-
Google redirect came back - ken545
Ken -
This is from this thread: http://forums.spybot.info/showthread...268#post430268
I didn't see your last post (can't figure out how to get email notification). The other site you suggested was of no help. I did update Java but did not delete combofix yet.
The redirect virus came back ... on firefox. Strange because, defender malwarebytes all show nothing. Guess could be a well entrenched rootkit?
About ready to buy a new laptop and reformat, reload windows & sell this one.
Any ideas?
Albert
-
Hello Albert,
Lets start a bit over. You can go ahead and delete Combofix because if we need it again we will just download a new updated copy
aswMBR Log
Important! Please do not perform any fix options offered in aswMBR
Please download aswMBR to your desktop.
- Double click the aswMBR icon to run it.
- Click the Scan button to start scan.
- If you are asked to update the Avast Virus database please allow it to do so.
- When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your next reply.
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
OTL by OldTimer
- Download OTL to your desktop.
- Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
- When the window appears, underneath Output at the top change it to Minimal Output.
- Click the "Scan All Users" checkbox.
- Check the boxes beside LOP Check and Purity Check.
- Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically. - Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.
Last edited by ken545; 2012-09-10 at 00:05.
-
Hi -
For some reason OTL did not create the extras.txt file this time (others are attached). Do you want me to run OTL again? Also Gooredfix scan was REALLY short ... not sure if it worked.
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-09 20:33:49
-----------------------------
20:33:49.156 OS Version: Windows 6.1.7601 Service Pack 1
20:33:49.156 Number of processors: 4 586 0x2505
20:33:49.156 ComputerName: HP7LAPTOP UserName:
20:33:50.856 Initialize success
20:34:43.617 AVAST engine defs: 12090901
20:34:58.936 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:34:58.936 Disk 0 Vendor: Hitachi_ PC2O Size: 238475MB BusType: 3
20:34:58.952 Disk 0 MBR read successfully
20:34:58.952 Disk 0 MBR scan
20:34:58.968 Disk 0 Windows 7 default MBR code
20:34:58.968 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 300 MB offset 2048
20:34:58.983 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 220766 MB offset 616448
20:34:59.014 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 15360 MB offset 452745216
20:34:59.030 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 2043 MB offset 484202496
20:34:59.046 Disk 0 scanning sectors +488386560
20:34:59.077 Disk 0 scanning C:\windows\system32\drivers
20:35:06.003 Service scanning
20:35:16.096 Service MpKsl910d71eb C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B57971A2-C164-4F2E-99A8-51767828CA77}\MpKsl910d71eb.sys **LOCKED** 32
20:35:23.007 Service SafeBoot C:\windows\System32\Drivers\SafeBoot.sys **LOCKED** 32
20:35:30.074 Modules scanning
20:35:35.409 Module: C:\windows\System32\iertutil.dll **SUSPICIOUS**
20:35:35.628 Module: C:\windows\System32\wininet.dll **SUSPICIOUS**
20:35:36.486 Module: C:\windows\System32\urlmon.dll **SUSPICIOUS**
20:35:37.313 Disk 0 trace - called modules:
20:35:37.328 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys halmacpi.dll ACPI.sys iaStor.sys
20:35:37.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87e3f678]
20:35:37.344 3 CLASSPNP.SYS[8b7d959e] -> nt!IofCallDriver -> [0x87e3fbd0]
20:35:37.359 5 hpdskflt.sys[8b9f2f92] -> nt!IofCallDriver -> [0x86276a78]
20:35:37.359 7 ACPI.sys[8b0303d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x8629d028]
20:35:39.325 AVAST engine scan C:\windows
20:35:41.556 AVAST engine scan C:\windows\system32
20:37:43.392 AVAST engine scan C:\windows\system32\drivers
20:37:52.346 AVAST engine scan C:\Users\P Albert Comulada
20:39:31.984 Disk 0 MBR has been saved successfully to "C:\Users\P Albert Comulada\Desktop\MBR.dat"
20:39:31.999 The log file has been saved successfully to "C:\Users\P Albert Comulada\Desktop\aswMBR.txt"
GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:40 on 09/09/2012 (P Albert Comulada)
Firefox version 15.0 (en-US)
========== GooredScan ==========
(none)
========== GooredLog ==========
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [14:26 07/09/2012]
C:\Users\P Albert Comulada\Application Data\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\
(none)
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"otis@digitalpersona.com"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\" [13:10 28/08/2012]
-=E.O.F=-
OTL logfile created on: 9/9/2012 8:43:49 PM - Run 2
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\P Albert Comulada\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.92 Gb Total Physical Memory | 1.53 Gb Available Physical Memory | 52.44% Memory free
5.84 Gb Paging File | 4.13 Gb Available in Paging File | 70.65% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 119.16 Gb Free Space | 55.27% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.56% Space Free | Partition Type: FAT32
Computer Name: HP7LAPTOP | User Name: P Albert Comulada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\P Albert Comulada\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Retrospect, Inc)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\DOS2USB\elsvc.exe ()
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HPCommon\2.0.6.0__89762bc6acc102f8\HPCommon.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HardwareAccess\2.0.6.0__89762bc6acc102f8\HardwareAccess.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Graphs\2.0.6.0__89762bc6acc102f8\Graphs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Adobe\Photoshop\psicon.dll ()
========== Services (SafeList) ==========
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Retrospect Helper) -- C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe (Retrospect, Inc)
SRV - (RetroLauncher) -- C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Retrospect, Inc)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (B-Service) -- C:\Users\P Albert Comulada\Downloads\B-Service.exe ()
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
SRV - (elAPIsvc) -- C:\Program Files\DOS2USB\elsvc.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (uArcCapture) -- C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\PALBER~1\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\PALBER~1\AppData\Local\Temp\aswMBR.sys File not found
DRV - (MpKsl910d71eb) -- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B57971A2-C164-4F2E-99A8-51767828CA77}\MpKsl910d71eb.sys (Microsoft Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}
IE - HKLM\..\SearchScopes\{8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-615262878-4179979-3482458484-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-615262878-4179979-3482458484-1002\..\SearchScopes,DefaultScope = {8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}
IE - HKU\S-1-5-21-615262878-4179979-3482458484-1002\..\SearchScopes\{8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-615262878-4179979-3482458484-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: emdtjnkrru@emdtjnkrru.org:2.5
FF - prefs.js..extensions.enabledAddons: socialfixer@mattkruse.com:6.502
FF - prefs.js..extensions.enabledAddons: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.6.3
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/28 09:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 10:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 10:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/09/05 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2012/09/09 12:38:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 10:27:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 10:26:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/09/05 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2012/09/09 12:38:11 | 000,000,000 | ---D | M]
[2010/12/09 18:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Extensions
[2012/08/27 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions
[2009/07/13 19:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\emdtjnkrru@emdtjnkrru.org.xpi
[2012/04/23 10:50:07 | 000,141,229 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\socialfixer@mattkruse.com.xpi
[2011/09/23 13:29:02 | 000,046,721 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
[2012/08/27 16:53:16 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/09/09 12:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 10:27:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 11:22:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 11:22:31 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Clinic (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
O1 HOSTS File: ([2012/09/03 16:59:14 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [DTRun] c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-21-615262878-4179979-3482458484-1002..\Run: [DOS2USB] C:\Program Files\DOS2USB\DOS2USB.exe (Bhaktee Software)
O4 - HKU\S-1-5-21-615262878-4179979-3482458484-1002..\Run: [NIM] C:\Users\P Albert Comulada\Downloads\AIM\aim.exe -cnetwait.odl File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-615262878-4179979-3482458484-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-615262878-4179979-3482458484-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE13B34-942A-4DC0-93A6-709553F4C724}: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC8094BB-F778-40E9-8105-1B92E4B401BB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/09 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\Desktop\GooredFix Backups
[2012/09/09 12:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/09 12:39:08 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/09 12:39:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/09 12:39:03 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/09 12:39:03 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/08 10:55:48 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/09/07 10:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/05 10:13:19 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/09/05 10:05:33 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\windows\System32\npdeployJava1.dll
[2012/09/04 10:29:38 | 000,000,000 | ---D | C] -- C:\Virus removal & logs
[2012/09/03 16:59:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/09/03 13:42:40 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/03 13:42:40 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Local\temp
[2012/08/30 11:39:24 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 09:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2012/08/28 09:15:51 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Roaming\Hewlett-Packard Company
[2012/08/28 09:10:43 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2012/08/28 08:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/08/27 20:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/27 18:04:32 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2012/08/27 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Local\LogMeIn Rescue Applet
[2012/08/27 16:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/27 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/27 16:17:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012/08/27 16:15:08 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\srcore.dll
[2012/08/27 16:15:06 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browcli.dll
[2 C:\Users\P Albert Comulada\AppData\Local\*.tmp files -> C:\Users\P Albert Comulada\AppData\Local\*.tmp -> ]
[1 C:\Users\P Albert Comulada\*.tmp files -> C:\Users\P Albert Comulada\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/09 20:43:01 | 000,000,956 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002UA.job
[2012/09/09 20:39:31 | 000,000,512 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\MBR.dat
[2012/09/09 20:04:00 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/09 12:38:58 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\windows\System32\WindowsAccessBridge.dll
[2012/09/09 12:38:55 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaws.exe
[2012/09/09 12:38:55 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\javaw.exe
[2012/09/09 12:38:55 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\windows\System32\java.exe
[2012/09/09 12:38:54 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\windows\System32\npdeployJava1.dll
[2012/09/09 12:38:54 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\windows\System32\deployJava1.dll
[2012/09/09 11:43:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002Core.job
[2012/09/09 10:04:52 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 10:04:52 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/09 09:57:45 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/09/09 09:57:30 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/09 09:57:26 | 3136,741,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/08 11:05:17 | 000,674,860 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/08 11:05:17 | 000,125,668 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/08 10:49:40 | 000,000,368 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForP Albert Comulada.job
[2012/09/08 09:35:57 | 000,001,986 | ---- | M] () -- C:\Users\P Albert Comulada\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:27:26 | 1150,510,346 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-09-07 1917.zip
[2012/09/07 16:25:34 | 000,002,068 | -H-- | M] () -- C:\Users\P Albert Comulada\Documents\Default.rdp
[2012/09/04 15:49:31 | 000,000,000 | ---- | M] () -- C:\Users\P Albert Comulada\dos2usb.spl
[2012/09/03 16:59:14 | 000,000,098 | ---- | M] () -- C:\windows\System32\drivers\etc\Hosts
[2012/08/28 09:16:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2012/08/27 23:20:28 | 1131,956,838 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-08-27 2310.zip
[2012/08/27 18:39:27 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 18:04:19 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012/08/27 18:04:19 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012/08/27 16:23:44 | 000,688,088 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2 C:\Users\P Albert Comulada\AppData\Local\*.tmp files -> C:\Users\P Albert Comulada\AppData\Local\*.tmp -> ]
[1 C:\Users\P Albert Comulada\*.tmp files -> C:\Users\P Albert Comulada\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/09 20:39:31 | 000,000,512 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\MBR.dat
[2012/09/08 11:01:28 | 1150,510,346 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-09-07 1917.zip
[2012/08/31 19:23:44 | 000,000,368 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForP Albert Comulada.job
[2012/08/30 11:38:47 | 000,000,956 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002UA.job
[2012/08/30 11:38:47 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002Core.job
[2012/08/28 08:07:01 | 1131,956,838 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-08-27 2310.zip
[2012/08/27 19:38:44 | 000,674,860 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2012/08/27 19:38:44 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2012/08/27 19:38:44 | 000,125,668 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2012/08/27 19:38:44 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2012/08/27 19:38:44 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 19:38:44 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/27 19:38:44 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 18:39:27 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 15:53:05 | 3136,741,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/11 11:51:17 | 000,015,872 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/04/08 16:44:49 | 000,001,849 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Roaming\GhostObjGAFix.xml
[2011/03/23 10:39:27 | 000,000,036 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Local\housecall.guid.cache
[2011/02/27 10:30:38 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/01/20 12:52:30 | 000,010,534 | ---- | C] () -- C:\ProgramData\snddrv.sys
[2011/01/20 12:52:30 | 000,000,000 | ---- | C] () -- C:\Users\P Albert Comulada\dos2usb.spl
[2011/01/20 12:51:52 | 000,001,851 | ---- | C] () -- C:\windows\System32\xpdrvr.exe
[2011/01/20 11:33:48 | 000,000,877 | ---- | C] () -- C:\windows\Printfil.ini
[2011/01/13 15:58:01 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/13 15:57:17 | 000,105,168 | ---- | C] () -- C:\windows\NSUninst.exe
[2011/01/13 15:57:10 | 000,105,168 | ---- | C] () -- C:\windows\GREUninstall.exe
[2011/01/13 15:57:08 | 000,009,584 | ---- | C] () -- C:\windows\mozver.dat
[2011/01/12 21:31:17 | 000,087,544 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/01/12 19:24:00 | 000,263,856 | ---- | C] () -- C:\windows\ATMCNTRL.EXE
[2011/01/12 19:23:59 | 000,003,449 | ---- | C] () -- C:\windows\ATM.INI
[2011/01/12 19:21:12 | 000,030,464 | ---- | C] () -- C:\windows\macromix.dll
[2011/01/12 19:18:34 | 000,001,635 | ---- | C] () -- C:\windows\CORELCHT.INI
[2011/01/06 22:52:42 | 000,000,118 | ---- | C] () -- C:\windows\viewer.ini
[2011/01/06 22:52:42 | 000,000,083 | ---- | C] () -- C:\windows\artgalry.ini
[2011/01/06 22:52:04 | 000,003,937 | ---- | C] () -- C:\windows\MSWORKS3.INI
[2011/01/05 18:39:51 | 000,000,503 | ---- | C] () -- C:\windows\htmlasst.ini
[2010/12/19 17:59:00 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\DvyP413.dll
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\161exp2.dll
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\161exp1.dll
[2010/12/15 14:02:56 | 000,000,367 | ---- | C] () -- C:\windows\System32\CNCMFP12.INI
[2010/12/11 20:24:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/13 01:36:05 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
========== LOP Check ==========
[2011/04/13 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\089C8716-52DB-4845-A916-F1F9CFCDFB60
[2011/04/13 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\23653305-B8CB-49D1-9371-F9F598E176E4
[2012/05/04 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\4451474C-BA37-4EF7-9C18-5E7456C43F01
[2011/01/24 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Acronis
[2011/06/18 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Blackberry Desktop
[2012/09/09 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Canon
[2010/12/09 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\DigitalPersona
[2010/12/16 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\OpenOffice.org
[2011/03/14 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Research In Motion
[2011/03/23 12:51:45 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\TrojanHunter
[2012/08/13 07:44:22 | 000,032,584 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Last edited by ken545; 2012-09-10 at 09:57.
-
Good Morning,
You will only get the extras log from OTL on the first run so not to worry.
You never followed through at WTT, just follow the instructions from Struker, not sure who the other character is, I believe he should not be posting, post back there and let them know its still not working
This is another good site you may want to try
http://www.pcpitstop.com/
Look at your OTL log under Firefox, do you know about both those entries , SocialFixer and EMDTJnkrru ?
Also look under Trusted Sites, do you want to remove those ?
Please download TDSSKiller.zip- Extract it to your desktop
- Double click TDSSKiller.exe
- Press Start Scan
- Only if Malicious objects are found then ensure Cure is selected
- Then click Continue > Reboot now
- Copy and paste the log in your next reply
- A copy of the log will be saved automatically to the root of the drive (typically C:\)
Now drag your copy of Combofix to the trash and lets get a new updated copy.
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- See this Link for programs that need to be disabled and instruction on how to disable them.
- Remember to re-enable them when we're done.
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
-
Hi -
A few things ... I did respond to Ztruker on WTT. Then that other guy remarked and said to delete IE8 - but Ztrucker said not to so I didn't but I also replied. But I think it's best to finish up w/you 1st before I go back and try to get him to respnd again ..
Also SocialFixer is a little app for facebook so you can see who unfriends you or goes in active. It was recommended to me by another friend and seems to work well .. doubt it is bad. The other EMDTJnkrru - I have no clue. In fact I opened an old version of netscape I keep w/java and flash disabled, and tried to go to the page ... dead link. Might be from a company that I used an ap with that is no longer in business ... no clue though.
Logs below (or attached), and BTW - redirect is still active.
ComboFix 12-09-10.03 - P Albert Comulada 09/10/2012 12:48:52.3.4 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2991.1948 [GMT -4:00]
Running from: c:\users\P Albert Comulada\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\P Albert Comulada\dos2usb.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-08-10 to 2012-09-10 )))))))))))))))))))))))))))))))
.
.
2012-09-10 16:54 . 2012-09-10 16:54 -------- d-----w- c:\users\P Albert Comulada\AppData\Local\temp
2012-09-10 16:54 . 2012-09-10 16:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-09-10 16:54 . 2012-09-10 16:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-10 00:48 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FE9AC4F3-3BCC-4D07-BE05-31DED177E73C}\mpengine.dll
2012-09-09 16:39 . 2012-09-09 16:39 -------- d-----w- c:\program files\Common Files\Java
2012-09-09 16:39 . 2012-09-09 16:38 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-08 14:55 . 2012-09-08 14:55 -------- d-----w- C:\HP_RECOVERY_mountHPSF
2012-09-08 14:19 . 2012-08-23 07:15 7022536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-05 14:05 . 2012-09-09 16:38 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-04 14:29 . 2012-09-04 14:31 -------- d-----w- C:\Virus removal & logs
2012-09-03 20:59 . 2012-09-03 20:59 -------- d-----w- C:\_OTL
2012-08-28 13:17 . 2012-08-28 13:17 -------- d-----w- c:\program files\Common Files\Portrait Displays
2012-08-28 13:15 . 2012-08-28 13:15 -------- d-----w- c:\users\P Albert Comulada\AppData\Roaming\Hewlett-Packard Company
2012-08-28 13:10 . 2012-08-28 13:10 -------- d-----w- c:\windows\DPDrv
2012-08-28 12:59 . 2012-08-28 12:59 -------- d-----w- c:\programdata\HP
2012-08-28 00:51 . 2012-08-28 00:51 -------- d-----w- C:\TDSSKiller_Quarantine
2012-08-27 22:04 . 2012-08-27 22:04 -------- d-----w- c:\windows\CheckSur
2012-08-27 21:33 . 2012-08-28 12:04 -------- d-----w- c:\users\P Albert Comulada\AppData\Local\LogMeIn Rescue Applet
2012-08-27 20:18 . 2012-07-06 19:23 393728 ----a-w- c:\windows\system32\drivers\bthport.sys
2012-08-27 20:17 . 2012-08-27 20:17 -------- d-----w- c:\program files\Common Files\Skype
2012-08-27 20:17 . 2012-08-27 20:17 -------- d-----r- c:\program files\Skype
2012-08-27 20:15 . 2012-05-05 07:46 400896 ----a-w- c:\windows\system32\srcore.dll
2012-08-27 20:15 . 2012-07-04 21:14 102912 ----a-w- c:\windows\system32\browser.dll
2012-08-27 20:15 . 2012-07-04 21:14 41984 ----a-w- c:\windows\system32\browcli.dll
2012-08-27 20:15 . 2012-05-14 04:33 769024 ----a-w- c:\windows\system32\localspl.dll
2012-08-27 20:15 . 2012-02-11 05:43 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-08-27 20:15 . 2012-02-11 05:37 317440 ----a-w- c:\windows\system32\spoolsv.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-09 16:38 . 2011-01-02 18:27 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-27 22:04 . 2012-03-30 10:58 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-27 22:04 . 2011-05-17 13:04 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 17:46 . 2011-09-15 12:14 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-20 13:43 . 2012-06-20 13:43 2957312 ----a-w- c:\windows\system32\drivers\athr.sys
2012-09-07 14:27 . 2012-09-07 14:26 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-09-29 1685048]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"NIM"="c:\users\P Albert Comulada\Downloads\AIM\aim.exe" [2001-03-15 24576]
"DOS2USB"="c:\program files\DOS2USB\DOS2USB.exe" [2010-05-14 228584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QLBController"="c:\program files\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2010-03-01 256056]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"File Sanitizer"="c:\program files\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2009-12-12 11265536]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"DTRun"="c:\program files\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe" [2009-11-19 518656]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-07-21 8192]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2011-08-21 495708]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe" [2011-09-12 14904]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-11-17 21:39 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDF Complete]
2009-10-23 18:52 563736 ----a-w- c:\program files\PDF Complete\pdfsty.exe
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
R2 elAPIsvc;elAPI - Service Server;c:\program files\DOS2USB\elSVC.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 APL531;OVT Scanner;c:\windows\system32\Drivers\ov550i.sys [x]
R3 B-Service;B-Service;c:\users\P Albert Comulada\Downloads\B-Service.exe [x]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\system32\flcdlock.exe [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 netr28;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 RsvLock;RsvLock; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [x]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files\Hewlett-Packard\Shared\HPDrvMntSvc.exe [x]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MSSQL$REA9;SQL Server (REA9);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [x]
S2 PdiService;Portrait Displays SDK Service;c:\program files\Common Files\Portrait Displays\Drivers\pdisrvc.exe [x]
S2 uArcCapture;ArcCapture;c:\windows\system32\uArcCapture.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 61949813
*Deregistered* - 61949813
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 22:04]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 00:03]
.
2012-07-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 00:03]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002Core.job
- c:\users\P Albert Comulada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30 15:38]
.
2012-09-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002UA.job
- c:\users\P Albert Comulada\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-30 15:38]
.
2012-09-08 c:\windows\Tasks\HPCeeScheduleForP Albert Comulada.job
- c:\program files\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 11:22]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\system32\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\system32\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Classes\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\softwareRetroHlpSvc\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(596)
c:\windows\system32\DPFPApi.DLL
.
Completion time: 2012-09-10 12:57:08
ComboFix-quarantined-files.txt 2012-09-10 16:57
.
Pre-Run: 128,013,459,456 bytes free
Post-Run: 127,727,853,568 bytes free
.
- - End Of File - - AB8EC40D8FA43B0BAC64877807EBC7E6
Last edited by ken545; 2012-09-10 at 22:33.
-
Hello Albert,
Where are you being redirected to, dont paste the link , just tell me
You need to enable windows to show all files and folders, instructions Here
Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , if it says this file has been checked before, have them recheck it. When the scan is done just copy and paste the link back to this forum for me to see.
C:\windows\system32\drivers\SafeBoot.sys
c:\program files\DOS2USB\DOS2USB.exe
c:\program files\DOS2USB\elSVC.exe
If the site is busy you can try this one
http://virusscan.jotti.org/en
Download the GMER Rootkit Scanner. Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
- Double click GMER.exe.
- If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
- In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
Click the image to enlarge it
- Then click the Scan button & wait for it to finish.
- Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
- Save the log where you can easily find it, such as your desktop.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.
-
Hi -
The redirect sends me all over ... it just sent me to 'kidgroup.com'. But it's weird, it only does it the FIRST time I click on a link in the search results. If I just close the window then I can click on the links normally. It's like ... it doesn't want to piss you off that badly.
Also doubt DOS2USB is bad, it's a little program I bought that allows me to print from a dos program to a USB printer, been using it for over a year. Also SAFEBOOT would not let me scan it (said a process was using it), but I remembered I made a backup yesterday so I just recovered a copy and scanned it. The links for all 3 are below, but they didn't find anything. GMER log is below.
https://www.virustotal.com/file/3471...edd1/analysis/
https://www.virustotal.com/file/7cfc...5005/analysis/
https://www.virustotal.com/file/b014...97c3/analysis/
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-09-11 00:12:53
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PC2O
Running: gmer.exe; Driver: C:\Users\PALBER~1\AppData\Local\Temp\uwddipod.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E7A3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EB3D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
? C:\windows\System32\Drivers\SafeBoot.sys The process cannot access the file because it is being used by another process.
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x9182E000, 0x2FBFFA, 0xE8000020]
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\00000055 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\70f395745d82
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\70f395745d82 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
-
Just wanted to add that this is the DOS2USB link http://www.dos2usb.com/
I paid 19.99 for the program in feb 2010.
-
Hi,
I was looking at some other threads in relation to safeboot and it looks like if it was infected that Combofix would have tried to fix it, when you run CF it will also detect a rootkit and give a warning and your log does not show that, GMER looks fine also.
Run these through VirusTotal
C:\windows\System32\iertutil.dll
C:\windows\System32\wininet.dll
C:\windows\System32\urlmon.dll
Please download SuperAntiSpyware Free
Install the program
- Run SuperAntiSpyware and click: Check for updates
- Once the update is finished, on the main screen, click: Scan your computer
- Check: Perform Complete Scan
- Click Next to start the scan.
Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish
It is possible that the program asks to reboot in order to delete some files.
Obtain the SuperAntiSpyware log as follows:- Click: Preferences
- Click the Statistics/Logs tab
- Under Scanner Logs, double-click SuperAntiSpyware Scan Log
It opens in your default text editor (such as Notepad)
Please provide the SuperAntiSpyware log in your next reply
Then reboot and run a new scan with OTL and post that log please
Last edited by ken545; 2012-09-11 at 10:11.
-
Hi -
OK scaned the files, links below. Had SASW installed already but updated and ran the deep scan (took over an hour). It found 3 old Trojans in an old directory I saved for Instant Messenger. But I doubt that was the problem. Ran OTL again scan logs attached. Rebooted etc..
Redirect is still active.
I am able to copy one of the complete redirects it gives me though, thought it might be helpful. I got this after typing in "test" on google ...
http://66.246.72.42/c.php?p=l0xq4m9R...rch%3Fq%3Dtest
I am amazed at how well these jerks write these things. They get so entrenched (HAS to be a rootkit) that even guys that know what they're doing can't get rid of them!
Albert
https://www.virustotal.com/file/e2ac...8f14/analysis/
https://www.virustotal.com/file/9018...c3c8/analysis/
https://www.virustotal.com/file/7431...1647/analysis/
OTL logfile created on: 9/11/2012 1:42:41 PM - Run 3
OTL by OldTimer - Version 3.2.61.3 Folder = C:\Users\P Albert Comulada\Downloads
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.92 Gb Total Physical Memory | 1.86 Gb Available Physical Memory | 63.54% Memory free
5.84 Gb Paging File | 4.44 Gb Available in Paging File | 76.07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 215.59 Gb Total Space | 118.52 Gb Free Space | 54.97% Space Free | Partition Type: NTFS
Drive F: | 1.99 Gb Total Space | 1.48 Gb Free Space | 74.56% Space Free | Partition Type: FAT32
Computer Name: HP7LAPTOP | User Name: P Albert Comulada | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - C:\Users\P Albert Comulada\Downloads\OTL(1).exe (OldTimer Tools)
PRC - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Retrospect, Inc)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Shared\hpCaslNotification.exe (Hewlett-Packard Development Company L.P.)
PRC - C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
PRC - C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\SDKCOMServer.exe (Portrait Displays, Inc)
PRC - C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\DOS2USB\DOS2USB.exe (Bhaktee Software)
PRC - c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
PRC - C:\Program Files\DOS2USB\elsvc.exe ()
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
PRC - C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
PRC - C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Modules (No Company Name) ==========
MOD - C:\windows\assembly\GAC_MSIL\CaslShared\3.5.1.1__9c6f83d5b7f3d097\CaslShared.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpcasl\3.5.1.1__9c6f83d5b7f3d097\hpcasl.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HPCommon\2.0.6.0__89762bc6acc102f8\HPCommon.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HardwareAccess\2.0.6.0__89762bc6acc102f8\HardwareAccess.dll ()
MOD - C:\windows\assembly\GAC_MSIL\Graphs\2.0.6.0__89762bc6acc102f8\Graphs.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\69ca4a43ba14b66689715ad62aed70e6\System.ServiceProcess.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\635b3aec298ad5e8c903b2323d79cc5a\IAStorUtil.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\HP.SupportFramework\1.0.0.0__2a4860322af7ba08\HP.SupportFramework.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Power Assistant\System.Data.SQLite.DLL ()
MOD - C:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\windows\assembly\GAC_MSIL\hpCASLLibrary\3.0.1.1__67b8d1b5179ba5f8\hpCASLLibrary.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll ()
MOD - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
========== Services (SafeList) ==========
SRV - (nosGetPlusHelper) -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll File not found
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE (SUPERAntiSpyware.com)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (NisSrv) -- C:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- C:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (Retrospect Helper) -- C:\Program Files\Retrospect\Retrospect 7.7\rthlpsvc.exe (Retrospect, Inc)
SRV - (RetroLauncher) -- C:\Program Files\Retrospect\Retrospect 7.7\retrorun.exe (Retrospect, Inc)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.EXE (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.EXE (Microsoft Corporation.)
SRV - (HP Power Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (STacSV) -- C:\Program Files\IDT\WDM\stacsv.exe (IDT, Inc.)
SRV - (AESTFilters) -- C:\Program Files\IDT\WDM\AEstSrv.exe (Andrea Electronics Corporation)
SRV - (HP Support Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (B-Service) -- C:\Users\P Albert Comulada\Downloads\B-Service.exe ()
SRV - (PdiService) -- C:\Program Files\Common Files\Portrait Displays\Drivers\pdisrvc.exe (Portrait Displays, Inc.)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (HP ProtectTools Service) -- C:\Program Files\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe (Hewlett-Packard Development Company, L.P)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (HP Wireless Assistant Service) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe (Hewlett-Packard Company)
SRV - (DpHost) -- C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (HPDayStarterService) -- c:\Program Files\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe (Hewlett-Packard Company)
SRV - (elAPIsvc) -- C:\Program Files\DOS2USB\elsvc.exe ()
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (hpHotkeyMonitor) -- C:\Program Files\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (HpFkCryptService) -- C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe (McAfee, Inc.)
SRV - (vcsFPService) -- C:\Windows\System32\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPFSService) -- C:\Program Files\Hewlett-Packard\File Sanitizer\HPFSService.exe (Hewlett-Packard)
SRV - (uArcCapture) -- C:\Windows\System32\uArcCapture.exe (ArcSoft, Inc.)
SRV - (FLCDLOCK) -- C:\Windows\System32\flcdlock.exe (Hewlett-Packard Ltd)
SRV - (UNS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (pdfcDispatcher) -- C:\Program Files\PDF Complete\pdfsvc.exe (PDF Complete Inc)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
========== Driver Services (SafeList) ==========
DRV - (catchme) -- C:\Users\PALBER~1\AppData\Local\Temp\catchme.sys File not found
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Qualcomm Atheros Communications, Inc.)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (STHDA) -- C:\Windows\System32\drivers\stwrt.sys (IDT, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (hpdskflt) -- C:\Windows\System32\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV - (Accelerometer) -- C:\Windows\System32\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV - (vpcvmm) -- C:\Windows\System32\drivers\vpcvmm.sys (Microsoft Corporation)
DRV - (vpcbus) -- C:\Windows\System32\drivers\vpchbus.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (vpcusb) -- C:\Windows\System32\drivers\vpcusb.sys (Microsoft Corporation)
DRV - (vpcnfltr) -- C:\Windows\System32\drivers\vpcnfltr.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV - (SbAlg) -- C:\windows\System32\drivers\SbAlg.sys (McAfee, Inc.)
DRV - (SbFsLock) -- C:\windows\System32\drivers\SbFsLock.sys (McAfee, Inc.)
DRV - (RsvLock) -- C:\windows\System32\drivers\rsvlock.sys (McAfee, Inc.)
DRV - (SafeBoot) -- C:\windows\System32\drivers\SafeBoot.sys ()
DRV - (rtsuvc) -- C:\Windows\System32\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV - (ARCVCAM) -- C:\Windows\System32\drivers\ArcSoftVCapture.sys (ArcSoft, Inc.)
DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV - (DAMDrv) -- C:\Windows\System32\drivers\DAMDrv.sys (Hewlett-Packard Development Company L.P.)
DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (Afc) -- C:\Windows\System32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (APL531) -- C:\Windows\System32\drivers\ov550i.sys (Omnivision Technologies, Inc.)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCOM/1
IE - HKLM\..\SearchScopes,DefaultScope = {8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}
IE - HKLM\..\SearchScopes\{8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\..\SearchScopes,DefaultScope = {8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}
IE - HKCU\..\SearchScopes\{8F0EBFE6-B9FA-4DF2-8388-072EFAA0DD50}: "URL" = http://www.bing.com/search?q={searchTerms}&form=CMNTDF&pc=CMNTDF&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: emdtjnkrru@emdtjnkrru.org:2.5
FF - prefs.js..extensions.enabledAddons: socialfixer@mattkruse.com:6.502
FF - prefs.js..extensions.enabledAddons: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.6.3
FF - prefs.js..extensions.enabledAddons: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:2.0.7
FF - prefs.js..extensions.enabledItems: {5546F97E-11A5-46b0-9082-32AD74AAA920}:0.5.5.9
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\otis@digitalpersona.com: C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\FirefoxExt\ [2012/08/28 09:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 10:27:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 10:26:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/09/05 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2012/09/09 12:38:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/07 10:27:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/07 10:26:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.2\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2011/09/05 13:02:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Netscape 7.2\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2012/09/09 12:38:11 | 000,000,000 | ---D | M]
[2010/12/09 18:50:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Extensions
[2012/08/27 16:53:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions
[2009/07/13 19:11:12 | 000,004,804 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\emdtjnkrru@emdtjnkrru.org.xpi
[2012/04/23 10:50:07 | 000,141,229 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\socialfixer@mattkruse.com.xpi
[2011/09/23 13:29:02 | 000,046,721 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\{5546F97E-11A5-46b0-9082-32AD74AAA920}.xpi
[2012/08/27 16:53:16 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\P Albert Comulada\AppData\Roaming\Mozilla\Firefox\Profiles\q1flcmy0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012/09/09 12:38:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/09/07 10:27:13 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/08/30 11:22:31 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/08/30 11:22:31 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
========== Chrome ==========
CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.83\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Clinic (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMGWRAP.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Google Update (Enabled) = C:\Users\P Albert Comulada\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
O1 HOSTS File: ([2012/09/10 12:54:55 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (File Sanitizer for HP ProtectTools) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
O2 - BHO: (HP ProtectTools Security Manager Extension) - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll (DigitalPersona, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (CutePDF Form Filler Helper) - {D41289F2-69C6-417B-897E-C653D677CBAF} - C:\Program Files\Acro Software\CutePDF Pro\CPFillerCo.dll (Acro Software Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: [DTRun] c:\Program Files\Arcsoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [File Sanitizer] C:\Program Files\Hewlett-Packard\File Sanitizer\coreshredder.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe (Hewlett-Packard Company, L.P.)
O4 - HKLM..\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [QLBController] C:\Program Files\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKCU..\Run: [DOS2USB] C:\Program Files\DOS2USB\DOS2USB.exe (Bhaktee Software)
O4 - HKCU..\Run: [NIM] C:\Users\P Albert Comulada\Downloads\AIM\aim.exe -cnetwait.odl File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //FWEvent.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} Reg Error: Key error. (Java Plug-in 1.4.1_02)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BE13B34-942A-4DC0-93A6-709553F4C724}: DhcpNameServer = 205.152.144.23 205.152.132.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DC8094BB-F778-40E9-8105-1B92E4B401BB}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\DeviceNP: DllName - (DeviceNP.dll) - C:\windows\System32\DeviceNP.dll (Hewlett-Packard Limited)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012/09/10 12:57:11 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/09/10 12:57:10 | 000,000,000 | ---D | C] -- C:\windows\temp
[2012/09/10 12:57:10 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Local\temp
[2012/09/10 12:47:27 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2012/09/10 12:47:27 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2012/09/10 12:47:27 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2012/09/10 12:47:20 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/09 20:40:08 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\Desktop\GooredFix Backups
[2012/09/09 12:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/09/08 10:55:48 | 000,000,000 | ---D | C] -- C:\HP_RECOVERY_mountHPSF
[2012/09/07 10:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/05 10:13:19 | 000,000,000 | ---D | C] -- C:\windows\pss
[2012/09/04 10:29:38 | 000,000,000 | ---D | C] -- C:\Virus removal & logs
[2012/09/03 16:59:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/08/30 11:39:24 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/08/28 09:17:02 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Portrait Displays
[2012/08/28 09:15:51 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Roaming\Hewlett-Packard Company
[2012/08/28 09:10:43 | 000,000,000 | ---D | C] -- C:\windows\DPDrv
[2012/08/28 08:59:08 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2012/08/27 20:51:06 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012/08/27 18:04:32 | 000,000,000 | ---D | C] -- C:\windows\CheckSur
[2012/08/27 17:33:17 | 000,000,000 | ---D | C] -- C:\Users\P Albert Comulada\AppData\Local\LogMeIn Rescue Applet
[2012/08/27 16:17:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/08/27 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012/08/27 16:17:34 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2 C:\Users\P Albert Comulada\AppData\Local\*.tmp files -> C:\Users\P Albert Comulada\AppData\Local\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2012/09/11 13:43:00 | 000,000,956 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002UA.job
[2012/09/11 13:36:37 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 13:36:37 | 000,020,944 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/11 13:29:20 | 000,065,536 | ---- | M] () -- C:\windows\System32\Ikeext.etl
[2012/09/11 13:29:07 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/09/11 13:29:05 | 3136,741,376 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/11 13:04:20 | 000,000,830 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/09/11 12:11:16 | 000,002,068 | -H-- | M] () -- C:\Users\P Albert Comulada\Documents\Default.rdp
[2012/09/11 11:43:00 | 000,000,904 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002Core.job
[2012/09/10 23:20:55 | 000,313,064 | ---- | M] () -- C:\911.JPG
[2012/09/10 23:18:29 | 000,106,137 | ---- | M] () -- C:\911pic.JPG
[2012/09/10 23:04:40 | 003,059,866 | ---- | M] () -- C:\911.PSD
[2012/09/10 22:53:36 | 000,118,043 | ---- | M] () -- C:\la-911-memorial-33-lrdnbjnc.jpg
[2012/09/10 13:12:50 | 000,028,722 | ---- | M] () -- C:\TDSSKiller.2.8.8.0_10.09.2012_12.46.07_log.zip
[2012/09/10 13:11:38 | 000,005,847 | ---- | M] () -- C:\ComboFix.zip
[2012/09/10 12:54:55 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/09/10 11:50:52 | 000,674,860 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/09/10 11:50:52 | 000,125,668 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/09/10 11:46:20 | 000,000,000 | ---- | M] () -- C:\Users\P Albert Comulada\dos2usb.spl
[2012/09/09 20:55:51 | 000,013,637 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\OTL.zip
[2012/09/09 20:39:31 | 000,000,512 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\MBR.dat
[2012/09/08 10:49:40 | 000,000,368 | ---- | M] () -- C:\windows\tasks\HPCeeScheduleForP Albert Comulada.job
[2012/09/08 09:35:57 | 000,001,986 | ---- | M] () -- C:\Users\P Albert Comulada\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/09/07 19:27:26 | 1150,510,346 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-09-07 1917.zip
[2012/08/28 09:16:30 | 000,000,178 | ---- | M] () -- C:\windows\System32\HPPA.ini
[2012/08/27 23:20:28 | 1131,956,838 | ---- | M] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-08-27 2310.zip
[2012/08/27 18:39:27 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 16:23:44 | 000,688,088 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2 C:\Users\P Albert Comulada\AppData\Local\*.tmp files -> C:\Users\P Albert Comulada\AppData\Local\*.tmp -> ]
========== Files Created - No Company Name ==========
[2012/09/10 23:18:27 | 000,106,137 | ---- | C] () -- C:\911pic.JPG
[2012/09/10 23:09:38 | 000,313,064 | ---- | C] () -- C:\911.JPG
[2012/09/10 23:01:31 | 003,059,866 | ---- | C] () -- C:\911.PSD
[2012/09/10 22:53:35 | 000,118,043 | ---- | C] () -- C:\la-911-memorial-33-lrdnbjnc.jpg
[2012/09/10 13:12:50 | 000,028,722 | ---- | C] () -- C:\TDSSKiller.2.8.8.0_10.09.2012_12.46.07_log.zip
[2012/09/10 13:11:38 | 000,005,847 | ---- | C] () -- C:\ComboFix.zip
[2012/09/10 12:47:27 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2012/09/10 12:47:27 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2012/09/10 12:47:27 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2012/09/10 12:47:27 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2012/09/10 12:47:27 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2012/09/09 20:55:51 | 000,013,637 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\OTL.zip
[2012/09/09 20:39:31 | 000,000,512 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\MBR.dat
[2012/09/08 11:01:28 | 1150,510,346 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-09-07 1917.zip
[2012/08/31 19:23:44 | 000,000,368 | ---- | C] () -- C:\windows\tasks\HPCeeScheduleForP Albert Comulada.job
[2012/08/30 11:38:47 | 000,000,956 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002UA.job
[2012/08/30 11:38:47 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-615262878-4179979-3482458484-1002Core.job
[2012/08/28 08:07:01 | 1131,956,838 | ---- | C] () -- C:\Users\P Albert Comulada\Desktop\REA9 Backup 2012-08-27 2310.zip
[2012/08/27 19:38:44 | 000,674,860 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2012/08/27 19:38:44 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2012/08/27 19:38:44 | 000,125,668 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2012/08/27 19:38:44 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2012/08/27 19:38:44 | 000,000,908 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/08/27 19:38:44 | 000,000,904 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/08/27 19:38:44 | 000,000,830 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/08/27 18:39:27 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/27 15:53:05 | 3136,741,376 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/11 11:51:17 | 000,015,872 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/10 06:34:52 | 000,080,416 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPPassFilter.dll.hpsign
[2011/05/19 08:50:58 | 000,000,256 | ---- | C] () -- C:\windows\System32\DPCrProv.dll.hpsign
[2011/04/08 16:44:49 | 000,001,849 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Roaming\GhostObjGAFix.xml
[2011/03/23 10:39:27 | 000,000,036 | ---- | C] () -- C:\Users\P Albert Comulada\AppData\Local\housecall.guid.cache
[2011/02/27 10:30:38 | 000,066,048 | ---- | C] () -- C:\windows\System32\PrintBrmUi.exe
[2011/01/20 12:52:30 | 000,010,534 | ---- | C] () -- C:\ProgramData\snddrv.sys
[2011/01/20 12:52:30 | 000,000,000 | ---- | C] () -- C:\Users\P Albert Comulada\dos2usb.spl
[2011/01/20 12:51:52 | 000,001,851 | ---- | C] () -- C:\windows\System32\xpdrvr.exe
[2011/01/20 11:33:48 | 000,000,877 | ---- | C] () -- C:\windows\Printfil.ini
[2011/01/13 15:58:01 | 000,000,335 | ---- | C] () -- C:\windows\nsreg.dat
[2011/01/13 15:57:17 | 000,105,168 | ---- | C] () -- C:\windows\NSUninst.exe
[2011/01/13 15:57:10 | 000,105,168 | ---- | C] () -- C:\windows\GREUninstall.exe
[2011/01/13 15:57:08 | 000,009,584 | ---- | C] () -- C:\windows\mozver.dat
[2011/01/12 21:31:17 | 000,087,544 | ---- | C] () -- C:\windows\System32\cpwmon2k.dll
[2011/01/12 19:24:00 | 000,263,856 | ---- | C] () -- C:\windows\ATMCNTRL.EXE
[2011/01/12 19:23:59 | 000,003,449 | ---- | C] () -- C:\windows\ATM.INI
[2011/01/12 19:21:12 | 000,030,464 | ---- | C] () -- C:\windows\macromix.dll
[2011/01/12 19:18:34 | 000,001,635 | ---- | C] () -- C:\windows\CORELCHT.INI
[2011/01/06 22:52:42 | 000,000,118 | ---- | C] () -- C:\windows\viewer.ini
[2011/01/06 22:52:42 | 000,000,083 | ---- | C] () -- C:\windows\artgalry.ini
[2011/01/06 22:52:04 | 000,003,937 | ---- | C] () -- C:\windows\MSWORKS3.INI
[2011/01/05 18:39:51 | 000,000,503 | ---- | C] () -- C:\windows\htmlasst.ini
[2010/12/19 17:59:00 | 000,003,350 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\DvyP413.dll
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\161exp2.dll
[2010/12/15 18:06:50 | 000,000,000 | ---- | C] () -- C:\windows\161exp1.dll
[2010/12/15 14:02:56 | 000,000,367 | ---- | C] () -- C:\windows\System32\CNCMFP12.INI
[2010/12/11 20:24:46 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/10/13 01:36:05 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
========== LOP Check ==========
[2011/04/13 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\089C8716-52DB-4845-A916-F1F9CFCDFB60
[2011/04/13 14:20:34 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\23653305-B8CB-49D1-9371-F9F598E176E4
[2012/05/04 12:59:18 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\4451474C-BA37-4EF7-9C18-5E7456C43F01
[2011/01/24 14:28:24 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Acronis
[2011/06/18 09:59:24 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Blackberry Desktop
[2012/09/09 13:06:10 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Canon
[2010/12/09 16:38:22 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\DigitalPersona
[2010/12/16 11:18:49 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\OpenOffice.org
[2011/03/14 10:12:49 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\Research In Motion
[2011/03/23 12:51:45 | 000,000,000 | ---D | M] -- C:\Users\P Albert Comulada\AppData\Roaming\TrojanHunter
[2012/08/13 07:44:22 | 000,032,584 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Last edited by ken545; 2012-09-11 at 20:09.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
