PDA

View Full Version : Websites keep redirecting



corrie1
2012-08-02, 13:08
Hi,
My current problem is when I click on a link on a webpage it redirects to a unrelated page giving me the change to participate in a survey or win a iphone 4s.
My DDS log is

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CORRINE at 19:41:20 on 2012-08-02
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.820 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tiqbiz\Tiqbiz.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\corrine\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\tiqbiz.lnk - c:\program files\tiqbiz\Tiqbiz.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07} : DhcpNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2010-11-27 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2010-11-27 1020160]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-2 40776]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2010-11-27 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22344]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 655944]
.
=============== Created Last 30 ================
.
2012-08-02 06:59:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2012-07-15 09:22:02 -------- d-----w- c:\program files\iPod
2012-07-15 09:21:57 -------- d-----w- c:\program files\iTunes
2012-07-13 00:30:49 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:40:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 08:40:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:40:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:40:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:40:17 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:40:17 204288 ----a-w- c:\windows\system32\ncrypt.dll
2012-07-09 09:41:32 -------- d-----w- c:\users\corrine\appdata\local\etax2012
2012-07-09 09:39:59 -------- d-----w- c:\program files\etax2012
.
==================== Find3M ====================
.
2012-07-27 13:14:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-27 13:14:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
.
============= FINISH: 19:43:30.30 ===============

To the wonderful helpers at Spybot forums. Thanks in advance for all your help.
I appear to have some malware on my computer that Malwarebytes cannot find nor can AVG. You assistance is much appreciated. Due to your help in the past my computer has stayed clean from malware for almost 6 years!

Here are the aswMBR log file and attach.zip files as requested in the instructions.
My apolgies for the abrupt first post. I had assumed (wrongly) that I would be able to edit it to add niceties.

Thanks again

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-02 19:52:03
-----------------------------
19:52:03.963 OS Version: Windows 6.0.6002 Service Pack 2
19:52:03.964 Number of processors: 2 586 0x1706
19:52:03.969 ComputerName: CORRINE-PC UserName: CORRINE
19:52:10.177 Initialize success
19:52:17.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:52:17.611 Disk 0 Vendor: WDC_WD5000BEVT-00SCST0 01.01A01 Size: 476940MB BusType: 3
19:52:17.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
19:52:17.623 Disk 1 Vendor: TOSHIBA_MK4058GSX FF011C Size: 381554MB BusType: 3
19:52:17.669 Disk 0 MBR read successfully
19:52:17.676 Disk 0 MBR scan
19:52:17.686 Disk 0 unknown MBR code
19:52:17.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467053 MB offset 63
19:52:17.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9883 MB offset 956526592
19:52:17.739 Disk 0 scanning sectors +976766976
19:52:17.799 Disk 0 scanning C:\Windows\system32\drivers
19:52:37.436 Service scanning
19:53:08.841 Modules scanning
19:53:23.043 Disk 0 trace - called modules:
19:54:55.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys ndis.sys NETw5v32.sys nwifi.sys tcpip.sys NETIO.SYS tdx.sys afd.sys dxgkrnl.sys nvlddmkm.sys partmgr.sys volmgr.sys ecache.
19:54:55.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
19:54:56.015 3 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
19:54:56.031 5 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
19:54:56.055 7 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.076 9 vfs101x.sys[93104cf2] -> nt!IofCallDriver -> \Device\USBPDO-10[0x927f7030]
19:54:56.092 11 usbhub.sys[90c03ce0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x87dd2028]
19:54:56.107 13 volsnap.sys[8bb386ff] -> nt!IofCallDriver -> [0x87315020]
19:54:56.138 15 ecache.sys[8bb9585e] -> nt!IofCallDriver -> \Device\HarddiskVolume1[0x864a91b8]
19:54:56.157 17 volmgr.sys[807546eb] -> nt!IofCallDriver -> [0x86e9ad18]
19:54:56.184 19 partmgr.sys[80737110] -> nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
19:54:56.202 21 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
19:54:56.222 23 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
19:54:56.243 25 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.259 27 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.274 29 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.291 31 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.308 33 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.325 35 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.343 37 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.361 39 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.382 41 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.401 43 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.419 45 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.440 Scan finished successfully
19:55:56.118 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
19:55:56.135 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"


aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-02 19:52:03
-----------------------------
19:52:03.963 OS Version: Windows 6.0.6002 Service Pack 2
19:52:03.964 Number of processors: 2 586 0x1706
19:52:03.969 ComputerName: CORRINE-PC UserName: CORRINE
19:52:10.177 Initialize success
19:52:17.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
19:52:17.611 Disk 0 Vendor: WDC_WD5000BEVT-00SCST0 01.01A01 Size: 476940MB BusType: 3
19:52:17.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
19:52:17.623 Disk 1 Vendor: TOSHIBA_MK4058GSX FF011C Size: 381554MB BusType: 3
19:52:17.669 Disk 0 MBR read successfully
19:52:17.676 Disk 0 MBR scan
19:52:17.686 Disk 0 unknown MBR code
19:52:17.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467053 MB offset 63
19:52:17.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9883 MB offset 956526592
19:52:17.739 Disk 0 scanning sectors +976766976
19:52:17.799 Disk 0 scanning C:\Windows\system32\drivers
19:52:37.436 Service scanning
19:53:08.841 Modules scanning
19:53:23.043 Disk 0 trace - called modules:
19:54:55.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys ndis.sys NETw5v32.sys nwifi.sys tcpip.sys NETIO.SYS tdx.sys afd.sys dxgkrnl.sys nvlddmkm.sys partmgr.sys volmgr.sys ecache.
19:54:55.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
19:54:56.015 3 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
19:54:56.031 5 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
19:54:56.055 7 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.076 9 vfs101x.sys[93104cf2] -> nt!IofCallDriver -> \Device\USBPDO-10[0x927f7030]
19:54:56.092 11 usbhub.sys[90c03ce0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x87dd2028]
19:54:56.107 13 volsnap.sys[8bb386ff] -> nt!IofCallDriver -> [0x87315020]
19:54:56.138 15 ecache.sys[8bb9585e] -> nt!IofCallDriver -> \Device\HarddiskVolume1[0x864a91b8]
19:54:56.157 17 volmgr.sys[807546eb] -> nt!IofCallDriver -> [0x86e9ad18]
19:54:56.184 19 partmgr.sys[80737110] -> nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
19:54:56.202 21 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
19:54:56.222 23 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
19:54:56.243 25 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.259 27 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.274 29 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.291 31 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.308 33 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.325 35 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.343 37 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.361 39 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.382 41 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.401 43 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.419 45 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
19:54:56.440 Scan finished successfully
19:55:56.118 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
19:55:56.135 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"
20:16:26.003 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
20:16:26.049 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"

Blade81
2012-08-05, 10:56
Hi,

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

µTorrent


I'd like you to read this thread (http://forums.spybot.info/showthread.php?t=282).

Please uninstall the programs listed above (in red). Post fresh dds logs when done.

corrie1
2012-08-09, 06:51
Thanks for your reply. Utorrent has been uninstalled.
Here is the new DDS log.
Thanks again

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CORRINE at 13:46:38 on 2012-08-09
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.851 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
C:\Program Files\AVG\AVG2012\avgnsx.exe
C:\Program Files\AVG\AVG2012\avgemcx.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\ehome\ehRecvr.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
C:\Users\CORRINE\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Tiqbiz\Tiqbiz.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\AVG\AVG2012\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Google Update] "c:\users\corrine\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [hpqSRMon]
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\tiqbiz.lnk - c:\program files\tiqbiz\Tiqbiz.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07} : DhcpNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2010-11-27 77824]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-23 1153368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-28 599344]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-13 935008]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2010-11-27 1020160]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2010-11-27 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22344]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 655944]
.
=============== Created Last 30 ================
.
2012-07-15 09:22:02 -------- d-----w- c:\program files\iPod
2012-07-15 09:21:57 -------- d-----w- c:\program files\iTunes
2012-07-13 00:30:49 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:40:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
2012-07-11 08:40:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-07-11 08:40:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-07-11 08:40:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-07-11 08:40:17 278528 ----a-w- c:\windows\system32\schannel.dll
2012-07-11 08:40:17 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
==================== Find3M ====================
.
2012-08-03 09:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 09:13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
.
============= FINISH: 13:49:34.02 ===============

Blade81
2012-08-09, 07:20
Please post fresh attach.txt file too.

corrie1
2012-08-09, 08:15
Done - thankyou!

Blade81
2012-08-09, 09:49
Hi


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:


Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.


Click Yes to allow ComboFix to continue scanning for malware.


When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

corrie1
2012-08-11, 16:29
Thanks for you reply. I have run the requested programs. Here is the Combofix log

ComboFix 12-08-09.01 - CORRINE 11/08/2012 22:39:52.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.1706 [GMT 10:00]
Running from: c:\users\CORRINE\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-11 to 2012-08-11 )))))))))))))))))))))))))))))))
.
.
2012-08-11 12:54 . 2012-08-11 12:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-02 09:38 . 2012-08-02 09:38 -------- d-----w- c:\program files\ERUNT
2012-07-15 09:22 . 2012-07-15 09:22 -------- d-----w- c:\program files\iPod
2012-07-15 09:21 . 2012-07-15 09:24 -------- d-----w- c:\program files\iTunes
2012-07-13 00:30 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-03 09:13 . 2012-04-02 12:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-03 09:13 . 2011-07-24 23:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 03:46 . 2011-09-14 10:36 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 16:47 . 2012-07-11 08:40 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 08:40 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 08:40 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-09 01:05 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-09 01:05 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-09 01:04 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-09 01:04 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-09 01:05 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-09 01:05 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-09 01:04 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19 . 2012-06-09 01:04 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12 . 2012-06-09 01:04 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04 . 2012-07-11 08:40 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03 . 2012-07-11 08:40 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-13 2074208]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ISUSPM"="c:\programdata\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-07-12 226904]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1033512]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-26 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-11-02 554288]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-04-15 70912]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-04 2587008]
"DpAgent"="c:\program files\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-06-27 442467]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-14 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-14 92704]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-13 1107552]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [2012-01-19 928096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"HF_G_Jul"="c:\program files\AVG Secure Search\HF_G_Jul.exe" [2012-07-09 36960]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
Tiqbiz.lnk - c:\program files\Tiqbiz\Tiqbiz.exe [2012-2-22 142336]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-20 727592]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli DPPWDFLT
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 09:13]
.
2012-08-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003Core.job
- c:\users\CORRINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 00:49]
.
2012-08-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003UA.job
- c:\users\CORRINE\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-22 00:49]
.
2012-08-11 c:\windows\Tasks\HP Photo Creations Communicator.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2012-02-27 10:38]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 10.0.0.138
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-uTorrent - c:\program files\uTorrent\uTorrent.exe
HKLM-Run-hpqSRMon - (no file)
AddRemove-AVerMedia MCE Encoder x86 - c:\program files\AVerMedia\AVerMedia MCE Encoder x86\uninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-11 22:57
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
Catchme.tmp [7124]
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(968)
c:\windows\system32\DPPWDFLT.dll
.
- - - - - - - > 'Explorer.exe'(6196)
c:\program files\DigitalPersona\Bin\DpoFeedb.dll
c:\windows\system32\btmmhook.dll
c:\program files\DigitalPersona\Bin\DpoSet.dll
.
Completion time: 2012-08-11 23:03:17
ComboFix-quarantined-files.txt 2012-08-11 13:02
.
Pre-Run: 320,626,491,392 bytes free
Post-Run: 320,768,843,776 bytes free
.
- - End Of File - - 76A0F89ABDECC1E3EF1303B6B2195E77

DDS log

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by CORRINE at 23:24:56 on 2012-08-11
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.1207 [GMT 10:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vfsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG2012\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\AVG\AVG2012\avgtray.exe
C:\Program Files\DigitalPersona\Bin\DpAgent.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\ProgramData\HP Photo Creations\MessageCheck.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mURLSearchHooks: H - No File
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\tiqbiz.lnk - c:\program files\tiqbiz\Tiqbiz.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 10.0.0.138
TCP: Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F} : DhcpNameServer = 10.0.0.138
TCP: Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07} : DhcpNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2010-11-27 77824]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-23 1153368]
R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-28 599344]
R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-13 935008]
R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2010-11-27 1020160]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2010-11-27 3658752]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22344]
S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 655944]
.
=============== Created Last 30 ================
.
2012-08-11 13:02:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-08-11 12:35:45 98816 ----a-w- c:\windows\sed.exe
2012-08-11 12:35:45 518144 ----a-w- c:\windows\SWREG.exe
2012-08-11 12:35:45 256000 ----a-w- c:\windows\PEV.exe
2012-08-11 12:35:45 208896 ----a-w- c:\windows\MBR.exe
2012-07-15 09:22:02 -------- d-----w- c:\program files\iPod
2012-07-15 09:21:57 -------- d-----w- c:\program files\iTunes
2012-07-13 00:30:49 2047488 ----a-w- c:\windows\system32\win32k.sys
.
==================== Find3M ====================
.
2012-08-03 09:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-03 09:13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll
.
============= FINISH: 23:26:18.70 ===============

Blade81
2012-08-11, 17:07
Hi,

1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select skip and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)

corrie1
2012-08-14, 04:19
11:14:55.0015 6584 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
11:14:56.0016 6584 ============================================================
11:14:56.0016 6584 Current date / time: 2012/08/14 11:14:56.0016
11:14:56.0016 6584 SystemInfo:
11:14:56.0016 6584
11:14:56.0016 6584 OS Version: 6.0.6002 ServicePack: 2.0
11:14:56.0016 6584 Product type: Workstation
11:14:56.0017 6584 ComputerName: CORRINE-PC
11:14:56.0017 6584 UserName: CORRINE
11:14:56.0017 6584 Windows directory: C:\Windows
11:14:56.0017 6584 System windows directory: C:\Windows
11:14:56.0017 6584 Processor architecture: Intel x86
11:14:56.0017 6584 Number of processors: 2
11:14:56.0017 6584 Page size: 0x1000
11:14:56.0017 6584 Boot type: Normal boot
11:14:56.0017 6584 ============================================================
11:14:58.0004 6584 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:14:58.0043 6584 Drive \Device\Harddisk1\DR1 - Size: 0x5D27216000 (372.61 Gb), SectorSize: 0x200, Cylinders: 0xBE01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:14:58.0053 6584 ============================================================
11:14:58.0053 6584 \Device\Harddisk0\DR0:
11:14:58.0118 6584 MBR partitions:
11:14:58.0118 6584 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x39036FC1
11:14:58.0118 6584 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x39037000, BlocksNum 0x134D800
11:14:58.0118 6584 \Device\Harddisk1\DR1:
11:14:58.0118 6584 MBR partitions:
11:14:58.0118 6584 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2E937C82
11:14:58.0118 6584 ============================================================
11:14:58.0366 6584 C: <-> \Device\Harddisk0\DR0\Partition0
11:14:58.0368 6584 D: <-> \Device\Harddisk1\DR1\Partition0
11:14:58.0939 6584 E: <-> \Device\Harddisk0\DR0\Partition1
11:14:58.0940 6584 ============================================================
11:14:58.0940 6584 Initialize success
11:14:58.0940 6584 ============================================================
11:15:02.0953 6596 ============================================================
11:15:02.0954 6596 Scan started
11:15:02.0954 6596 Mode: Manual;
11:15:02.0954 6596 ============================================================
11:15:07.0452 6596 Accelerometer (3b10711ad8656c097e0d16a41b29c54c) C:\Windows\system32\DRIVERS\Accelerometer.sys
11:15:07.0456 6596 Accelerometer - ok
11:15:07.0587 6596 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
11:15:07.0591 6596 ACPI - ok
11:15:07.0743 6596 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:15:07.0771 6596 AdobeFlashPlayerUpdateSvc - ok
11:15:07.0866 6596 adp94xx (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
11:15:07.0873 6596 adp94xx - ok
11:15:07.0923 6596 adpahci (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
11:15:07.0928 6596 adpahci - ok
11:15:07.0954 6596 adpu160m (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
11:15:07.0956 6596 adpu160m - ok
11:15:07.0990 6596 adpu320 (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
11:15:07.0993 6596 adpu320 - ok
11:15:08.0061 6596 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
11:15:08.0063 6596 AeLookupSvc - ok
11:15:08.0240 6596 AESTFilters (3b1b2ee9df189f6bbb080bf393d1b2ee) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
11:15:08.0242 6596 AESTFilters - ok
11:15:08.0324 6596 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
11:15:08.0328 6596 AFD - ok
11:15:08.0446 6596 AgereModemAudio (8ed60797908fd394eee0d6949f493224) C:\Windows\system32\agrsmsvc.exe
11:15:08.0448 6596 AgereModemAudio - ok
11:15:08.0626 6596 AgereSoftModem (38325c6aa8eae011897d61ce48ec6435) C:\Windows\system32\DRIVERS\AGRSM.sys
11:15:08.0663 6596 AgereSoftModem - ok
11:15:08.0701 6596 agp440 (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
11:15:08.0709 6596 agp440 - ok
11:15:08.0768 6596 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
11:15:08.0771 6596 aic78xx - ok
11:15:08.0792 6596 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
11:15:08.0794 6596 ALG - ok
11:15:08.0805 6596 aliide (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
11:15:08.0806 6596 aliide - ok
11:15:08.0825 6596 amdagp (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
11:15:08.0828 6596 amdagp - ok
11:15:08.0839 6596 amdide (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
11:15:08.0841 6596 amdide - ok
11:15:08.0931 6596 AmdK7 (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
11:15:08.0936 6596 AmdK7 - ok
11:15:08.0956 6596 AmdK8 (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\DRIVERS\amdk8.sys
11:15:08.0959 6596 AmdK8 - ok
11:15:08.0975 6596 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
11:15:08.0976 6596 Appinfo - ok
11:15:09.0054 6596 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:15:09.0058 6596 Apple Mobile Device - ok
11:15:09.0131 6596 arc (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
11:15:09.0134 6596 arc - ok
11:15:09.0161 6596 arcsas (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
11:15:09.0167 6596 arcsas - ok
11:15:09.0188 6596 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
11:15:09.0190 6596 AsyncMac - ok
11:15:09.0219 6596 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
11:15:09.0221 6596 atapi - ok
11:15:09.0285 6596 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:15:09.0291 6596 AudioEndpointBuilder - ok
11:15:09.0304 6596 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
11:15:09.0309 6596 Audiosrv - ok
11:15:09.0504 6596 AVerBDA6x (d4a26162afd9c6239c0c0b63447bd04e) C:\Windows\system32\DRIVERS\AVerBDA716x.sys
11:15:09.0532 6596 AVerBDA6x - ok
11:15:10.0786 6596 AVG Security Toolbar Service (080d4fe1435401a370f122614ea514cd) C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe
11:15:10.0862 6596 AVG Security Toolbar Service - ok
11:15:12.0468 6596 AVGIDSAgent (ba60fd7a64b9759a14c0fba4a9ed4c7b) C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
11:15:13.0072 6596 AVGIDSAgent - ok
11:15:13.0966 6596 AVGIDSDriver (1074f787080068c71303b61fae7e7ca4) C:\Windows\system32\DRIVERS\avgidsdriverx.sys
11:15:13.0991 6596 AVGIDSDriver - ok
11:15:14.0011 6596 AVGIDSFilter (61a7e0b02f82cff3db2445bbe50b3589) C:\Windows\system32\DRIVERS\avgidsfilterx.sys
11:15:14.0013 6596 AVGIDSFilter - ok
11:15:14.0128 6596 AVGIDSHX (d63d83659eedf60b3a3e620281a888e5) C:\Windows\system32\DRIVERS\avgidshx.sys
11:15:14.0131 6596 AVGIDSHX - ok
11:15:14.0210 6596 AVGIDSShim (baf975b72062f53d327788e99d64197e) C:\Windows\system32\DRIVERS\avgidsshimx.sys
11:15:14.0240 6596 AVGIDSShim - ok
11:15:14.0398 6596 Avgldx86 (dda6a2a18841e4c9172bb85958b8d948) C:\Windows\system32\DRIVERS\avgldx86.sys
11:15:14.0426 6596 Avgldx86 - ok
11:15:14.0460 6596 Avgmfx86 (ccdd61545aaea265977e4b1efdc74e8c) C:\Windows\system32\DRIVERS\avgmfx86.sys
11:15:14.0463 6596 Avgmfx86 - ok
11:15:14.0484 6596 Avgrkx86 (1fd90b28d2c3100bf4500199c8ad6358) C:\Windows\system32\DRIVERS\avgrkx86.sys
11:15:14.0489 6596 Avgrkx86 - ok
11:15:14.0845 6596 Avgtdix (1263f2554ace925c237a40b4c568d815) C:\Windows\system32\DRIVERS\avgtdix.sys
11:15:14.0854 6596 Avgtdix - ok
11:15:15.0374 6596 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
11:15:15.0379 6596 avgwd - ok
11:15:15.0902 6596 BCM43XV (cf6a67c90951e3e763d2135dede44b85) C:\Windows\system32\DRIVERS\bcmwl6.sys
11:15:15.0930 6596 BCM43XV - ok
11:15:15.0960 6596 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
11:15:15.0963 6596 Beep - ok
11:15:16.0049 6596 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
11:15:16.0060 6596 BFE - ok
11:15:16.0324 6596 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
11:15:16.0354 6596 BITS - ok
11:15:16.0371 6596 blbdrive (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
11:15:16.0374 6596 blbdrive - ok
11:15:16.0749 6596 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
11:15:16.0758 6596 Bonjour Service - ok
11:15:16.0950 6596 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
11:15:16.0952 6596 bowser - ok
11:15:17.0025 6596 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
11:15:17.0031 6596 BrFiltLo - ok
11:15:17.0043 6596 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
11:15:17.0069 6596 BrFiltUp - ok
11:15:17.0118 6596 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
11:15:17.0121 6596 Browser - ok
11:15:17.0156 6596 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
11:15:17.0160 6596 Brserid - ok
11:15:17.0192 6596 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
11:15:17.0199 6596 BrSerWdm - ok
11:15:17.0271 6596 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
11:15:17.0284 6596 BrUsbMdm - ok
11:15:17.0368 6596 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
11:15:17.0371 6596 BrUsbSer - ok
11:15:17.0467 6596 BthEnum (6d39c954799b63ba866910234cf7d726) C:\Windows\system32\DRIVERS\BthEnum.sys
11:15:17.0477 6596 BthEnum - ok
11:15:17.0526 6596 BTHMODEM (9a966a8e86d1771911ae34a20d11bff3) C:\Windows\system32\DRIVERS\bthmodem.sys
11:15:17.0533 6596 BTHMODEM - ok
11:15:17.0561 6596 BthPan (5904efa25f829bf84ea6fb045134a1d8) C:\Windows\system32\DRIVERS\bthpan.sys
11:15:17.0565 6596 BthPan - ok
11:15:18.0117 6596 BTHPORT (611ff3f2f095c8d4a6d4cfd9dcc09793) C:\Windows\system32\Drivers\BTHport.sys
11:15:18.0236 6596 BTHPORT - ok
11:15:18.0356 6596 BthServ (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
11:15:18.0358 6596 BthServ - ok
11:15:18.0565 6596 BTHUSB (d330803eab2a15caec7f011f1d4cb30e) C:\Windows\system32\Drivers\BTHUSB.sys
11:15:18.0616 6596 BTHUSB - ok
11:15:19.0011 6596 btwaudio (229b2c1e776062a4033305d5a9d6e28d) C:\Windows\system32\drivers\btwaudio.sys
11:15:19.0041 6596 btwaudio - ok
11:15:19.0081 6596 btwavdt (97062053359f6908e1fb2791bfa54734) C:\Windows\system32\drivers\btwavdt.sys
11:15:19.0089 6596 btwavdt - ok
11:15:19.0106 6596 btwrchid (d9269b0e3e3cf46d677fd071a40fe6cd) C:\Windows\system32\DRIVERS\btwrchid.sys
11:15:19.0110 6596 btwrchid - ok
11:15:19.0419 6596 catchme - ok
11:15:19.0542 6596 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
11:15:19.0549 6596 cdfs - ok
11:15:19.0622 6596 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
11:15:19.0666 6596 cdrom - ok
11:15:19.0938 6596 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:15:19.0941 6596 CertPropSvc - ok
11:15:19.0963 6596 circlass (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\DRIVERS\circlass.sys
11:15:20.0010 6596 circlass - ok
11:15:20.0329 6596 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
11:15:20.0334 6596 CLFS - ok
11:15:20.0435 6596 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:15:20.0469 6596 clr_optimization_v2.0.50727_32 - ok
11:15:20.0789 6596 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:15:20.0850 6596 clr_optimization_v4.0.30319_32 - ok
11:15:20.0945 6596 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
11:15:20.0962 6596 CmBatt - ok
11:15:20.0980 6596 cmdide (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
11:15:20.0981 6596 cmdide - ok
11:15:21.0200 6596 Com4QLBEx (a94146208170d78906c93ee39cebdd9f) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
11:15:21.0206 6596 Com4QLBEx - ok
11:15:21.0216 6596 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
11:15:21.0217 6596 Compbatt - ok
11:15:21.0224 6596 COMSysApp - ok
11:15:21.0249 6596 crcdisk (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
11:15:21.0250 6596 crcdisk - ok
11:15:21.0267 6596 Crusoe (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
11:15:21.0288 6596 Crusoe - ok
11:15:21.0358 6596 CryptSvc (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
11:15:21.0362 6596 CryptSvc - ok
11:15:21.0661 6596 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:15:21.0890 6596 DcomLaunch - ok
11:15:22.0001 6596 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
11:15:22.0003 6596 DfsC - ok
11:15:22.0560 6596 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
11:15:22.0635 6596 DFSR - ok
11:15:23.0439 6596 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
11:15:23.0444 6596 Dhcp - ok
11:15:23.0587 6596 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
11:15:23.0589 6596 disk - ok
11:15:23.0706 6596 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
11:15:23.0710 6596 Dnscache - ok
11:15:23.0894 6596 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
11:15:23.0908 6596 dot3svc - ok
11:15:23.0973 6596 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
11:15:24.0011 6596 Dot4 - ok
11:15:24.0101 6596 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:15:24.0129 6596 Dot4Print - ok
11:15:24.0211 6596 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
11:15:24.0215 6596 dot4usb - ok
11:15:24.0353 6596 DpHost (5bc1d876dfd53c31c5fc65d2e9614015) C:\Program Files\DigitalPersona\Bin\DpHostW.exe
11:15:24.0364 6596 DpHost - ok
11:15:24.0408 6596 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
11:15:24.0412 6596 DPS - ok
11:15:24.0477 6596 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
11:15:24.0528 6596 drmkaud - ok
11:15:25.0193 6596 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
11:15:25.0263 6596 DXGKrnl - ok
11:15:25.0308 6596 E1G60 (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
11:15:25.0313 6596 E1G60 - ok
11:15:25.0351 6596 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
11:15:25.0354 6596 EapHost - ok
11:15:25.0473 6596 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
11:15:25.0476 6596 Ecache - ok
11:15:25.0699 6596 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
11:15:25.0726 6596 ehRecvr - ok
11:15:25.0762 6596 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
11:15:25.0765 6596 ehSched - ok
11:15:25.0813 6596 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
11:15:25.0814 6596 ehstart - ok
11:15:26.0027 6596 elxstor (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
11:15:26.0033 6596 elxstor - ok
11:15:26.0203 6596 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
11:15:26.0221 6596 EMDMgmt - ok
11:15:26.0497 6596 enecir (4cd6b056c5fd9e97c06fe74c81479517) C:\Windows\system32\DRIVERS\enecir.sys
11:15:26.0540 6596 enecir - ok
11:15:26.0625 6596 ErrDev (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
11:15:26.0776 6596 ErrDev - ok
11:15:27.0411 6596 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
11:15:27.0419 6596 EventSystem - ok
11:15:27.0643 6596 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
11:15:27.0735 6596 exfat - ok
11:15:28.0189 6596 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
11:15:28.0237 6596 fastfat - ok
11:15:28.0376 6596 fdc (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
11:15:28.0420 6596 fdc - ok
11:15:28.0516 6596 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
11:15:28.0519 6596 fdPHost - ok
11:15:28.0684 6596 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
11:15:28.0689 6596 FDResPub - ok
11:15:28.0742 6596 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
11:15:28.0744 6596 FileInfo - ok
11:15:28.0861 6596 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
11:15:28.0933 6596 Filetrace - ok
11:15:29.0043 6596 flpydisk (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
11:15:29.0071 6596 flpydisk - ok
11:15:29.0358 6596 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
11:15:29.0361 6596 FltMgr - ok
11:15:29.0669 6596 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
11:15:29.0727 6596 FontCache - ok
11:15:29.0937 6596 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:15:29.0942 6596 FontCache3.0.0.0 - ok
11:15:30.0000 6596 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
11:15:30.0003 6596 Fs_Rec - ok
11:15:30.0155 6596 gagp30kx (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
11:15:30.0160 6596 gagp30kx - ok
11:15:30.0571 6596 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files\WildTangent Games\App\GamesAppService.exe
11:15:30.0580 6596 GamesAppService - ok
11:15:30.0685 6596 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:15:30.0699 6596 GEARAspiWDM - ok
11:15:30.0835 6596 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
11:15:30.0852 6596 gpsvc - ok
11:15:31.0148 6596 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
11:15:31.0336 6596 HdAudAddService - ok
11:15:31.0693 6596 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
11:15:31.0710 6596 HDAudBus - ok
11:15:32.0124 6596 HidBth (fcb3f4be408f72c1bd81bcaba87fc22f) C:\Windows\system32\DRIVERS\hidbth.sys
11:15:32.0165 6596 HidBth - ok
11:15:32.0561 6596 HidIr (d8df3722d5e961baa1292aa2f12827e2) C:\Windows\system32\DRIVERS\hidir.sys
11:15:32.0603 6596 HidIr - ok
11:15:32.0716 6596 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
11:15:32.0719 6596 hidserv - ok
11:15:32.0834 6596 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\drivers\hidusb.sys
11:15:32.0839 6596 HidUsb - ok
11:15:32.0937 6596 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
11:15:32.0964 6596 hkmsvc - ok
11:15:33.0510 6596 HP Health Check Service (d13e6bfd7e9189d26a42e94cb2447044) c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
11:15:33.0512 6596 HP Health Check Service - ok
11:15:33.0552 6596 HpCISSs (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
11:15:33.0573 6596 HpCISSs - ok
11:15:33.0678 6596 hpdskflt (24f3f496c18efc234777723a67a85f81) C:\Windows\system32\DRIVERS\hpdskflt.sys
11:15:33.0684 6596 hpdskflt - ok
11:15:34.0331 6596 hpqcxs08 (f50f7984fdd151edd8a70a8dbd9e2a44) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
11:15:34.0379 6596 hpqcxs08 - ok
11:15:34.0554 6596 hpqddsvc (df446ba625cc441617843e87798ce048) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
11:15:34.0559 6596 hpqddsvc - ok
11:15:34.0590 6596 HpqKbFiltr (35956140e686d53bf676cf0c778880fc) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
11:15:34.0594 6596 HpqKbFiltr - ok
11:15:34.0853 6596 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
11:15:34.0893 6596 hpqwmiex - ok
11:15:34.0924 6596 hpsrv (6d0ac28c5bd8d8495f83f5929a45e559) C:\Windows\system32\Hpservice.exe
11:15:34.0928 6596 hpsrv - ok
11:15:35.0386 6596 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:15:35.0394 6596 HSFHWAZL - ok
11:15:35.0704 6596 HSF_DPV (ec36f1d542ed4252390d446bf6d4dfd0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:15:35.0800 6596 HSF_DPV - ok
11:15:36.0410 6596 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
11:15:36.0617 6596 HTTP - ok
11:15:36.0784 6596 i2omp (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
11:15:36.0787 6596 i2omp - ok
11:15:37.0106 6596 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
11:15:37.0156 6596 i8042prt - ok
11:15:37.0805 6596 iaStorV (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
11:15:37.0809 6596 iaStorV - ok
11:15:38.0319 6596 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
11:15:38.0328 6596 IDriverT - ok
11:15:38.0680 6596 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:15:38.0708 6596 idsvc - ok
11:15:38.0873 6596 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
11:15:38.0875 6596 iirsp - ok
11:15:39.0614 6596 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
11:15:39.0748 6596 IKEEXT - ok
11:15:39.0901 6596 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
11:15:39.0903 6596 intelide - ok
11:15:40.0248 6596 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
11:15:40.0251 6596 intelppm - ok
11:15:40.0622 6596 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
11:15:40.0627 6596 IPBusEnum - ok
11:15:40.0798 6596 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:15:40.0824 6596 IpFilterDriver - ok
11:15:41.0187 6596 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
11:15:41.0195 6596 iphlpsvc - ok
11:15:41.0202 6596 IpInIp - ok
11:15:41.0420 6596 IPMIDRV (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
11:15:41.0535 6596 IPMIDRV - ok
11:15:41.0708 6596 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
11:15:41.0754 6596 IPNAT - ok
11:15:42.0324 6596 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
11:15:42.0383 6596 iPod Service - ok
11:15:42.0458 6596 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
11:15:42.0462 6596 IRENUM - ok
11:15:42.0660 6596 isapnp (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
11:15:42.0662 6596 isapnp - ok
11:15:43.0065 6596 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
11:15:43.0087 6596 iScsiPrt - ok
11:15:43.0328 6596 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
11:15:43.0331 6596 iteatapi - ok
11:15:43.0472 6596 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
11:15:43.0474 6596 iteraid - ok
11:15:43.0600 6596 JMCR (da971cfc625d13636e04c405948e9d62) C:\Windows\system32\DRIVERS\jmcr.sys
11:15:43.0604 6596 JMCR - ok
11:15:43.0784 6596 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:15:43.0801 6596 kbdclass - ok
11:15:43.0971 6596 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
11:15:43.0974 6596 kbdhid - ok
11:15:44.0059 6596 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:15:44.0064 6596 KeyIso - ok
11:15:44.0520 6596 KSecDD (4a1445efa932a3baf5bdb02d7131ee20) C:\Windows\system32\Drivers\ksecdd.sys
11:15:44.0569 6596 KSecDD - ok
11:15:44.0962 6596 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
11:15:45.0215 6596 KtmRm - ok
11:15:45.0548 6596 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
11:15:45.0585 6596 LanmanServer - ok
11:15:45.0861 6596 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
11:15:45.0870 6596 LanmanWorkstation - ok
11:15:46.0182 6596 LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
11:15:46.0185 6596 LightScribeService - ok
11:15:46.0440 6596 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
11:15:46.0442 6596 lltdio - ok
11:15:47.0417 6596 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
11:15:47.0506 6596 lltdsvc - ok
11:15:47.0582 6596 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
11:15:47.0587 6596 lmhosts - ok
11:15:47.0729 6596 LSI_FC (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
11:15:47.0732 6596 LSI_FC - ok
11:15:47.0779 6596 LSI_SAS (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
11:15:47.0782 6596 LSI_SAS - ok
11:15:47.0810 6596 LSI_SCSI (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
11:15:47.0813 6596 LSI_SCSI - ok
11:15:47.0853 6596 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
11:15:47.0857 6596 luafv - ok
11:15:48.0128 6596 MBAMProtector (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
11:15:48.0132 6596 MBAMProtector - ok
11:15:48.0839 6596 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
11:15:49.0256 6596 MBAMService - ok
11:15:49.0456 6596 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
11:15:49.0490 6596 Mcx2Svc - ok
11:15:49.0774 6596 megasas (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
11:15:49.0777 6596 megasas - ok
11:15:50.0594 6596 MegaSR (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
11:15:50.0601 6596 MegaSR - ok
11:15:50.0768 6596 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:15:50.0773 6596 MMCSS - ok
11:15:50.0953 6596 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
11:15:50.0987 6596 Modem - ok
11:15:51.0338 6596 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
11:15:51.0340 6596 monitor - ok
11:15:51.0362 6596 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
11:15:51.0367 6596 mouclass - ok
11:15:51.0416 6596 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
11:15:51.0425 6596 mouhid - ok
11:15:51.0459 6596 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
11:15:51.0463 6596 MountMgr - ok
11:15:51.0721 6596 mpio (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
11:15:51.0735 6596 mpio - ok
11:15:51.0766 6596 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
11:15:51.0769 6596 mpsdrv - ok
11:15:52.0222 6596 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
11:15:52.0246 6596 MpsSvc - ok
11:15:52.0416 6596 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
11:15:52.0418 6596 Mraid35x - ok
11:15:52.0518 6596 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
11:15:52.0524 6596 MRxDAV - ok
11:15:52.0716 6596 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:15:52.0719 6596 mrxsmb - ok
11:15:52.0796 6596 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:15:52.0801 6596 mrxsmb10 - ok
11:15:52.0821 6596 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:15:52.0824 6596 mrxsmb20 - ok
11:15:52.0991 6596 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys
11:15:52.0996 6596 msahci - ok
11:15:53.0454 6596 msdsm (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
11:15:53.0458 6596 msdsm - ok
11:15:53.0557 6596 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
11:15:53.0565 6596 MSDTC - ok
11:15:53.0596 6596 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
11:15:53.0598 6596 Msfs - ok
11:15:53.0678 6596 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
11:15:53.0680 6596 msisadrv - ok
11:15:53.0800 6596 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
11:15:53.0808 6596 MSiSCSI - ok
11:15:53.0816 6596 msiserver - ok
11:15:53.0877 6596 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
11:15:53.0881 6596 MSKSSRV - ok
11:15:53.0929 6596 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
11:15:53.0932 6596 MSPCLOCK - ok
11:15:53.0944 6596 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
11:15:53.0949 6596 MSPQM - ok
11:15:54.0237 6596 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
11:15:54.0241 6596 MsRPC - ok
11:15:54.0564 6596 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
11:15:54.0566 6596 mssmbios - ok
11:15:54.0606 6596 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
11:15:54.0609 6596 MSTEE - ok
11:15:54.0966 6596 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
11:15:54.0968 6596 Mup - ok
11:15:55.0486 6596 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
11:15:55.0595 6596 napagent - ok
11:15:55.0734 6596 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
11:15:55.0738 6596 NativeWifiP - ok
11:15:56.0489 6596 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
11:15:56.0497 6596 NDIS - ok
11:15:56.0659 6596 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
11:15:56.0684 6596 NdisTapi - ok
11:15:56.0762 6596 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
11:15:56.0764 6596 Ndisuio - ok
11:15:57.0329 6596 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
11:15:57.0338 6596 NdisWan - ok
11:15:57.0388 6596 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
11:15:57.0392 6596 NDProxy - ok
11:15:57.0457 6596 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
11:15:57.0475 6596 Net Driver HPZ12 - ok
11:15:57.0697 6596 Netaapl (7afd0e39ab15cb355487b7cc19f4e2c5) C:\Windows\system32\DRIVERS\netaapl.sys
11:15:57.0797 6596 Netaapl - ok
11:15:57.0944 6596 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
11:15:57.0948 6596 NetBIOS - ok
11:15:58.0570 6596 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
11:15:58.0621 6596 netbt - ok
11:15:58.0700 6596 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:15:58.0704 6596 Netlogon - ok
11:15:58.0849 6596 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
11:15:58.0858 6596 Netman - ok
11:15:58.0943 6596 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
11:15:58.0954 6596 netprofm - ok
11:15:59.0606 6596 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:15:59.0635 6596 NetTcpPortSharing - ok
11:16:00.0982 6596 NETw5v32 (e559ea9138c77b5d1fda8c558764a25f) C:\Windows\system32\DRIVERS\NETw5v32.sys
11:16:01.0317 6596 NETw5v32 - ok
11:16:01.0832 6596 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
11:16:01.0834 6596 nfrd960 - ok
11:16:02.0041 6596 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
11:16:02.0048 6596 NlaSvc - ok
11:16:02.0091 6596 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
11:16:02.0095 6596 Npfs - ok
11:16:02.0128 6596 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
11:16:02.0133 6596 nsi - ok
11:16:02.0148 6596 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
11:16:02.0151 6596 nsiproxy - ok
11:16:02.0448 6596 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
11:16:02.0518 6596 Ntfs - ok
11:16:02.0574 6596 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
11:16:02.0578 6596 ntrigdigi - ok
11:16:02.0609 6596 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
11:16:02.0612 6596 Null - ok
11:16:02.0691 6596 NVENETFD (1657f3fbd9061526c14ff37e79306f98) C:\Windows\system32\DRIVERS\nvm60x32.sys
11:16:02.0716 6596 NVENETFD - ok
11:16:02.0773 6596 NVHDA (f972dc046c374a9e02f2dfbe74ebb203) C:\Windows\system32\drivers\nvhda32v.sys
11:16:02.0843 6596 NVHDA - ok
11:16:04.0659 6596 nvlddmkm (6c1c07916a4fed3e26bf399f07370986) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:16:04.0919 6596 nvlddmkm - ok
11:16:05.0221 6596 nvraid (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
11:16:05.0224 6596 nvraid - ok
11:16:05.0301 6596 nvstor (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
11:16:05.0303 6596 nvstor - ok
11:16:05.0330 6596 nvsvc (029df21eb9fc3ff0d628278774c99dc0) C:\Windows\system32\nvvsvc.exe
11:16:05.0337 6596 nvsvc - ok
11:16:05.0692 6596 nv_agp (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
11:16:05.0743 6596 nv_agp - ok
11:16:05.0751 6596 NwlnkFlt - ok
11:16:05.0761 6596 NwlnkFwd - ok
11:16:06.0066 6596 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
11:16:06.0070 6596 ohci1394 - ok
11:16:06.0376 6596 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:16:06.0384 6596 ose - ok
11:16:07.0500 6596 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:16:07.0664 6596 osppsvc - ok
11:16:08.0399 6596 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:16:08.0421 6596 p2pimsvc - ok
11:16:08.0436 6596 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:16:08.0450 6596 p2psvc - ok
11:16:08.0614 6596 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
11:16:08.0617 6596 Parport - ok
11:16:08.0678 6596 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
11:16:08.0681 6596 partmgr - ok
11:16:08.0728 6596 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
11:16:08.0732 6596 Parvdm - ok
11:16:08.0795 6596 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
11:16:08.0802 6596 PcaSvc - ok
11:16:08.0931 6596 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
11:16:08.0935 6596 pci - ok
11:16:08.0965 6596 pciide (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
11:16:08.0967 6596 pciide - ok
11:16:09.0016 6596 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
11:16:09.0025 6596 pcmcia - ok
11:16:09.0197 6596 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
11:16:09.0237 6596 PEAUTH - ok
11:16:09.0741 6596 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
11:16:09.0813 6596 pla - ok
11:16:10.0223 6596 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
11:16:10.0234 6596 PlugPlay - ok
11:16:10.0291 6596 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
11:16:10.0295 6596 Pml Driver HPZ12 - ok
11:16:10.0452 6596 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:16:10.0467 6596 PNRPAutoReg - ok
11:16:10.0486 6596 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
11:16:10.0499 6596 PNRPsvc - ok
11:16:10.0660 6596 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
11:16:10.0743 6596 PolicyAgent - ok
11:16:11.0055 6596 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
11:16:11.0059 6596 PptpMiniport - ok
11:16:11.0099 6596 Processor (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
11:16:11.0103 6596 Processor - ok
11:16:11.0168 6596 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
11:16:11.0176 6596 ProfSvc - ok
11:16:11.0201 6596 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:16:11.0205 6596 ProtectedStorage - ok
11:16:11.0262 6596 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
11:16:11.0265 6596 PSched - ok
11:16:11.0519 6596 ql2300 (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
11:16:11.0563 6596 ql2300 - ok
11:16:11.0594 6596 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
11:16:11.0597 6596 ql40xx - ok
11:16:12.0732 6596 QPCapSvc (26f65f22527515990532209baff78dea) C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
11:16:12.0758 6596 QPCapSvc - ok
11:16:12.0793 6596 QPSched (511e9ddc22a63e5109c7f221f85deb3d) C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
11:16:12.0797 6596 QPSched - ok
11:16:12.0852 6596 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
11:16:12.0864 6596 QWAVE - ok
11:16:12.0897 6596 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
11:16:12.0900 6596 QWAVEdrv - ok
11:16:13.0041 6596 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
11:16:13.0045 6596 RasAcd - ok
11:16:13.0091 6596 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
11:16:13.0098 6596 RasAuto - ok
11:16:13.0142 6596 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:16:13.0147 6596 Rasl2tp - ok
11:16:13.0335 6596 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
11:16:13.0348 6596 RasMan - ok
11:16:13.0393 6596 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
11:16:13.0397 6596 RasPppoe - ok
11:16:13.0434 6596 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
11:16:13.0440 6596 RasSstp - ok
11:16:13.0550 6596 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
11:16:13.0569 6596 rdbss - ok
11:16:13.0583 6596 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:16:13.0586 6596 RDPCDD - ok
11:16:13.0652 6596 rdpdr (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
11:16:13.0694 6596 rdpdr - ok
11:16:13.0703 6596 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
11:16:13.0706 6596 RDPENCDD - ok
11:16:13.0793 6596 RDPWD (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
11:16:13.0847 6596 RDPWD - ok
11:16:13.0974 6596 Recovery Service for Windows (431723f23d0e065bef502389e8ffdc10) C:\Windows\SMINST\BLService.exe
11:16:13.0984 6596 Recovery Service for Windows - ok
11:16:14.0117 6596 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
11:16:14.0122 6596 RemoteAccess - ok
11:16:14.0158 6596 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
11:16:14.0168 6596 RemoteRegistry - ok
11:16:14.0781 6596 RFCOMM (6482707f9f4da0ecbab43b2e0398a101) C:\Windows\system32\DRIVERS\rfcomm.sys
11:16:14.0822 6596 RFCOMM - ok
11:16:15.0128 6596 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files\CyberLink\Shared Files\RichVideo.exe
11:16:15.0136 6596 RichVideo - ok
11:16:15.0168 6596 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
11:16:15.0172 6596 RpcLocator - ok
11:16:15.0270 6596 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
11:16:15.0288 6596 RpcSs - ok
11:16:15.0370 6596 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
11:16:15.0373 6596 rspndr - ok
11:16:15.0411 6596 RTL8169 (2fc33077f85d7dc0d03678c06d43898c) C:\Windows\system32\DRIVERS\Rtlh86.sys
11:16:15.0431 6596 RTL8169 - ok
11:16:15.0459 6596 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
11:16:15.0463 6596 SamSs - ok
11:16:15.0488 6596 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
11:16:15.0491 6596 sbp2port - ok
11:16:15.0793 6596 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
11:16:15.0832 6596 SBSDWSCService - ok
11:16:15.0989 6596 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
11:16:16.0004 6596 SCardSvr - ok
11:16:16.0128 6596 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
11:16:16.0148 6596 Schedule - ok
11:16:16.0300 6596 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
11:16:16.0303 6596 SCPolicySvc - ok
11:16:16.0475 6596 sdbus (126ea89bcc413ee45e3004fb0764888f) C:\Windows\system32\DRIVERS\sdbus.sys
11:16:16.0480 6596 sdbus - ok
11:16:16.0543 6596 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
11:16:16.0550 6596 SDRSVC - ok
11:16:16.0560 6596 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:16:16.0564 6596 secdrv - ok
11:16:16.0643 6596 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
11:16:16.0652 6596 seclogon - ok
11:16:16.0680 6596 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
11:16:16.0690 6596 SENS - ok
11:16:16.0800 6596 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
11:16:16.0837 6596 Serenum - ok
11:16:16.0928 6596 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
11:16:16.0934 6596 Serial - ok
11:16:16.0961 6596 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
11:16:16.0964 6596 sermouse - ok
11:16:17.0034 6596 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
11:16:17.0042 6596 SessionEnv - ok
11:16:17.0088 6596 sffdisk (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
11:16:17.0102 6596 sffdisk - ok
11:16:17.0144 6596 sffp_mmc (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
11:16:17.0172 6596 sffp_mmc - ok
11:16:17.0183 6596 sffp_sd (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
11:16:17.0206 6596 sffp_sd - ok
11:16:17.0237 6596 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
11:16:17.0240 6596 sfloppy - ok
11:16:17.0363 6596 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
11:16:17.0371 6596 SharedAccess - ok
11:16:17.0647 6596 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
11:16:17.0656 6596 ShellHWDetection - ok
11:16:17.0707 6596 sisagp (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
11:16:17.0712 6596 sisagp - ok
11:16:17.0735 6596 SiSRaid2 (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
11:16:17.0737 6596 SiSRaid2 - ok
11:16:17.0774 6596 SiSRaid4 (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
11:16:17.0777 6596 SiSRaid4 - ok
11:16:18.0843 6596 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
11:16:19.0009 6596 slsvc - ok
11:16:19.0449 6596 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
11:16:19.0458 6596 SLUINotify - ok
11:16:19.0771 6596 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
11:16:19.0776 6596 Smb - ok
11:16:19.0953 6596 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
11:16:19.0960 6596 SNMPTRAP - ok
11:16:20.0246 6596 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
11:16:20.0249 6596 spldr - ok
11:16:20.0334 6596 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
11:16:20.0344 6596 Spooler - ok
11:16:20.0665 6596 SQLWriter (d89083c4eb02daca8f944b0e05e57f9d) c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
11:16:20.0670 6596 SQLWriter - ok
11:16:20.0993 6596 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
11:16:20.0999 6596 srv - ok
11:16:21.0155 6596 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
11:16:21.0160 6596 srv2 - ok
11:16:21.0659 6596 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
11:16:21.0662 6596 srvnet - ok
11:16:21.0737 6596 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
11:16:21.0745 6596 SSDPSRV - ok
11:16:21.0872 6596 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
11:16:21.0880 6596 SstpSvc - ok
11:16:22.0576 6596 STacSV (ec9c5f6c0f58446545d839bc11a3692b) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
11:16:22.0580 6596 STacSV - ok
11:16:22.0714 6596 STHDA (21cc262ab5f42f7a6b91dc7304c2f267) C:\Windows\system32\DRIVERS\stwrt.sys
11:16:22.0725 6596 STHDA - ok
11:16:22.0816 6596 StillCam (ef70b3d22b4bffda6ea851ecb063efaa) C:\Windows\system32\DRIVERS\serscan.sys
11:16:22.0819 6596 StillCam - ok
11:16:22.0991 6596 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
11:16:23.0009 6596 stisvc - ok
11:16:23.0049 6596 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
11:16:23.0053 6596 swenum - ok
11:16:23.0311 6596 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
11:16:23.0327 6596 swprv - ok
11:16:23.0359 6596 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
11:16:23.0362 6596 Symc8xx - ok
11:16:23.0540 6596 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
11:16:23.0542 6596 Sym_hi - ok
11:16:23.0598 6596 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
11:16:23.0602 6596 Sym_u3 - ok
11:16:23.0780 6596 SynTP (bf7aa84d5af0faa0978c840e63b17dbf) C:\Windows\system32\DRIVERS\SynTP.sys
11:16:23.0789 6596 SynTP - ok
11:16:23.0999 6596 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
11:16:24.0037 6596 SysMain - ok
11:16:24.0176 6596 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
11:16:24.0183 6596 TabletInputService - ok
11:16:24.0344 6596 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
11:16:24.0378 6596 TapiSrv - ok
11:16:24.0490 6596 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
11:16:24.0497 6596 TBS - ok
11:16:25.0020 6596 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
11:16:25.0118 6596 Tcpip - ok
11:16:25.0142 6596 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
11:16:25.0159 6596 Tcpip6 - ok
11:16:25.0375 6596 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
11:16:25.0423 6596 tcpipreg - ok
11:16:25.0446 6596 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
11:16:25.0450 6596 TDPIPE - ok
11:16:25.0472 6596 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
11:16:25.0476 6596 TDTCP - ok
11:16:25.0559 6596 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
11:16:25.0564 6596 tdx - ok
11:16:25.0841 6596 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
11:16:25.0845 6596 TermDD - ok
11:16:26.0012 6596 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
11:16:26.0033 6596 TermService - ok
11:16:26.0292 6596 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
11:16:26.0302 6596 Themes - ok
11:16:26.0355 6596 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
11:16:26.0361 6596 THREADORDER - ok
11:16:26.0561 6596 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
11:16:26.0570 6596 TrkWks - ok
11:16:26.0937 6596 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
11:16:26.0940 6596 TrustedInstaller - ok
11:16:26.0970 6596 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:16:26.0973 6596 tssecsrv - ok
11:16:27.0007 6596 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
11:16:27.0010 6596 tunmp - ok
11:16:27.0329 6596 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
11:16:27.0334 6596 tunnel - ok
11:16:27.0361 6596 uagp35 (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
11:16:27.0365 6596 uagp35 - ok
11:16:27.0423 6596 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
11:16:27.0451 6596 udfs - ok
11:16:27.0491 6596 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
11:16:27.0501 6596 UI0Detect - ok
11:16:27.0508 6596 UIUSys - ok
11:16:27.0599 6596 uliagpkx (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
11:16:27.0603 6596 uliagpkx - ok
11:16:27.0651 6596 uliahci (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
11:16:27.0656 6596 uliahci - ok
11:16:27.0690 6596 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
11:16:27.0694 6596 UlSata - ok
11:16:28.0056 6596 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
11:16:28.0060 6596 ulsata2 - ok
11:16:28.0105 6596 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
11:16:28.0109 6596 umbus - ok
11:16:28.0326 6596 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
11:16:28.0343 6596 upnphost - ok
11:16:28.0421 6596 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
11:16:28.0425 6596 USBAAPL - ok
11:16:28.0601 6596 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
11:16:28.0605 6596 usbccgp - ok
11:16:28.0964 6596 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
11:16:29.0021 6596 usbcir - ok
11:16:29.0072 6596 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
11:16:29.0076 6596 usbehci - ok
11:16:29.0279 6596 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
11:16:29.0286 6596 usbhub - ok
11:16:29.0312 6596 usbohci (7bdb7b0e7d45ac0402d78b90789ef47c) C:\Windows\system32\DRIVERS\usbohci.sys
11:16:29.0316 6596 usbohci - ok
11:16:29.0353 6596 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
11:16:29.0357 6596 usbprint - ok
11:16:29.0391 6596 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
11:16:29.0395 6596 usbscan - ok
11:16:29.0427 6596 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:16:29.0436 6596 USBSTOR - ok
11:16:29.0456 6596 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
11:16:29.0460 6596 usbuhci - ok
11:16:29.0512 6596 usbvideo (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
11:16:29.0518 6596 usbvideo - ok
11:16:29.0573 6596 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
11:16:29.0580 6596 UxSms - ok
11:16:29.0813 6596 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
11:16:29.0848 6596 vds - ok
11:16:29.0881 6596 vfs101x (4d45a93a7dd638ca2db0a86fbfbf42d1) C:\Windows\system32\drivers\vfs101x.sys
11:16:29.0933 6596 vfs101x - ok
11:16:30.0203 6596 vfsFPService (14c9b01b3c2efa722fbc75286682994e) C:\Windows\system32\vfsFPService.exe
11:16:30.0250 6596 vfsFPService - ok
11:16:30.0334 6596 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
11:16:30.0338 6596 vga - ok
11:16:30.0357 6596 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
11:16:30.0360 6596 VgaSave - ok
11:16:30.0381 6596 viaagp (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
11:16:30.0385 6596 viaagp - ok
11:16:30.0412 6596 ViaC7 (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
11:16:30.0416 6596 ViaC7 - ok
11:16:30.0434 6596 viaide (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
11:16:30.0436 6596 viaide - ok
11:16:30.0503 6596 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
11:16:30.0505 6596 volmgr - ok
11:16:30.0903 6596 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
11:16:30.0909 6596 volmgrx - ok
11:16:31.0120 6596 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
11:16:31.0125 6596 volsnap - ok
11:16:31.0173 6596 vsmraid (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
11:16:31.0177 6596 vsmraid - ok
11:16:31.0800 6596 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
11:16:31.0978 6596 VSS - ok
11:16:32.0537 6596 vToolbarUpdater11.2.0 (8ed347bad8d1fb7c40b593bfb01786d2) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
11:16:32.0680 6596 vToolbarUpdater11.2.0 - ok
11:16:33.0228 6596 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
11:16:33.0240 6596 W32Time - ok
11:16:33.0347 6596 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
11:16:33.0350 6596 WacomPen - ok
11:16:33.0368 6596 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:16:33.0384 6596 Wanarp - ok
11:16:33.0391 6596 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
11:16:33.0394 6596 Wanarpv6 - ok
11:16:33.0676 6596 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
11:16:33.0701 6596 wcncsvc - ok
11:16:33.0741 6596 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
11:16:33.0750 6596 WcsPlugInService - ok
11:16:33.0795 6596 Wd (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
11:16:33.0798 6596 Wd - ok
11:16:34.0080 6596 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:16:34.0089 6596 Wdf01000 - ok
11:16:34.0156 6596 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:16:34.0168 6596 WdiServiceHost - ok
11:16:34.0177 6596 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
11:16:34.0184 6596 WdiSystemHost - ok
11:16:34.0361 6596 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
11:16:34.0370 6596 WebClient - ok
11:16:34.0706 6596 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
11:16:34.0725 6596 Wecsvc - ok
11:16:34.0828 6596 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
11:16:34.0836 6596 wercplsupport - ok
11:16:35.0071 6596 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
11:16:35.0081 6596 WerSvc - ok
11:16:35.0927 6596 winachsf (5c7bdcf5864db00323fe2d90fa26a8a2) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:16:35.0981 6596 winachsf - ok
11:16:36.0224 6596 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
11:16:36.0270 6596 WinDefend - ok
11:16:36.0282 6596 WinHttpAutoProxySvc - ok
11:16:36.0856 6596 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
11:16:36.0860 6596 Winmgmt - ok
11:16:38.0064 6596 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
11:16:38.0119 6596 WinRM - ok
11:16:38.0505 6596 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
11:16:38.0525 6596 Wlansvc - ok
11:16:38.0898 6596 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
11:16:38.0900 6596 WmiAcpi - ok
11:16:39.0957 6596 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
11:16:39.0960 6596 wmiApSrv - ok
11:16:40.0785 6596 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:16:40.0844 6596 WMPNetworkSvc - ok
11:16:41.0800 6596 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
11:16:41.0809 6596 WPCSvc - ok
11:16:42.0109 6596 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
11:16:42.0117 6596 WPDBusEnum - ok
11:16:42.0390 6596 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
11:16:42.0405 6596 WpdUsb - ok
11:16:43.0027 6596 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
11:16:43.0069 6596 WPFFontCache_v0400 - ok
11:16:43.0101 6596 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
11:16:43.0104 6596 ws2ifsl - ok
11:16:43.0158 6596 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
11:16:43.0170 6596 wscsvc - ok
11:16:43.0317 6596 WSDPrintDevice (4422ac5ed8d4c2f0db63e71d4c069dd7) C:\Windows\system32\DRIVERS\WSDPrint.sys
11:16:43.0320 6596 WSDPrintDevice - ok
11:16:43.0328 6596 WSearch - ok
11:16:43.0734 6596 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:16:43.0848 6596 wuauserv - ok
11:16:44.0166 6596 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:16:44.0202 6596 WUDFRd - ok
11:16:44.0392 6596 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
11:16:44.0400 6596 wudfsvc - ok
11:16:44.0455 6596 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
11:16:45.0204 6596 \Device\Harddisk0\DR0 - ok
11:16:45.0605 6596 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1
11:16:45.0611 6596 \Device\Harddisk1\DR1 - ok
11:16:45.0647 6596 Boot (0x1200) (d86c30149f6b85ee950040b9c1b4af50) \Device\Harddisk0\DR0\Partition0
11:16:45.0651 6596 \Device\Harddisk0\DR0\Partition0 - ok
11:16:45.0691 6596 Boot (0x1200) (5a556cdb9fd50af7a38134d77bd78072) \Device\Harddisk0\DR0\Partition1
11:16:45.0695 6596 \Device\Harddisk0\DR0\Partition1 - ok
11:16:45.0703 6596 Boot (0x1200) (73ca269f73bbaec3aba9d5f3f0c2a1ce) \Device\Harddisk1\DR1\Partition0
11:16:45.0707 6596 \Device\Harddisk1\DR1\Partition0 - ok
11:16:45.0710 6596 ============================================================
11:16:45.0710 6596 Scan finished
11:16:45.0710 6596 ============================================================
11:16:45.0735 2476 Detected object count: 0
11:16:45.0735 2476 Actual detected object count: 0
11:17:00.0279 6424 Deinitialize success

corrie1
2012-08-14, 04:20
Thankyou. The log is above. I had to do two posts as it was to long. Unfortunately it didn't find anything but the malware is still there.

Blade81
2012-08-14, 07:41
Hi,

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
Click Scan
Wait for the scan to finish and copy-paste results back here.

corrie1
2012-08-14, 13:31
I couldn't copy and paste for some reason. (Please let me know if you want me to do a screen dump). It finished scanning but no threats were found.
The malware is still there.
Thanks again.

corrie1
2012-08-14, 15:16
I just ran spybot again. The only thing it finds is Right media, it keeps coming back I cant get rid of it although I repeatedly fix it and immunise (with and without user account access control turned off).
Thanks

Blade81
2012-08-14, 19:50
Hi,

Does the redirecting still happen and if so does it happen with all browsers (Chrome, Internet Explorer..)?


The only thing it finds is Right media, it keeps coming back I cant get rid of it although I repeatedly fix it and immunise (with and without user account access control turned off).That's pretty harmless cookie. I wouldn't worry about that :)

corrie1
2012-08-19, 11:12
Thanks for your question. It seems just to be Chrome, not internet explorer. What happens is I will be looking at a web page in Chrome and some words will be underlined, I will think they are legitimate links and then I will click on them and I will be asked to do a survey to win an ipad. Or sometimes my computer will make a ringing sound like an iphone and it will ask me to enter to win an iphone. Other times I will click on a legitimate link and a page for a survey will open (always the same page only the title will change), when I close this page the actual page I wanted to open will appear. rR I will be on a shopping wbsite and all of a sudden suggestions to other websites will appear to buy simliar items.
I think I will just unistall Chrome and use IE or Safari given that nothing can be found with all the investigations to date.
Thanks for all your help to date. :thanks:
Cheers

Blade81
2012-08-19, 20:04
Hi,

Knowing that only Chrome is affected narrows down things a bit :)


Download OTL (http://oldtimer.geekstogo.com/OTL.exe) to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

corrie1
2012-08-22, 13:31
Thanks, here is OTL.txt

OTL logfile created on: 22/08/2012 7:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\CORRINE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 36.26% Memory free
6.19 Gb Paging File | 4.33 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.11 Gb Total Space | 301.70 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 356.73 Gb Free Space | 95.74% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.21 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

Computer Name: CORRINE-PC | User Name: CORRINE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CORRINE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Tiqbiz\Tiqbiz.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\WINDOWS\System32\sdclt.exe (Microsoft Corporation)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files\Tiqbiz\Tiqbiz.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\CORRINE\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Netaapl) -- C:\WINDOWS\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AVerBDA6x) -- C:\WINDOWS\System32\drivers\AVerBDA716x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {50FEB985-2057-46B7-8948-1EF7B4185004}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{50FEB985-2057-46B7-8948-1EF7B4185004}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{50FEB985-2057-46B7-8948-1EF7B4185004}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BF948C8A-5BF5-400B-8367-5B0C8934141A}&mid=6dbd9c6f364e47d68e2dd168c03e3bcb-86a8876a25aa1857a0617e771246472422d21fb5&lang=en&ds=AVG&pr=fr&d=2011-09-16 13:27:39&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EBCCD6AC-4815-4CBE-9E02-2C0B82377AE0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RN&apn_dtid=YYYYYYYYAU&apn_uid=F2BA234F-E19A-4D3F-98A2-1654B71FBB40&apn_sauid=3D45939B-EAFD-4881-B0C2-A11CFA0D1B61&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/12/17 19:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/20 15:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/13 10:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/20 15:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010/12/17 19:34:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Fast save = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienapmpfomhppchccppipjbffkoiccdj\1.1_0\
CHR - Extension: AVG Safe Search = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/14 23:43:16 | 000,443,998 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15252 more lines...
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tiqbiz.lnk = C:\Program Files\Tiqbiz\Tiqbiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 20:58:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/16 09:45:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 09:45:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 09:45:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 09:45:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 09:45:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 09:45:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 09:45:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 09:45:17 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/16 09:39:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/14 16:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/11 23:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/11 23:02:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/11 22:35:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/11 22:35:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/11 22:35:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/11 22:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 19:38:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/02 19:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/02 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/28 15:48:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 15:48:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 15:48:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 15:48:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 15:48:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 15:48:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 15:48:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 15:48:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 15:48:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 15:48:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 15:48:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 15:48:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 15:48:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 15:48:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 15:48:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 15:48:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 15:48:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 15:48:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 15:48:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 15:48:32 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 15:48:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 15:48:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 15:48:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 15:48:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 15:48:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 15:48:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 15:48:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 15:48:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 15:48:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 15:48:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/15 17:56:20 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/12/15 17:56:20 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/12/15 17:56:20 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/12/15 17:56:20 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2010/12/15 17:56:20 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe

========== Files - Modified Within 30 Days ==========

[2012/08/22 19:14:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 19:14:39 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/22 19:13:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/22 19:04:02 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003UA.job
[2012/08/22 18:58:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/08/22 18:52:46 | 000,375,317 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/22 18:44:08 | 449,766,400 | ---- | M] () -- C:\Users\CORRINE\Desktop\FILE008.PST
[2012/08/22 18:44:07 | 030,491,648 | ---- | M] () -- C:\Users\CORRINE\Desktop\archive.pst
[2012/08/22 17:21:28 | 104,595,036 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/22 17:16:23 | 000,000,249 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/22 17:16:14 | 000,098,911 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/22 17:15:43 | 000,098,911 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/22 17:14:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/22 17:14:23 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/22 14:09:08 | 000,002,054 | ---- | M] () -- C:\Users\CORRINE\Desktop\Google Chrome.lnk
[2012/08/21 14:28:27 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/20 23:04:00 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003Core.job
[2012/08/20 09:32:51 | 000,000,680 | ---- | M] () -- C:\Users\CORRINE\AppData\Local\d3d9caps.dat
[2012/08/19 20:08:25 | 000,612,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/19 20:08:25 | 000,110,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/17 23:02:16 | 000,156,944 | ---- | M] () -- C:\Users\CORRINE\Documents\CORRINE2012.TAX
[2012/08/17 22:59:28 | 000,156,944 | ---- | M] () -- C:\Users\CORRINE\Documents\CORRINE2012.BAK
[2012/08/17 21:48:04 | 000,000,766 | ---- | M] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tiqbiz.lnk
[2012/08/16 10:00:04 | 000,381,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/15 12:55:42 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012/08/15 12:55:42 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/08/14 23:43:16 | 000,443,998 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/11 23:28:19 | 000,003,959 | ---- | M] () -- C:\Users\CORRINE\Desktop\Attach (2).zip
[2012/08/09 16:28:22 | 000,001,224 | ---- | M] () -- C:\Windows\pstudio.ini
[2012/08/09 16:28:22 | 000,000,028 | ---- | M] () -- C:\Windows\album.ini
[2012/08/09 16:18:59 | 000,000,010 | R--- | M] () -- C:\Windows\PSTUDIO.SN
[2012/08/09 16:17:07 | 000,015,872 | ---- | M] () -- C:\Users\CORRINE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 15:13:40 | 000,004,283 | ---- | M] () -- C:\Users\CORRINE\Desktop\Attach.zip
[2012/08/06 11:38:52 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120814-234316.backup
[2012/08/06 09:22:11 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120806-113852.backup
[2012/08/04 18:29:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/02 22:34:03 | 000,028,174 | ---- | M] () -- C:\Users\CORRINE\Desktop\144852631827884519-1 (1).pdf
[2012/08/02 20:16:26 | 000,000,512 | ---- | M] () -- C:\Users\CORRINE\Documents\MBR.dat
[2012/08/02 20:10:20 | 000,003,971 | ---- | M] () -- C:\Users\CORRINE\Documents\Attach.zip
[2012/08/02 19:38:21 | 000,000,915 | ---- | M] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 19:38:13 | 000,000,716 | ---- | M] () -- C:\Users\CORRINE\Desktop\ERUNT.lnk
[2012/07/28 21:23:52 | 000,000,945 | ---- | M] () -- C:\Users\CORRINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/28 15:49:15 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/07/28 15:49:15 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/07/28 15:48:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 15:48:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 15:48:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 15:48:48 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 15:48:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 15:48:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 15:48:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 15:48:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 15:48:45 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 15:48:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 15:48:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 15:48:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 15:48:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/07/28 15:48:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 15:48:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 15:48:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 15:48:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 15:48:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 15:48:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 15:48:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 15:48:32 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 15:48:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 15:48:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 15:48:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 15:48:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 15:48:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 15:48:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 15:48:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 15:48:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 15:48:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 15:48:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2012/07/25 20:24:41 | 000,001,889 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 8.lnk

========== Files Created - No Company Name ==========

[2012/08/11 23:28:19 | 000,003,959 | ---- | C] () -- C:\Users\CORRINE\Desktop\Attach (2).zip
[2012/08/11 22:35:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/11 22:35:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/11 22:35:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/11 22:35:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/11 22:35:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/09 16:18:59 | 000,000,010 | R--- | C] () -- C:\Windows\PSTUDIO.SN
[2012/08/09 15:13:40 | 000,004,283 | ---- | C] () -- C:\Users\CORRINE\Desktop\Attach.zip
[2012/08/04 18:29:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/02 22:34:03 | 000,028,174 | ---- | C] () -- C:\Users\CORRINE\Desktop\144852631827884519-1 (1).pdf
[2012/08/02 20:10:20 | 000,003,971 | ---- | C] () -- C:\Users\CORRINE\Documents\Attach.zip
[2012/08/02 19:55:56 | 000,000,512 | ---- | C] () -- C:\Users\CORRINE\Documents\MBR.dat
[2012/08/02 19:38:21 | 000,000,915 | ---- | C] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 19:38:13 | 000,000,716 | ---- | C] () -- C:\Users\CORRINE\Desktop\ERUNT.lnk
[2012/07/28 15:48:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/22 11:07:14 | 000,000,032 | ---- | C] () -- C:\Users\CORRINE\.deskmetrics
[2012/02/27 19:13:04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2012/02/27 19:13:04 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012/02/27 19:13:03 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011/10/27 20:16:33 | 000,000,297 | ---- | C] () -- C:\Users\CORRINE\CORRINE - Shortcut.lnk
[2011/10/06 20:57:53 | 000,292,890 | ---- | C] () -- C:\Users\CORRINE\microsoft request.cab
[2011/07/24 18:04:02 | 000,001,211 | ---- | C] () -- C:\Windows\disney.ini
[2011/05/12 16:57:36 | 000,001,224 | ---- | C] () -- C:\Windows\pstudio.ini
[2011/05/12 16:57:36 | 000,000,028 | ---- | C] () -- C:\Windows\album.ini
[2011/05/12 16:57:36 | 000,000,021 | ---- | C] () -- C:\Windows\Ps_setup.ini
[2011/02/05 11:01:37 | 000,157,638 | ---- | C] () -- C:\Windows\hpoins26.dat
[2010/12/23 17:04:25 | 000,000,680 | ---- | C] () -- C:\Users\CORRINE\AppData\Local\d3d9caps.dat
[2010/12/18 15:42:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/18 15:42:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/07 13:44:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/05 15:59:07 | 000,015,872 | ---- | C] () -- C:\Users\CORRINE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 09:54:17 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/11/27 09:50:59 | 000,098,911 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/27 09:50:29 | 000,098,911 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/27 09:30:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/11/27 09:30:15 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

< End of report >

corrie1
2012-08-22, 13:32
Thanks, here is extras.txt
OTL Extras logfile created on: 22/08/2012 7:12:14 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\CORRINE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.09 Gb Available Physical Memory | 36.26% Memory free
6.19 Gb Paging File | 4.33 Gb Available in Paging File | 70.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.11 Gb Total Space | 301.70 Gb Free Space | 66.15% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 356.73 Gb Free Space | 95.74% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.21 Gb Free Space | 12.50% Space Free | Partition Type: NTFS

Computer Name: CORRINE-PC | User Name: CORRINE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2482179C-FBD0-48AE-8B4A-E5DF13A36821}" = lport=139 | protocol=6 | dir=in | app=system |
"{3F1E5A0C-87C8-4E21-853F-E5E06A26B99C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{54BCD8F7-3687-47E9-A115-616A73AF179D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{58766FC9-A632-4CE7-AE56-6D242DC9A4B1}" = lport=137 | protocol=17 | dir=in | app=system |
"{6F2B2790-E7B7-4CEC-8A7D-08BE5F105CC1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{75D2391C-CD2E-4F68-8DF3-88E1B2E0C64E}" = rport=10243 | protocol=6 | dir=out | app=system |
"{7B9E5FF2-7A09-4637-8BA5-A3818219396D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8252A83A-9C9F-4368-815E-B5BB1FE3AC80}" = lport=138 | protocol=17 | dir=in | app=system |
"{892AD66F-A628-4055-B581-4192CB97A6CE}" = lport=445 | protocol=6 | dir=in | app=system |
"{8B3CCA98-E855-4666-83BB-398303BB2566}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{9C4D5FF0-BCB6-461A-AE1C-9CEB410C6909}" = rport=137 | protocol=17 | dir=out | app=system |
"{A314CE5D-C335-49F7-AC19-3857E4C510C2}" = rport=138 | protocol=17 | dir=out | app=system |
"{A9212741-B5C5-45B8-A0CA-897527B81977}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BC1800B3-16A2-4F73-B8C8-9AFEE8F5172F}" = rport=139 | protocol=6 | dir=out | app=system |
"{BC932310-78DB-4D60-836E-D132A1DFDB56}" = rport=445 | protocol=6 | dir=out | app=system |
"{C23B57BD-170D-441B-982B-B22B3641A9C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{D7158CA5-79C7-44B8-A325-06E2549316D6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D975D772-E6E4-4888-9763-2473991BEF97}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{E0776A6B-EF7A-4734-9B8E-D0E8699EADFA}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EEFB19A2-3E5A-48E9-A927-1AFBE3316AB9}" = lport=10243 | protocol=6 | dir=in | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F17BA8-11FF-48F3-A8D2-84EEB20F62B3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{024199B7-E7E9-4539-BB98-5FDD02123D25}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0B169034-30AF-45A4-9CBB-6D085581AE0B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1C7A252B-9D6D-44B5-B590-25B3AECD5CF4}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{2369BB7C-D2D3-474E-BFD8-7200ED9D0473}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{24029E61-E6F6-492C-BE5A-31548294F31A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2C5C73DC-E439-4E8E-BC34-310FB8D13F12}" = protocol=6 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{344EC5C7-F24C-4A93-A739-5174FE9EA03C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3CC94C7A-0A83-4DB2-A5CA-0036D9D55EE8}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{4C22B1FA-37B9-4B99-8BE9-89D22A81FC9F}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{4FD2922D-2E9D-47C6-AA43-94D0E3B1962F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{50DC1B1D-087C-4D74-99DA-240E53D91686}" = protocol=6 | dir=out | app=system |
"{542EC2AF-3871-43ED-B5B8-91BA34F14308}" = protocol=17 | dir=in | app=c:\program files\avg\avg10\avgmfapx.exe |
"{54E36D0F-C10B-4706-A806-5926F2025F1D}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{573FE65C-E256-45B4-A352-44B5D793BE83}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{575FF6C4-6175-4CC1-BF7B-6D64ABF75B9C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{5CF61C30-7864-4149-B679-B948FDFFCD65}" = protocol=17 | dir=in | app=c:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe |
"{5E693EE9-A517-4413-B1DE-81D1264360C2}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6EB6C97B-E0C8-4325-A650-B2B929A2C127}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{71DFF594-F38D-48E6-AA89-B5809972F055}" = dir=in | app=c:\program files\hp\quickplay\qpservice.exe |
"{84F79809-F037-41FB-B5AD-BE78D65C5807}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{88F69760-9FB2-482B-BE7F-2EE6BEE7CF91}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B068F5E-B196-4F43-8E56-422027A03DE2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{9181A5B4-1D72-41B3-83A6-F14A257E070F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93657FE0-34BE-4631-BCA0-BE4C9E66A6E0}" = protocol=6 | dir=in | app=c:\program files\hp\hp envy 100 d410 series\bin\devicesetup.exe |
"{95B249DD-426A-495C-9D0C-831D273DBD84}" = protocol=17 | dir=in | app=c:\program files\hp\hp envy 100 d410 series\bin\devicesetup.exe |
"{A1D6E510-187F-4E8E-BA2B-53E3CD6DFF1D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A2011751-2EAD-4C4A-883C-7AC891EB5776}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{A41A31FA-9D85-41FC-A98B-2C9AF7CCC989}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{A62A3787-1CC8-4A17-92BE-CD76CD655BDB}" = dir=in | app=c:\program files\hp\quickplay\qp.exe |
"{A78D652D-7531-4399-B907-5FA7160BAA57}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{B38547F6-1D84-440E-A783-667CAA4A764C}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{B6B7B011-9A23-40DB-A375-38639EE905E8}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{B9ABD99C-4C02-4555-AE39-35EEB9BAC092}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{C02D9888-AA50-4F9B-97BC-EFF8A324BA02}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C3C4BF3A-3279-40D0-8ECA-F29393647933}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{C696321B-ECA8-4566-8C49-E807D81E3189}" = protocol=6 | dir=in | app=c:\program files\hp\hp envy 100 d410 series\bin\hpnetworkcommunicator.exe |
"{D50E1964-412A-4F44-9AA7-8CD094D92967}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E45E9B29-5FEE-4D91-B1CA-90EC21E8C013}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E7B8642D-A081-4DEA-B0D4-4DD68096F4B0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F68C1EC5-C5CA-4A80-9D2D-182219FD7085}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{41A1A85F-7580-4A5F-BA84-5C3F0102C32E}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"TCP Query User{516D79F7-17D4-4A50-BF1D-26182C2CDC59}C:\users\corrine\downloads\utorrent (1).exe" = protocol=6 | dir=in | app=c:\users\corrine\downloads\utorrent (1).exe |
"TCP Query User{BA464002-E7A5-40C9-BD96-CFB0F389C8E1}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{59D2940A-FD13-4DE7-92AD-74473FF3B07E}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{7F2D7D72-9E25-4335-8CBD-B07B82FD71B7}C:\users\corrine\downloads\utorrent (1).exe" = protocol=17 | dir=in | app=c:\users\corrine\downloads\utorrent (1).exe |
"UDP Query User{96ABF72B-9427-4FE0-9A82-7035D9E2DE63}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = HP Integrated Module with Bluetooth wireless technology 6.0.1.6204
"{06E74B9B-631F-4378-BF3A-40D868450C05}" = HPPhotoSmartPhotobookHolidayPack1
"{082702D5-5DD8-4600-BCE5-48B15174687F}" = HP Doc Viewer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{172AEB5E-CBB2-4CDD-A4CF-388600825839}" = HPPhotoSmartPhotobookPlayfulPack1
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1BDC9633-895B-4842-BCB6-8FA1EC2A3C5A}" = Adobe Shockwave Player
"{1dc34015-aa09-4f8c-9fd1-8135747ddea9}" = C4340
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{228C6B46-64E2-404E-898A-EF0830603EF4}" = HPNetworkAssistant
"{254C37AA-6B72-4300-84F6-98A82419187E}" = Hewlett-Packard Active Check for Health Check
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{274AF999-F147-49FC-8ACA-6C859F91D4B7}" = HP Envy 100 D410 series Basic Device Software
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{30DAA715-5032-40F9-A0AE-95C9AEBB3E3F}" = HP QuickTouch 1.00 D2
"{323f35d7-9fcf-48cf-a66e-cf3ddf6c0621}" = C4340_Help
"{32a8e314-9663-4fbc-bc03-f4d84e670fcc}" = PS_AIO_03_C4340_ProductContext
"{340F521E-3576-4E1A-B75C-EB0ACF751379}" = HP Wireless Assistant
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons 6.40 D1
"{34DAFDEC-A4B4-488A-A5CD-C91975A6F083}" = MediaRing Talk
"{35F83303-C0C0-46B7-B8A8-ADA7C2AC5645}" = muvee autoProducer 6.1
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{3877C901-7B90-4727-A639-B6ED2DD59D43}" = ESU for Microsoft Vista
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{45A136EC-88BF-4B95-99F5-C45D3930E1CC}" = HP MULTIPLE MODEM INSTALLER for VISTA
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.7
"{47F3EDF5-C821-49E6-B9B3-D00BF0A9BAB8}" = DigitalPersona Personal 4.11
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{51E5C397-0AA0-48DD-9CB6-7259AFFDFB0A}" = HP Easy Setup - Frontend
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{567E8236-C414-4888-8211-3D61608D57AE}" = Validity Sensors software
"{582287DA-0806-4AC0-BF19-C15E3A466034}" = LightScribe System Software 1.12.33.2
"{584B7A79-1262-4424-BB2E-21D8EF10DFB4}" = HP Photosmart C4340 All-In-One Driver Software 10.0 Rel .3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6472393A-7D5A-92DD-00A9-AB57A1DE4AE9}" = Tiqbiz
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = Hewlett-Packard Asset Agent for Health Check
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6AD9F5F3-5BD0-4000-BD9C-B536CF86D988}" = iTunes
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D12EC75-E7D3-4EAD-AB10-E1F3AFF94AA6}" = AVG 2012
"{6E0EF17B-B9F2-4847-9E9D-DAB9E4F24E66}" = Classic PhoneTools
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App (HP Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{74758510-0150-DD2A-92F0-92FA80FD1AC5}" = RACV Fuel Monitor
"{749EC8D6-EE79-47FA-B13D-E87A6E3855E8}" = HP Envy 100 D410 series Help
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 8168 8101E 8102E Ethernet Driver
"{89E052B2-5CA5-4B7A-AF0C-28CA2836B030}" = HPPhotoSmartPhotobookModernPack1
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8F1ADE4D-EFAC-4F5A-B346-23C2687FAF50}" = Apple Mobile Device Support
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D91AD2D-2401-4192-81DF-73B6071EB60F}" = HP Envy 100 D410 series Product Improvement Study
"{9E2CCD5E-1990-4EF2-9B61-32F0BBACC29B}" = HP Active Support Library
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A11409F1-CD33-4076-85CB-4EE4A8439BFE}" = Scan
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{AAD72731-807A-4B79-AE05-9190B7002B7B}" = ProtectSmart Hard Drive Protection
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A83000000003}" = Adobe Reader 8.3.1
"{AC95121F-1576-45B8-82F7-3911D27882E6}" = HPPhotoSmartPhotobookScrapbookPack1
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{B0F1B02F-47A6-411D-A38B-E44CC7F53CCC}" = e-tax 2012
"{B16DA0F8-26BC-4FFC-9363-1D9F3E6C3E21}" = HP Customer Experience Enhancements
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B8169E45-8E23-430B-91D1-EC64540C8ED0}" = HP User Guides 0103
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{bb06d04a-9871-4a6b-a668-2ef483b5c2b5}" = PS_AIO_03_C4340_Software_Min
"{C078C299-C2C2-4110-A6EF-8D5E66C228DA}" = e-tax 2011
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E333CA5F-00ED-4EEF-90E5-6A33A8FE969F}" = HP Help and Support
"{E3436EE2-D5CB-4249-840B-3A0140CC34C3}" = Classic PhoneTools
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E7084B89-69E0-46B3-A118-8F99D06988CD}" = Microsoft SQL Server VSS Writer
"{ed8fcd31-e06b-4103-b4f7-657b9a82e29f}" = PS_AIO_03_C4340_Software
"{f32502b5-5b64-4882-bf61-77f23edcac4f}" = HP Total Care Advisor
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F51C2A69-D2E2-4813-AAD7-618D2BF85DFD}" = AVG 2012
"{F5283282-5ABA-4C81-9198-BB55BA025143}" = Mickey Saves the Day
"{F636EE9A-F9EC-4606-BCFA-77DD0E210788}" = HPPhotoSmartDiscLabel_Tattoo
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AOL Toolbar" = AOL Toolbar 5.0
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"au.com.technocrat.racv.FuelWidget" = RACV Fuel Monitor
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Diner Dash1.0 (Cracked By CoffeeMan)" = Diner Dash
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"Free RAR Extract Frog" = Free RAR Extract Frog
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP MiniCard Hybrid TV" = HP MiniCard Hybrid TV 1.3.0.58
"HP Photo Creations" = HP Photo Creations
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"JBidwatcher_0" = JBidwatcher 2.5
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"net.invision.tiqbiz" = Tiqbiz
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"SlingMedia.QPSlingPlayer_is1" = QuickPlay SlingPlayer 0.4.6
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WildTangent hp Master Uninstall" = My HP Games
"YTdetect" = Yahoo! Detect

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 21/08/2012 12:26:49 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 154690

Error - 21/08/2012 12:26:51 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21/08/2012 12:26:51 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 157062

Error - 21/08/2012 12:26:51 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 157062

Error - 21/08/2012 12:26:52 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 21/08/2012 12:26:52 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 158466

Error - 21/08/2012 12:26:52 AM | Computer Name = CORRINE-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 158466

Error - 21/08/2012 8:29:46 AM | Computer Name = CORRINE-PC | Source = WinMgmt | ID = 10
Description =

Error - 21/08/2012 11:30:19 PM | Computer Name = CORRINE-PC | Source = WinMgmt | ID = 10
Description =

Error - 22/08/2012 3:14:57 AM | Computer Name = CORRINE-PC | Source = WinMgmt | ID = 10
Description =

[ DigitalPersona Pro Events ]
Error - 11/03/2011 2:19:28 AM | Computer Name = CORRINE-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

Error - 20/09/2011 3:34:18 AM | Computer Name = CORRINE-PC | Source = DigitalPersona Pro | ID = 17827841
Description = One-to-one fingerprint match failed.

[ Media Center Events ]
Error - 3/03/2012 12:14:50 AM | Computer Name = CORRINE-PC | Source = Recording | ID = 19
Description = The recording schedule has been corrupted and was automatically deleted
on 03/03/2012 15:14:50. You may need to reschedule your recordings.

[ System Events ]
Error - 21/08/2012 11:30:20 PM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7009
Description =

Error - 21/08/2012 11:30:20 PM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 21/08/2012 11:31:23 PM | Computer Name = CORRINE-PC | Source = DCOM | ID = 10016
Description =

Error - 21/08/2012 11:31:57 PM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 21/08/2012 11:31:57 PM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7034
Description =

Error - 22/08/2012 3:14:33 AM | Computer Name = CORRINE-PC | Source = EventLog | ID = 6008
Description = The previous system shutdown at 3:30:05 PM on 22/08/2012 was unexpected.

Error - 22/08/2012 3:14:57 AM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7000
Description =

Error - 22/08/2012 3:16:15 AM | Computer Name = CORRINE-PC | Source = DCOM | ID = 10016
Description =

Error - 22/08/2012 3:17:08 AM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7022
Description =

Error - 22/08/2012 3:17:08 AM | Computer Name = CORRINE-PC | Source = Service Control Manager | ID = 7034
Description =


< End of report >

Blade81
2012-08-22, 23:27
Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.4 update for it) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Uninstall your current Adobe shockwave player and get the fresh one here (http://get.adobe.com/shockwave/) if needed.

Uninstall vulnerable Flash versions by following instructions here (http://kb2.adobe.com/cps/141/tn_14157.html). Fresh version can be obtained here (http://get.adobe.com/flashplayer/).


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 7 Update 6 (http://www.oracle.com/technetwork/java/javase/downloads/index.html).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-7u6-windows-i586.exe to install the newest version.




Let's run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following


:OTL
CHR - Extension: Fast save = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ienapmpfomhppchccppipjbffkoiccdj\1.1_0\

:Commands
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot when it is done
Then post a new OTL log

corrie1
2012-08-24, 08:33
Thanks. Here is my new OTL log. :thanks:
OTL logfile created on: 23/08/2012 11:01:13 PM - Run 2
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\CORRINE\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 1.85 Gb Available Physical Memory | 61.76% Memory free
6.19 Gb Paging File | 5.03 Gb Available in Paging File | 81.27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 456.11 Gb Total Space | 298.35 Gb Free Space | 65.41% Space Free | Partition Type: NTFS
Drive D: | 372.61 Gb Total Space | 356.73 Gb Free Space | 95.74% Space Free | Partition Type: NTFS
Drive E: | 9.65 Gb Total Space | 1.21 Gb Free Space | 12.56% Space Free | Partition Type: NTFS

Computer Name: CORRINE-PC | User Name: CORRINE | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\CORRINE\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Tiqbiz\Tiqbiz.exe ()
PRC - C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe (Broadcom Corporation.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
PRC - C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
PRC - C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)
PRC - C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)


========== Modules (No Company Name) ==========

MOD - c:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\WebKit.dll ()
MOD - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll ()
MOD - C:\Program Files\Tiqbiz\Tiqbiz.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files\HP\QuickPlay\Kernel\common\MCEMediaStatus.dll ()
MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()


========== Win32 Services (SafeList) ==========

SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (WinHttpAutoProxySvc) -- winhttp.dll (Microsoft Corporation)
SRV - (AVG Security Toolbar Service) -- C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (GamesAppService) -- C:\Program Files\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (DpHost) -- C:\Program Files\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (AESTFilters) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (STacSV) -- C:\WINDOWS\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\stacsv.exe (IDT, Inc.)
SRV - (vfsFPService) -- C:\WINDOWS\System32\vfsFPService.exe (Validity Sensors, Inc.)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AgereModemAudio) -- C:\WINDOWS\System32\agrsmsvc.exe (Agere Systems)


========== Driver Services (SafeList) ==========

DRV - (UIUSys) -- system32\DRIVERS\UIUSYS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (catchme) -- C:\Users\CORRINE\AppData\Local\Temp\catchme.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (AVGIDSHX) -- C:\WINDOWS\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Avgtdix) -- C:\WINDOWS\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgldx86) -- C:\WINDOWS\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgrkx86) -- C:\WINDOWS\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (Avgmfx86) -- C:\WINDOWS\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (AVGIDSShim) -- C:\WINDOWS\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSFilter) -- C:\WINDOWS\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. )
DRV - (AVGIDSDriver) -- C:\WINDOWS\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. )
DRV - (Netaapl) -- C:\WINDOWS\System32\drivers\netaapl.sys (Apple Inc.)
DRV - (JMCR) -- C:\WINDOWS\System32\drivers\jmcr.sys (JMicron Technology Corporation)
DRV - (STHDA) -- C:\WINDOWS\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (AVerBDA6x) -- C:\WINDOWS\System32\drivers\AVerBDA716x.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV - (nvlddmkm) -- C:\WINDOWS\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NVHDA) -- C:\WINDOWS\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (RTL8169) -- C:\WINDOWS\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (NETw5v32) -- C:\WINDOWS\System32\drivers\NETw5v32.sys (Intel Corporation)
DRV - (vfs101x) -- C:\WINDOWS\System32\drivers\vfs101x.sys (Validity Sensors, Inc.)
DRV - (hpdskflt) -- C:\WINDOWS\System32\drivers\hpdskflt.sys (Hewlett-Packard Corporation)
DRV - (Accelerometer) -- C:\WINDOWS\System32\drivers\Accelerometer.sys (Hewlett-Packard Corporation)
DRV - (AgereSoftModem) -- C:\WINDOWS\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (enecir) -- C:\WINDOWS\System32\drivers\enecir.sys (ENE TECHNOLOGY INC.)
DRV - (WSDPrintDevice) -- C:\WINDOWS\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (HpqKbFiltr) -- C:\WINDOWS\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (NVENETFD) -- C:\WINDOWS\System32\drivers\nvm60x32.sys (NVIDIA Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {50FEB985-2057-46B7-8948-1EF7B4185004}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{50FEB985-2057-46B7-8948-1EF7B4185004}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{50FEB985-2057-46B7-8948-1EF7B4185004}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1347&query={searchTerms}&invocationType=tb50hpcnnbie7-en-au
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={BF948C8A-5BF5-400B-8367-5B0C8934141A}&mid=6dbd9c6f364e47d68e2dd168c03e3bcb-86a8876a25aa1857a0617e771246472422d21fb5&lang=en&ds=AVG&pr=fr&d=2011-09-16 13:27:39&v=10.0.0.7&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{EBCCD6AC-4815-4CBE-9E02-2C0B82377AE0}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=WBG&o=15132&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=RN&apn_dtid=YYYYYYYYAU&apn_uid=F2BA234F-E19A-4D3F-98A2-1654B71FBB40&apn_sauid=3D45939B-EAFD-4881-B0C2-A11CFA0D1B61&
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.6.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.6.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\9\NP_wtapp.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\FirefoxExt\ [2010/12/17 19:34:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012/05/20 15:42:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012/07/13 10:10:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack\ [2012/05/20 15:41:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\DigitalPersona\Bin\firefoxext [2010/12/17 19:34:47 | 000,000,000 | ---D | M]


========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files\WildTangent Games\App\BrowserIntegration\Registered\7\NP_wtapp.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\CORRINE\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - Extension: YouTube = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: AVG Safe Search = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2161_0\
CHR - Extension: AVG Do Not Track = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\
CHR - Extension: Gmail = C:\Users\CORRINE\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/14 23:43:16 | 000,443,998 | R--- | M]) - C:\WINDOWS\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 15252 more lines...
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [HF_G_Jul] C:\Program Files\AVG Secure Search\HF_G_Jul.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [ROC_roc_dec12] C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe ()
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [ISUSPM] C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe (Macrovision Corporation)
O4 - HKCU..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tiqbiz.lnk = C:\Program Files\Tiqbiz\Tiqbiz.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Silhouette.jpg
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/11 20:58:03 | 000,000,074 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/23 22:47:23 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/23 22:26:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/08/23 22:25:51 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/23 22:25:51 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/23 22:25:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/23 22:25:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/23 22:25:02 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/23 22:05:39 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012/08/16 09:45:47 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/08/16 09:45:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/08/16 09:45:44 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/08/16 09:45:43 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/08/16 09:45:42 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/08/16 09:45:41 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/08/16 09:45:40 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/08/16 09:45:17 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/08/16 09:39:58 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/08/14 16:32:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/08/11 23:03:20 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/11 23:02:43 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/11 22:35:45 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/11 22:35:45 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/11 22:35:45 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/11 22:30:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/02 19:38:34 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/08/02 19:38:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
[2012/08/02 19:38:10 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2012/07/28 15:48:51 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 15:48:50 | 000,162,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 15:48:49 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 15:48:48 | 000,086,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 15:48:48 | 000,076,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 15:48:48 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 15:48:45 | 000,367,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 15:48:45 | 000,353,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 15:48:45 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 15:48:44 | 003,695,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 15:48:44 | 000,434,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 15:48:44 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 15:48:44 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 15:48:43 | 000,353,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 15:48:43 | 000,074,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 15:48:42 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 15:48:38 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 15:48:35 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 15:48:34 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 15:48:32 | 000,580,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 15:48:22 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 15:48:21 | 000,227,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 15:48:21 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 15:48:21 | 000,101,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 15:48:18 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 15:48:17 | 000,118,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 15:48:16 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 15:48:16 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 15:48:16 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 15:48:15 | 000,130,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[2010/12/15 17:56:20 | 003,063,561 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MobileTV.exe
[2010/12/15 17:56:20 | 002,989,660 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\DVD.exe
[2010/12/15 17:56:20 | 002,864,396 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\MPV.exe
[2010/12/15 17:56:20 | 002,331,174 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Karaoke.exe
[2010/12/15 17:56:20 | 002,231,606 | ---- | C] (Macromedia, Inc.) -- C:\ProgramData\Games.exe
[1 C:\Users\CORRINE\Desktop\*.tmp files -> C:\Users\CORRINE\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/23 23:04:11 | 000,000,916 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003UA.job
[2012/08/23 23:04:07 | 000,000,864 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1739354534-4097504262-3052609685-1003Core.job
[2012/08/23 23:01:13 | 000,000,249 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/08/23 23:00:44 | 000,098,911 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/08/23 22:59:45 | 000,098,911 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/08/23 22:59:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 22:59:03 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/23 22:58:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/23 22:58:41 | 3218,042,880 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/23 22:57:02 | 000,002,140 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/08/23 22:40:37 | 030,491,648 | ---- | M] () -- C:\Users\CORRINE\Desktop\archive.pst
[2012/08/23 22:40:07 | 449,766,400 | ---- | M] () -- C:\Users\CORRINE\Desktop\FILE008.PST
[2012/08/23 22:24:18 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2012/08/23 22:24:15 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe
[2012/08/23 22:24:15 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2012/08/23 22:24:14 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll
[2012/08/23 22:24:14 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll
[2012/08/23 22:24:14 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2012/08/23 21:58:00 | 000,000,328 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2012/08/23 21:54:00 | 104,747,107 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm
[2012/08/22 18:52:46 | 000,375,317 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm
[2012/08/22 14:09:08 | 000,002,054 | ---- | M] () -- C:\Users\CORRINE\Desktop\Google Chrome.lnk
[2012/08/20 09:32:51 | 000,000,680 | ---- | M] () -- C:\Users\CORRINE\AppData\Local\d3d9caps.dat
[2012/08/19 20:08:25 | 000,612,584 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/19 20:08:25 | 000,110,000 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/17 23:02:16 | 000,156,944 | ---- | M] () -- C:\Users\CORRINE\Documents\CORRINE2012.TAX
[2012/08/17 22:59:28 | 000,156,944 | ---- | M] () -- C:\Users\CORRINE\Documents\CORRINE2012.BAK
[2012/08/17 21:48:04 | 000,000,766 | ---- | M] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tiqbiz.lnk
[2012/08/16 10:00:04 | 000,381,336 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/08/14 23:43:16 | 000,443,998 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/11 23:28:19 | 000,003,959 | ---- | M] () -- C:\Users\CORRINE\Desktop\Attach (2).zip
[2012/08/09 16:28:22 | 000,001,224 | ---- | M] () -- C:\Windows\pstudio.ini
[2012/08/09 16:28:22 | 000,000,028 | ---- | M] () -- C:\Windows\album.ini
[2012/08/09 16:18:59 | 000,000,010 | R--- | M] () -- C:\Windows\PSTUDIO.SN
[2012/08/09 16:17:07 | 000,015,872 | ---- | M] () -- C:\Users\CORRINE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/09 15:13:40 | 000,004,283 | ---- | M] () -- C:\Users\CORRINE\Desktop\Attach.zip
[2012/08/06 11:38:52 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120814-234316.backup
[2012/08/06 09:22:11 | 000,443,818 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts.20120806-113852.backup
[2012/08/04 18:29:27 | 000,000,258 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2012/08/02 22:34:03 | 000,028,174 | ---- | M] () -- C:\Users\CORRINE\Desktop\144852631827884519-1 (1).pdf
[2012/08/02 20:16:26 | 000,000,512 | ---- | M] () -- C:\Users\CORRINE\Documents\MBR.dat
[2012/08/02 20:10:20 | 000,003,971 | ---- | M] () -- C:\Users\CORRINE\Documents\Attach.zip
[2012/08/02 19:38:21 | 000,000,915 | ---- | M] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 19:38:13 | 000,000,716 | ---- | M] () -- C:\Users\CORRINE\Desktop\ERUNT.lnk
[2012/07/28 21:23:52 | 000,000,945 | ---- | M] () -- C:\Users\CORRINE\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/07/28 15:49:15 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2012/07/28 15:49:15 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2012/07/28 15:48:52 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll
[2012/07/28 15:48:50 | 000,162,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2012/07/28 15:48:49 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2012/07/28 15:48:48 | 000,086,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/07/28 15:48:48 | 000,076,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe
[2012/07/28 15:48:48 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll
[2012/07/28 15:48:45 | 000,367,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/07/28 15:48:45 | 000,353,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2012/07/28 15:48:45 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2012/07/28 15:48:44 | 003,695,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat
[2012/07/28 15:48:44 | 000,434,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2012/07/28 15:48:44 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/07/28 15:48:44 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2012/07/28 15:48:44 | 000,031,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/07/28 15:48:43 | 000,353,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/07/28 15:48:43 | 000,074,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/07/28 15:48:42 | 000,023,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/07/28 15:48:38 | 000,078,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll
[2012/07/28 15:48:35 | 000,152,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe
[2012/07/28 15:48:34 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe
[2012/07/28 15:48:32 | 000,580,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/07/28 15:48:22 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll
[2012/07/28 15:48:21 | 000,227,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieaksie.dll
[2012/07/28 15:48:21 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakui.dll
[2012/07/28 15:48:21 | 000,101,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\admparse.dll
[2012/07/28 15:48:18 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll
[2012/07/28 15:48:17 | 000,118,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/07/28 15:48:16 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll
[2012/07/28 15:48:16 | 000,041,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/07/28 15:48:16 | 000,010,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/07/28 15:48:15 | 000,130,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieakeng.dll
[1 C:\Users\CORRINE\Desktop\*.tmp files -> C:\Users\CORRINE\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/11 23:28:19 | 000,003,959 | ---- | C] () -- C:\Users\CORRINE\Desktop\Attach (2).zip
[2012/08/11 22:35:45 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/11 22:35:45 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/11 22:35:45 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/11 22:35:45 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/11 22:35:45 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/09 16:18:59 | 000,000,010 | R--- | C] () -- C:\Windows\PSTUDIO.SN
[2012/08/09 15:13:40 | 000,004,283 | ---- | C] () -- C:\Users\CORRINE\Desktop\Attach.zip
[2012/08/04 18:29:27 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/08/02 22:34:03 | 000,028,174 | ---- | C] () -- C:\Users\CORRINE\Desktop\144852631827884519-1 (1).pdf
[2012/08/02 20:10:20 | 000,003,971 | ---- | C] () -- C:\Users\CORRINE\Documents\Attach.zip
[2012/08/02 19:55:56 | 000,000,512 | ---- | C] () -- C:\Users\CORRINE\Documents\MBR.dat
[2012/08/02 19:38:21 | 000,000,915 | ---- | C] () -- C:\Users\CORRINE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2012/08/02 19:38:13 | 000,000,716 | ---- | C] () -- C:\Users\CORRINE\Desktop\ERUNT.lnk
[2012/07/28 15:48:44 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2012/04/22 11:07:14 | 000,000,032 | ---- | C] () -- C:\Users\CORRINE\.deskmetrics
[2012/02/27 19:13:04 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL
[2012/02/27 19:13:04 | 000,040,129 | ---- | C] () -- C:\Windows\iccsigs.dat
[2012/02/27 19:13:03 | 000,000,048 | ---- | C] () -- C:\Windows\KPCMS.INI
[2011/10/27 20:16:33 | 000,000,297 | ---- | C] () -- C:\Users\CORRINE\CORRINE - Shortcut.lnk
[2011/10/06 20:57:53 | 000,292,890 | ---- | C] () -- C:\Users\CORRINE\microsoft request.cab
[2011/07/24 18:04:02 | 000,001,211 | ---- | C] () -- C:\Windows\disney.ini
[2011/05/12 16:57:36 | 000,001,224 | ---- | C] () -- C:\Windows\pstudio.ini
[2011/05/12 16:57:36 | 000,000,028 | ---- | C] () -- C:\Windows\album.ini
[2011/05/12 16:57:36 | 000,000,021 | ---- | C] () -- C:\Windows\Ps_setup.ini
[2011/02/05 11:01:37 | 000,157,638 | ---- | C] () -- C:\Windows\hpoins26.dat
[2010/12/23 17:04:25 | 000,000,680 | ---- | C] () -- C:\Users\CORRINE\AppData\Local\d3d9caps.dat
[2010/12/18 15:42:11 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2010/12/18 15:42:11 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2010/12/07 13:44:45 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2010/12/05 15:59:07 | 000,015,872 | ---- | C] () -- C:\Users\CORRINE\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/27 09:54:17 | 000,000,249 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2010/11/27 09:50:59 | 000,098,911 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010/11/27 09:50:29 | 000,098,911 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2010/11/27 09:30:56 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2010/11/27 09:30:15 | 000,003,072 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll

< End of report >

Blade81
2012-08-24, 08:50
Hi,

Does the problem still occur?

corrie1
2012-08-26, 09:35
The problem seems to be fixed. Thanks

Blade81
2012-08-26, 18:16
Good. Let's see the final steps then :)


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

A To disable the System Restore feature:

1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.

B. Reboot.

C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.



Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK


Next we remove OTL.


Double-click OTL.exe.
Click the CleanUp! button.
Select Yes when the
Begin cleanup Process?
prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.


Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings. Leave the program installed so you'll stay alarmed about vulnerable components in future too.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

Blade81
2012-09-09, 13:09
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.