloc, CoRevokeClassObject, CoInitializeSecurity, CoResumeClassObjects, CoTaskMemFree, StringFromGUID2 [[sETUPAPI.dll]] SetupDiSetSelectedDevice, SetupDiOpenDevRegKey, SetupDiRemoveDevice, SetupDiSetDeviceRegistryPropertyW, SetupDiOpenDeviceInfoW, SetupGetLineCountW, SetupGetFieldCount, SetupDiGetDriverInfoDetailW, SetupDiDestroyDeviceInfoList, SetupDiCallClassInstaller, SetupDiSetSelectedDriverW, SetupDiSetClassInstallParamsW, SetupDiGetSelectedDriverW, SetupOpenInfFileW, SetupDiBuildDriverInfoList, SetupDiGetDeviceRegistryPropertyW, SetupDiCreateDeviceInfoW, SetupDiCreateDevRegKeyW, SetupDiClassGuidsFromNameW, SetupDiSetDeviceInstallParamsW, SetupDiEnumDeviceInfo, SetupDiGetClassDevsW, SetupDiGetDeviceInstanceIdW, SetupGetLineTextW, SetupGetLineByIndexW, SetupDiOpenClassRegKey, SetupDiDestroyDriverInfoList, SetupDiCreateDeviceInfoList, SetupGetStringFieldW, SetupCloseInfFile [[OLEACC.dll]] CreateStdAccessibleObject, LresultFromObject PE Exports....................: DllCanUnloadNow, DllRegisterServer, DllUnregisterServer, MapNetworkDrive, ServiceMain, UnmapNetworkDrive PE Resources..................: Resource type Number of resources RT_STRING 23 REGISTRY 4 RT_MANIFEST 1 TYPELIB 1 RT_VERSION 1 Resource language Number of resources NEUTRAL 4 TURKISH DEFAULT 3 ENGLISH US 2 HEBREW DEFAULT 1 SWEDISH 1 DUTCH 1 FRENCH 1 CHINESE SIMPLIFIED 1 CZECH DEFAULT 1 ITALIAN 1 NORWEGIAN BOKMAL 1 PORTUGUESE BRAZILIAN 1 SPANISH NEUTRAL 1 FINNISH DEFAULT 1 KOREAN 1 HUNGARIAN DEFAULT 1 POLISH DEFAULT 1 JAPANESE DEFAULT 1 DANISH DEFAULT 1 GREEK DEFAULT 1 CHINESE TRADITIONAL 1 GERMAN NEUTRAL 1 ARABIC SAUDI ARABIA 1 RUSSIAN 1 Symantec Reputation Suspicious.Insight First seen by VirusTotal 2009-12-03 06:00:58 UTC ( 3 years, 2 months ago ) Last seen by VirusTotal 2013-02-15 22:34:47 UTC ( 1 minute ago ) File names (max. 25) < >HPSLP__.DLL HPSLPSVC64.DLL hpslpsvc64.dll.926C3A5D_FE10_435B_9448_0ADCA90BAB80HPSLP__ Pasted from <https://www.virustotal.com/en/file/13c32575f1bd5d75067b288d1669ae1f1829b434f97cb211ec3c189f7d2d7c38/analysis/1360967687/> Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 16, 2013 ID:647701 Share Posted February 16, 2013 Hello Woe_is_Me_n_myPC,OK all good.Please download aswMBR by gmer to your Desktop.Please visit this site for instructions on how to run the tool.Once familiar with this tool, double click aswMBR.exe to run it.Click the Scan button to start the scan.Once the scan has completed, please save the aswMBR.txt log to the Desktop and post it in your next reply.=====Also, please download to your Desktop:TDSSKiller.zip from here and extract it (right click on it => "Extract here").>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.Click Change parameters.Make sure you check the box Loaded modules.A window will popup and say Reboot is required. Please click Reboot now.Then click Change parameters again. Check the box Detect TDLFS file system.Click on the Start Scan button.If an infected file is detected, the default action will be Cure. Instead, choose SKIP, then click on Continue. If a suspicious file is detected, the default action will be Skip, click on Continue. If you are asked to reboot the computer to complete the process, click on the Reboot Now button.Once the tool has finished, please click Report. Please copy and paste the contents of that log in your reply.Note: A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). =====In your reply please provide the contents of both logs. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 16, 2013 Author ID:647707 Share Posted February 16, 2013 Hi DarkKnight,Just to clarify: for aswMBR, I should run ONLY the scan, but not the other processes mentioned in the aswMBR instructions ('How to Fix,' 'fix ZeroAccess/Sirefef driver infection,' 'verify **SUSPICIOUS** file' and 'change active partition.')??Thanks!~KarenWoe_is_Me_n_myPC Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 16, 2013 ID:647731 Share Posted February 16, 2013 Hey Woe_is_Me_n_myPC,Yes, that is correct. Just the scan please. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 16, 2013 Author ID:647886 Share Posted February 16, 2013 DarkKnight, here is the aswMBR log. TDSSKiller log in coming in a second post.No issues with either scan (that I can see)!~KarenWoe_is_Me_n_myPC` aswMBR version 0.9.9.1707 Copyright© 2011 AVAST SoftwareRun date: 2013-02-15 23:46:03-----------------------------23:46:03.965 OS Version: Windows x64 6.1.7601 Service Pack 123:46:03.965 Number of processors: 4 586 0x250223:46:03.965 ComputerName: LAPTOP UserName: 23:46:06.773 Initialize success23:47:15.649 AVAST engine defs: 1302150123:47:28.363 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-123:47:28.363 Disk 0 Vendor: FUJITSU_ 0084 Size: 305245MB BusType: 323:47:28.363 Disk 0 MBR read successfully23:47:28.379 Disk 0 MBR scan23:47:28.379 Disk 0 Windows 7 default MBR code23:47:28.410 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 1200 MB offset 204823:47:28.472 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 304041 MB offset 245964823:47:28.550 Disk 0 scanning C:\Windows\system32\drivers23:47:50.468 Service scanning23:48:56.768 Modules scanning23:48:56.768 Disk 0 trace - called modules:23:48:56.831 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 23:48:56.831 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800524b060]23:48:57.361 3 CLASSPNP.SYS[fffff8800100143f] -> nt!IofCallDriver -> [0xfffffa8004f74410]23:48:57.361 5 ACPI.sys[fffff88000f5f7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004f77050]23:48:58.469 AVAST engine scan C:\Windows23:49:05.317 AVAST engine scan C:\Windows\system3223:54:59.144 AVAST engine scan C:\Windows\system32\drivers23:55:28.926 AVAST engine scan C:\Users\Christian01:36:13.547 AVAST engine scan C:\ProgramData05:20:47.770 Scan finished successfully09:19:11.601 Disk 0 MBR has been saved successfully to "C:\Users\Christian\Desktop\MBR.dat"09:19:11.663 The log file has been saved successfully to "C:\Users\Christian\Desktop\aswMBR.txt" Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 16, 2013 Author ID:647890 Share Posted February 16, 2013 TDSSKiller log is too long; Log file is attached...TDSSKiller.2.8.16.0_16.02.2013_13.14.29_log.txt Link to post Share on other sites More sharing options...
TheDarkKnight Posted February 16, 2013 ID:647936 Share Posted February 16, 2013 Howdy Woe_is_Me_n_myPC,Your logs are coming back clean so please do this scan.Please download Farbar Service Scanner and run it on the computer with the issue.Make sure the following options are checked:Internet ServicesWindows FirewallSystem RestoreSecurity Center/Action CenterWindows UpdateWindows Defender[*]Press "Scan".[*]It will create a log (FSS.txt) in the same directory the tool is run.[*]Please copy and paste the log to your reply. Link to post Share on other sites More sharing options...
Woe_is_Me_n_myPC Posted February 17, 2013 Author ID:647986 Share Posted February 17, 2013 Hi DarkKnight,Looks like I have some sort of issue with Windows Defender...I've not yet checked it out; see the FSS.txt log below.I am not experiencing any severe performance issues at this time, other than some sluggishness, but a couple of items to note:I received an Adobe Flashplayer update available dialog today upon the reboot prompted while running TDSSKiller. I don't recall ever having seen this after a restart. (I opted out of the update.)Beginning today, the back button in IE no longer works when using Google. A quick search indicated this is a known issue and the solution isn't clear. I was on my way out the door and did not have time to pursue that issue. Regardless, I wouldn't want to make any changes at this point without conferring with you.Beginning today, I can no longer search from the address bar. Haven't looked into this yet.Microsoft Security Essentials History shows many Quarantined items that have never been removed, and apparently the date refreshes to the current time/date whenever the History tab is clicked. When I choose All detected items on the History tab, I see three Java Exploits, two from 2-3-2013 and one dated 2-14-2013, with 'Action taken' as 'Quarantined.' I viewed the files at C:\ProgramData\Microsoft\Microsoft Antimalware\Quarantine\Entries, and there are 273 items in that folder dated 1/30, 1/31 and 2/3. None are dated 2/14 however. (On the initial date of infection, 1/29/2013, I removed everything MSE quarantined, but I stopped doing that as of the 30th.)MSE had a Full Scan scheduled for four hours from now (it is set for weekly). I have disabled that full scan until we have completed our work. I couldn't be more pleased with the clean reports...are we there yet? Or getting there? ~KarenWoe_is_Me_n_myPCFarbar Service Scanner Version: 15-02-2013Ran by Karen Diamond (administrator) on 16-02-2013 at 21:28:41Running from "C:\Users\Christian\Desktop"Windows 7 Home Premium Service Pack 1 (X64)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Attempt to access Google IP returned error. Google IP is offlineGoogle.com is accessible.Yahoo IP is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================System Restore:============System Restore Disabled Policy:========================Action Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Windows Defender:==============WinDefend Service is not running. Checking service configuration:The start type of WinDefend service is set to Demand. The default start type is Auto.The ImagePath of WinDefend service is OK.The ServiceDll of WinDefend service is OK.Windows Defender Disabled Policy:==========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]"DisableAntiSpyware"=DWORD:1Other Services:==============File Check:========C:\Windows\System32\nsisvc.dll => MD5 is legitC:\Windows\System32\drivers\nsiproxy.sys => MD5 is legitC:\Windows\System32\dhcpcore.dll => MD5 is legitC:\Windows\System32\drivers\afd.sys => MD5 is legitC:\Windows\System32\drivers\tdx.sys => MD5 is legitC:\Windows\System32\Drivers\tcpip.sys[2013-02-13 19:06] - [2013-01-03 00:00] - 1913192 ____A (Microsoft Corporation) B62A953F2BF3922C8764A29C34A22899C:\Windows\System32\dnsrslvr.dll => MD5 is legitC:\Windows\System32\mpssvc.dll => MD5 is legitC:\Windows\System32\bfe.dll => MD5 is legitC:\Windows\System32\drivers\mpsdrv.sys => MD5 is legitC:\Windows\System32\SDRSVC.dll => MD5 is legitC:\Windows\System32\vssvc.exe => MD5 is legitC:\Windows\System32\wscsvc.dll => MD5 is legitC:\Windows\System32\wbem\WMIsvc.dll => MD5 is legitC:\Windows\System32\wuaueng.dll => MD5 is legitC:\Windows\System32\qmgr.dll => MD5 is legitC:\Windows\System32\es.dll => MD5 is legitC:\Windows\System32\cryptsvc.dll => MD5 is legitC:\Program Files\Windows Defender\MpSvc.dll => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legit**** End of log **** Link to post Share on other sites
Recommended Posts