also @ TechSpot: California man finds limits of Verizon FiOS unlimited data broadband service: 77TB

TechSpot

TechSpot News Products Downloads Forums

About
Sign in

Welcome to TechSpot

Why should I register?

Sign up for a new account or log in here:

Forgot your password?

Couldn't sign you in, please try again.

Sirefef.# strikes again

Discussion in 'Virus and Malware Removal' started by abks26, Jul 30, 2012.

Post New Reply

Page 2 of 4

abks26 Newcomer, in training Posts: 41

Ugh, now it looks like the Google Redirect links are back in full effect in both Google Chrome AND Firefox! Everything else (except Windows Defender, still error message) is fine. It started with Google Chrome though.

I did have to re-install Java since I need it for my job. Also updated Adobe Flash (wanted to watch the Olympics and it kept crashing on me). Would that be the trigger?

Also, ESET came with nothing. But I also had Microsoft Security Essentials open. Should I close it and re-do the ESET scan?
-------------------------------------

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f4e9f46c4885fd4cacf0bac5ae605b99
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=false
# utc_time=2012-08-01 10:23:20
# local_time=2012-08-01 06:23:20 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 0 95397388 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=247689
# found=10
# cleaned=10
# scan_time=5861
C:\FRST\Quarantine\{00b598d9-c12d-228a-e17a-a95173c1bd79}\n Win64/Sirefef.W trojan (cleaned by deleting - quarantined) A7BF6F31D148E6236C89CDCCEB9A1E85 C
C:\Qoobox\Quarantine\C\Users\Anne\AppData\Roaming\gdasn.dll.vir a variant of Win32/Medfos.BH trojan (cleaned by deleting - quarantined) A01ABAD040EC039F198848EEF1403EBB C
C:\Users\Anne\AppData\Local\{215B6270-D699-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) BEC1708519EDBC7F382DBBA8A9E2EE9C C
C:\Users\Anne\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29\a850b9d-658269ca a variant of Win32/Injector.UEZ trojan (cleaned by deleting - quarantined) FFBE7CC05310A2E1895B51EE1F1F9A9B C
C:\Users\Anne\Downloads\Fluenz French 1-2\Youtube Get _5.0.5\yg.exe MSIL/Agent.NAX trojan (cleaned by deleting - quarantined) 7ADD85F5910555D5C0E105E1CC948130 C
C:\Users\Anne\Downloads\Programs\cnet2_BullzipPDFPrinter_4_0_0_463_zip.exe a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined) D5A7EF7068B30EA8A18A4FC228317290 C
C:\Users\Anne\Downloads\Programs\SoftonicDownloader_for_jdownloader.exe Win32/SoftonicDownloader application (cleaned by deleting - quarantined) E92E1D227062DEBD01FF2FD2D864A9F7 C
C:\Users\Anne\Downloads\Youtube Get _5.0.5\yg.exe MSIL/Agent.NAX trojan (cleaned by deleting - quarantined) 7ADD85F5910555D5C0E105E1CC948130 C
C:\Users\Anne\Downloads\JDownloader.exe multiple threats (cleaned by deleting - quarantined) 118473965E925DABD51AB16B863645F4 C
C:\Windows\KMSEmulator.exe a variant of Win32/HackKMS.A application (cleaned by deleting - quarantined) 485055033BCDDFDE56325C0D2FEEA4F2 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f4e9f46c4885fd4cacf0bac5ae605b99
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-07 01:40:14
# local_time=2012-08-07 09:40:14 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 375942 95859505 0 0
# compatibility_mode=8192 67108863 100 0 376115 376115 0 0
# scanned=257313
# found=0
# cleaned=0
# scan_time=30759

abks26, Aug 7, 2012

#21
abks26 Newcomer, in training Posts: 41

Also, I did NOT have my external hard drives or flash drives when I was going through the process of removing the virus. I disconnected it from the computer once things fell apart.

abks26, Aug 7, 2012

#22
Jay Pfoutz Malware Helper Posts: 4,286 +49
That's okay.

Let's do some further diagnosis...this might take a while...

Please download DrWeb-CureIt and save it to your Desktop. Do NOT perform a scan yet

Double-click on drweb-cureit.exe to start the program.
An Express Scan of your PC notice will appear.

Under Start the Express Scan Now, Click OK to start the scan.
This is a short scan that will scan the files currently running in memory.
If something is found, click the Yes button when it asks you if you want to cure it.

Once the short scan has finished, Click Options > Change settings

Choose the Scan tab and UNcheck Heuristic analysis

Back at the main window, click Custom Scan, then Select drives (a red dot will show which drives have been chosen).

Then click the Start/Stop Scanning button (green arrow on the right, and the scan will start.

When finished, a message will be displayed at the bottom advising if any viruses were found.

Click Yes to all if it asks if you want to cure/move the file.

When the scan has finished, look if you can see the icon next to the files found.
If so, click it, then click the next icon right below and select Move incurable.
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)

Next, in the Dr.Web CureIt menu on top, click file and choose save report list.

Save the DrWeb.csv report to your Desktop.

Exit Dr.Web Cureit when you have finished.

Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
Jay Pfoutz, Aug 8, 2012

#23
abks26 Newcomer, in training Posts: 41

Things are getting weird again. I think I got the FBI Moneypak Virus since my brother went on it and said there was this strange pop-up from the "FBI" saying that we need to pay money yadda yadda blah blah. Didn't fall for it and he immediately shut down the computer and turned off the internet (he knew about my issues with the other virus). When he described it to me, I went on another computer, searched for what it was about, and figured it out.

Task Manager disappears 2 seconds after using ctrl + alt + delete. I also haven't turned on my internet/wireless access. I don't think I can boot into safe mode, but I don't want to keep rebooting and having the virus refresh itself. I'm not sure if that's even accurate, lol. Whatever makes me feel better I guess.

I'm just going to have to rent a computer or something to try to do work now since I feel like trying to use it for work is beyond me. It's too bad because I need those programs on that laptop! Real sorry for this . Hopefully you are not losing patience with me . This is like the first time in my whole life that I ever had to deal with a virus.

This was the Dr. Cure It log file that I got before the FBI Moneypak Virus.

GetAd[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ATKSRM1U;Probably SCRIPT.Virus;Deleted.;
GetAd[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[5].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BZGPZ844;Probably SCRIPT.Virus;Deleted.;
GetAd[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMYM6A9U;Probably SCRIPT.Virus;Deleted.;
GetAd[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMYM6A9U;Probably SCRIPT.Virus;Deleted.;
GetAd[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMYM6A9U;Probably SCRIPT.Virus;Deleted.;
GetAd[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HMYM6A9U;Probably SCRIPT.Virus;Deleted.;
GetAd[1].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[2].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[3].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[6].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[7].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
GetAd[8].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
ros[4].js;C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XP7MQYLG;Probably SCRIPT.Virus;Deleted.;
WebInstaller.exe;C:\Documents and Settings\Anne\Downloads\Programs;Trojan.DownLoader5.52228;Incurable.Moved.;

abks26, Aug 10, 2012

#24
Jay Pfoutz Malware Helper Posts: 4,286 +49
Connect any external drives and flash drives while doing this....

Kaspersky Virus Removal Tool

The Kaspersky Virus Removal Tool is a scan-and-remove solution from Kaspersky that searches out the most common malware and attempts to remove it from your computer.

Please download the Kaspersky Virus Removal Tool from Kaspersky's Official Link and save it to your Desktop.

Double-click the Setup file to install it on your computer.

Once it has installed, review and accept the agreement and press the Start button.

You will presented with the main interface, but don't scan yet, click the options tab (gear icon):

On the Scan Scope tab, make sure to checkmark all the options including all drives, except for the CD/DVD drive:

On the Security Level tab, make sure to move the slider up denoting "Current Security Level: High":

Now, go back to the Automatic Scan tab, and choose "Start Scanning". It may take several hours to complete. Please allow it to do so.

Once done scanning, choose the Report tab (page icon), select Detected Threats tab on left, and choose Disinfect All:

Then, choose Save. Also, in the Automatic Report tab, select Save:

Please post the reports in your next reply.

Once you exit, the tool should uninstall automatically.
Jay Pfoutz, Aug 11, 2012

#25

abks26 Newcomer, in training Posts: 41

This is the log file for the detected threats. I saved the Automatic Report, but the problem was that it ended up being 384mbs. I had to save it as a CSV and it almost crashed Excel. It's impossible to copy and paste.

It took 9 hours to complete. Still no change with the Task Manager. I only put on the internet briefly for the Kaspersky thing, but other than that... I haven't bothered to put it on otherwise. I'm going to try to save my documents onto the external drive. It doesn't seem infected (that GRE file has been on it for quite some time). I don't think I ever opened that file.

Task Manager is still not opening up.

Status: Vulnerability (events: 26)
8/11/2012 2:35:42 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49489c:\Program Files (x86)\iTunes\iTunes.exeLow
8/11/2012 11:04:37 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49472C:\Program Files (x86)\Java\jre6\bin\java.exeLow
8/11/2012 10:38:32 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/49472C:\Program Files\Java\jre6\bin\java.exeLow
8/11/2012 2:56:27 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457c:\program files\Adobe\adobe photoshop cs5 (64 bit)\photoshop.exeLow
8/11/2012 2:35:49 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457c:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exeLow
8/11/2012 10:53:40 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exeLow
8/11/2012 10:34:27 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48457C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exeLow
8/11/2012 2:33:52 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448c:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exeLow
8/11/2012 9:16:28 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448C:\Documents and Settings\Anne\Application Data\Google\Google Talk\googletalk.exeLow
8/11/2012 9:15:16 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/48448C:\Documents and Settings\Anne\AppData\Roaming\Google\Google Talk\googletalk.exeLow
8/11/2012 2:56:45 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118c:\program files (x86)\Adobe\adobe illustrator cs5\support files\Contents\Windows\illustrator.exeLow
8/11/2012 2:35:40 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118c:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exeLow
8/11/2012 10:51:00 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Illustrator CS5\Support Files\Contents\Windows\Illustrator.exeLow
8/11/2012 10:49:18 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Flash CS5\AILib.dllLow
8/11/2012 10:48:11 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5\plugins\com.adobe.flexide.nativelibs_1.0.0.273393\libs\AILib.dllLow
8/11/2012 10:42:57 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/47118C:\Program Files (x86)\Adobe\Adobe Fireworks CS5\AILib.dllLow
8/11/2012 10:50:25 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Release\FlashPlayer.exeLow
8/11/2012 10:50:16 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\Debug\FlashPlayerDebugger.exeLow
8/11/2012 10:50:12 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash CS5\Players\FlashPlayer.exeLow
8/11/2012 10:47:41 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash Catalyst CS5\player\win\FlashPlayer.exeLow
8/11/2012 10:43:35 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/43267C:\Program Files (x86)\Adobe\Adobe Flash Builder 4\player\win\FlashPlayer.exeLow
8/11/2012 2:56:45 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126c:\program files (x86)\Adobe\adobe indesign cs5\InDesign.exeLow
8/11/2012 2:35:40 PMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126c:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exeLow
8/11/2012 10:56:44 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files (x86)\Common Files\Adobe\Shell\CS5\icons.dllLow
8/11/2012 10:51:05 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files (x86)\Adobe\Adobe InDesign CS5\InDesign.exeLow
8/11/2012 10:36:42 AMVulnerabilityvulnerability http://www.securelist.com/en/advisories/41126C:\Program Files\Common Files\Adobe\Shell\CS5\icons.dllLow
Status: Deleted (events: 4)
8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rar//GRE Bible/GreBible.CAB//GreBible.exeHigh
8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rar//GRE Bible/GreBible.CABHigh
8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rar//GRE Bible v2.1/GRE Bible.rarHigh
8/11/2012 1:54:28 PMDeletedTrojan program Trojan-Downloader.Win32.Agent.ebloH:\Downloads\rapidhoob.com_GRE_Bible_v2.1.rarHigh

abks26, Aug 11, 2012

#26

Jay Pfoutz Malware Helper Posts: 4,286 +49
Please download aswMBR from here

Save aswMBR.exe to your Desktop

Double click aswMBR.exe to run it

Click the Scan button to start the scan as illustrated below

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

Once the scan finishes click Save log to save the log to your Desktop

Copy and paste the contents of aswMBR.txt back here for review
Jay Pfoutz, Aug 12, 2012

#27
abks26 Newcomer, in training Posts: 41

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 06:27:43
-----------------------------
06:27:43.758 OS Version: Windows x64 6.1.7601 Service Pack 1
06:27:43.758 Number of processors: 4 586 0x2A07
06:27:43.759 ComputerName: ANNE UserName: Anne
06:27:52.151 Initialize success
06:28:39.677 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:28:39.681 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
06:28:39.706 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
06:28:39.707 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
06:28:39.742 Disk 0 MBR read successfully
06:28:39.748 Disk 0 MBR scan
06:28:39.756 Disk 0 Windows VISTA default MBR code
06:28:39.797 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
06:28:39.834 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
06:28:39.873 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
06:28:40.063 Disk 0 scanning C:\Windows\system32\drivers
06:28:53.031 Service scanning
06:29:55.612 Modules scanning
06:29:55.630 Disk 0 trace - called modules:
06:29:55.644
06:29:55.656 Scan finished successfully
06:31:50.103 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
06:31:50.244 The log file has been saved successfully to "F:\aswMBRlog.txt"

abks26, Aug 12, 2012

#28
abks26 Newcomer, in training Posts: 41

Okay, so I ended up having the blue screen of death when I just left my computer open to get something to drink. It restarted automatically and put me into safe mode (I had a hard time getting the computer to go into Safe Mode)

In safe mode, I was able to go into Task Manager successfully. So I also redid the ASW thing again and it ended up being different. I'm just going to leave the computer on safe mode (hopefully it'll let me do that). I'm not going to go into normal mode.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-12 06:59:39
-----------------------------
06:59:39.472 OS Version: Windows x64 6.1.7601 Service Pack 1
06:59:39.472 Number of processors: 4 586 0x2A07
06:59:39.472 ComputerName: ANNE UserName: Anne
06:59:40.190 Initialize success
06:59:45.494 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
06:59:45.494 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
06:59:45.510 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
06:59:45.510 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
06:59:45.525 Disk 0 MBR read successfully
06:59:45.525 Disk 0 MBR scan
06:59:45.541 Disk 0 Windows VISTA default MBR code
06:59:45.541 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
06:59:45.541 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
06:59:45.556 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
06:59:45.603 Disk 0 scanning C:\Windows\system32\drivers
06:59:51.906 Service scanning
07:00:54.306 Modules scanning
07:00:54.306 Disk 0 trace - called modules:
07:00:54.337 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
07:00:54.337 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052ad060]
07:00:54.353 3 CLASSPNP.SYS[fffff880025a343f] -> nt!IofCallDriver -> [0xfffffa8005142cb0]
07:00:54.353 5 stdcfltn.sys[fffff880024e1c52] -> nt!IofCallDriver -> [0xfffffa800476db20]
07:00:54.353 7 ACPI.sys[fffff880019997a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004772050]
07:00:54.368 Scan finished successfully
07:01:21.231 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
07:01:21.309 The log file has been saved successfully to "F:\aswMBR2.txt"

abks26, Aug 12, 2012

#29
Jay Pfoutz Malware Helper Posts: 4,286 +49
Man...time to pull out the power tools...

Please download 7-Zip and install it. If you already have it, no need to reinstall.

Then, download RootkitUnhooker and save the setup to your Desktop.

Right-click on the RootkitUnhooker setup and mouse-over 7-Zip then click Extract to "RKU***"

Once that is done, enter the folder, and double-click on the setup file. Navigate through setup and finish.

Once that is done, you will see another folder that was created inside the RKU folder. Enter that folder, and double-click on the randomly named file. (It will be alpha-numeric and have an EXE extension on it.)

It will initialize itself and load the scanner. It will also install its driver. Please wait for the interface to begin.

Once inside the interface, do not fix anything. Click on the Report tab.

Next, click on the Scan button and a popup will show. Make sure all are checked, then click on OK. It will begin scanning. When it gets to the Files tab, it will ask you what drives to scan. Just select C:\ and hit OK.

It will finish in about 5 minutes or a little longer depending on how badly infected the system is, or if your security software is enabled.

When finished, it will show the report in the Report tab. Please copy all of it, and post it in your next reply. Depending on how large the log is, you may have to use two or three posts to get all the information in.
Jay Pfoutz, Aug 13, 2012

#30
abks26 Newcomer, in training Posts: 41

Thanks for the help, Dragon! I have some good news and bad news. Bad news is that I couldn't run Rootkit Unhooker at ALL. It doesn't run in Safe Mode so I logged in regular mode (internet disabled) and ran into an error message. I also noticed that a random Kaspersky.exe wanted to run (with a weird numerical number attached). Of course I said NOPE!

Now the good news. I was reading up on viruses and what not and decided to redo some of the scans that didn't work out for me. I ended up redoing AVAST since I remember that I wasn't connected to the internet at the time. I got into Safe Mode (since Normal Mode is a disaster) with Networking, updated, and got this:

It looks like I got Reveton.

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-13 21:37:55
-----------------------------
21:37:55.939 OS Version: Windows x64 6.1.7601 Service Pack 1
21:37:55.939 Number of processors: 4 586 0x2A07
21:37:55.939 ComputerName: ANNE UserName: Anne
21:37:57.904 Initialize success
21:38:02.756 AVAST engine defs: 12081301
21:38:06.125 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:38:06.125 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 8
21:38:06.141 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\O2SDJRDR1Port1Path0Target0Lun0
21:38:06.141 Disk 1 Vendor: O2Micro_ 0001 Size: 1882MB BusType: 16
21:38:06.172 Disk 0 MBR read successfully
21:38:06.172 Disk 0 MBR scan
21:38:06.172 Disk 0 Windows VISTA default MBR code
21:38:06.188 Disk 0 Partition 1 00 DE Dell Utility DELL 4.1 39 MB offset 63
21:38:06.203 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 752 MB offset 81920
21:38:06.235 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 237680 MB offset 1622016
21:38:06.281 Disk 0 scanning C:\Windows\system32\drivers
21:38:31.928 Service scanning
21:39:21.240 Modules scanning
21:39:21.739 Disk 0 trace - called modules:
21:39:21.786 ntoskrnl.exe CLASSPNP.SYS disk.sys stdcfltn.sys ACPI.sys iaStor.sys hal.dll
21:39:21.786 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80052a7060]
21:39:21.786 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> [0xfffffa800513bcb0]
21:39:21.801 5 stdcfltn.sys[fffff88001b86c52] -> nt!IofCallDriver -> [0xfffffa8004760800]
21:39:21.801 7 ACPI.sys[fffff880011b37a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004765050]
21:39:22.971 AVAST engine scan C:\Windows
21:39:41.332 AVAST engine scan C:\Windows\system32
21:44:00.215 AVAST engine scan C:\Windows\system32\drivers
21:44:09.466 AVAST engine scan C:\Users\Anne
21:46:09.274 File: C:\Users\Anne\AppData\Local\Temp\update00.b.exe **INFECTED** Win32:Reveton-CM [Trj]
21:53:13.517 AVAST engine scan C:\ProgramData
21:55:02.545 Scan finished successfully
21:57:16.237 Disk 0 MBR has been saved successfully to "C:\Users\Anne\Desktop\MBR.dat"
21:57:16.269 The log file has been saved successfully to "C:\Users\Anne\Desktop\aswMBRnew.txt"

abks26, Aug 13, 2012

#31
abks26 Newcomer, in training Posts: 41

I was also able to do this scan. I tried re-doing Kaspersky, but that didn't come up with anything. I haven't done anything but scan/save logs and keeping it in safe mode with no internet. I don't want the virus to try to download more random crap on me.

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.13.07

Windows 7 Service Pack 1 x64 FAT (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Anne :: ANNE [administrator]

8/13/2012 10:15:05 PM
mbam-log-2012-08-13 (23-12-51).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 460721
Time elapsed: 48 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 3
C:\Program Files (x86)\Adobe\Adobe Flash CS5\FlashIK.dll (Trojan.Agent) -> No action taken.
C:\Users\Anne\AppData\Local\Temp\update00.b.exe (Trojan.Inject) -> No action taken.
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> No action taken.

(end)

abks26, Aug 13, 2012

#32
Jay Pfoutz Malware Helper Posts: 4,286 +49

Are you able to do RootkitUnhooker?

Jay Pfoutz, Aug 14, 2012

#33
abks26 Newcomer, in training Posts: 41

Nope, I can't do Rootkit Unhooker at all. It doesn't work in Safe Mode and when I go into Windows Normal Mode, it gave me this error.

Sorry, but unhandled exception has occured.
Program will be terminated.
Exception code: 0xC00000005
Instruction address: 0x00402EB2
Attempt to read at address: 0xFFFFFFFFF

Error log generated, pleas report to developers.

abks26, Aug 15, 2012

#34
Jay Pfoutz Malware Helper Posts: 4,286 +49
GMER

Note about this tool:

This program may freeze. Do not reboot the computer, unless it has been frozen for over 30 minutes.

This program may cause a blue screen of death. If it does, do not scan, and then reply to let me know.

No matter what is in the log, please post all the information/contents of the log.

These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT"

Please download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Double-click gmer.exe. The program will begin to run.

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click NO

In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.

Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.

Click OK.

GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"

Save it where you can easily find it, such as your desktop.

Post the contents of GMER.txt in your next reply.
Jay Pfoutz, Aug 15, 2012

#35
abks26 Newcomer, in training Posts: 41

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-08-15 23:01:07
Windows 6.1.7601 Service Pack 1
Running: gmer.exe

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x45 0xFF 0x58 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xFB 0x58 0xCB ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x75 0x86 0x53 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Pro\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x69 0x45 0xFF 0x58 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x1A 0xFB 0x58 0xCB ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xD3 0x75 0x86 0x53 ...

---- EOF - GMER 1.0.15 ----

abks26, Aug 15, 2012

#36
Jay Pfoutz Malware Helper Posts: 4,286 +49

Let me know of anymore issues...

Scan with Malwarebytes' Anti-Malware

Please open Malwarebytes' Anti-Malware, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.

Jay Pfoutz, Aug 16, 2012

#37
abks26 Newcomer, in training Posts: 41

Still have the Google redirect links (like a cockroach that won't die!), but I can FINALLY go into my Task Manager and look at what's running in my background.

Windows Defender is still not working (error message).

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.10

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Anne :: ANNE [administrator]

8/16/2012 8:15:00 PM
mbam-log-2012-08-16 (20-15-00).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 220656
Time elapsed: 2 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\Anne\AppData\Local\Temp\update00.b.exe (Trojan.Inject) -> Quarantined and deleted successfully.
C:\Users\Anne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

(end)

abks26, Aug 16, 2012

#38
Jay Pfoutz Malware Helper Posts: 4,286 +49
Please download OTL to your Desktop. (If you already have it downloaded, then just follow the instructions below).

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Under the Custom Scan box paste this in

msconfig
safebootminimal
activex
drivers32
netsvcs
CreateRestorePoint
%AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5
%AppData%\Local\
%systemroot%\system32\sysprep
*.xpi /md5
%systemroot%\Downloaded Program Files\
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.sys /90
%systemroot%\System32\config\*.sav
%SYSTEMDRIVE%\*.exe /md5
"%WinDir%\$NtUninstallKB*$." /30
%systemdrive%\Program Files\Common Files\ComObjects\*.* /s
%systemroot%\*. /mp /s
%systemroot%\*. /rp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\Installer\ /s
%systemroot%\system32\Cache\ /s
%systemroot%\system32\config\systemprofile\Application Data /s
%PROGRAMFILES%\*.
%appdata%\*.*
/md5start
volsnap.sys
services.exe
userinit.exe
afd.sys
tcpip.sys
netbt.sys
ipsec.sys
dnsrslvr.dll
ipnathlp.dll
netman.dll
WMIsvc.dll
srsvc.dll
sr.sys
wscsvc.dll
wuauserv.dll
qmgr.dll
es.dll
cryptsvc.dll
svchost.exe
rpcss.dll
tdx.sys
wininit.exe
winlogon.exe
atapi.sys
explorer.exe
/md5stop

Click the Run Scanbutton. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) and paste (Edit->Paste) the contents of these files, one at a time

Note: in the event that OTL fails to run, please use alternate download links to try again:

http://oldtimer.geekstogo.com/OTL.com
http://oldtimer.geekstogo.com/OTL.scr
Jay Pfoutz, Aug 17, 2012

#39
abks26 Newcomer, in training Posts: 41

OTL logfile created on: 8/17/2012 7:55:29 PM - Run 1
OTL by OldTimer - Version 3.2.57.0 Folder = C:\Users\Anne\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.88 Gb Total Physical Memory | 2.58 Gb Available Physical Memory | 66.34% Memory free
7.77 Gb Paging File | 6.22 Gb Available in Paging File | 80.11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232.11 Gb Total Space | 31.55 Gb Free Space | 13.59% Space Free | Partition Type: NTFS
Drive E: | 3.92 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive G: | 1.84 Gb Total Space | 0.08 Gb Free Space | 4.34% Space Free | Partition Type: FAT

Computer Name: ANNE | User Name: Anne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2012/08/17 19:54:01 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Anne\Desktop\OTL.exe
PRC - [2012/04/26 08:33:16 | 002,743,104 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010/12/17 11:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
PRC - [2010/12/03 19:20:18 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010/12/03 19:20:16 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
PRC - [2010/11/20 23:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
PRC - [2010/10/12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2010/08/13 21:25:08 | 000,223,848 | ---- | M] (O2Micro.) -- c:\Windows\SysWOW64\SDIOAssist.exe
PRC - [2010/03/12 11:42:02 | 000,462,993 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
PRC - [2010/03/06 05:04:24 | 000,310,224 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
PRC - [2009/07/06 15:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
PRC - [2007/01/01 17:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exe
PRC - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () -- c:\Windows\SysWOW64\srvany.exe

========== Modules (No Company Name) ==========

MOD - [2011/09/27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 19:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 19:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/12/17 11:24:06 | 000,686,704 | ---- | M] () -- C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
MOD - [2010/11/24 23:44:02 | 000,375,280 | ---- | M] () -- c:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\SQLite352.dll
MOD - [2010/11/17 11:35:34 | 000,514,544 | ---- | M] () -- C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012/03/26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012/03/26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011/06/09 13:01:00 | 000,555,392 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV:64bit: - [2011/03/04 17:13:20 | 003,427,696 | ---- | M] (Wave Systems Corp.) [Auto | Running] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Trusted Drive Manager\TdmService.exe -- (TdmService)
SRV:64bit: - [2011/01/25 05:57:18 | 000,296,448 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Program Files\IDT\WDM\stacsv64.exe -- (STacSV)
SRV:64bit: - [2011/01/20 12:33:20 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- c:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc)
SRV:64bit: - [2011/01/15 15:00:02 | 000,048,128 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE -- (wltrysvc)
SRV:64bit: - [2010/11/03 17:48:42 | 002,117,120 | ---- | M] (Wave Systems Corp.) [On_Demand | Stopped] -- C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Secure Storage Manager\SecureStorageService.exe -- (SecureStorageService)
SRV:64bit: - [2010/10/28 15:05:50 | 000,036,768 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV:64bit: - [2010/10/28 15:05:48 | 001,035,680 | ---- | M] (Broadcom Corporation) [Auto | Running] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV:64bit: - [2010/09/22 19:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/09/22 01:05:24 | 000,165,032 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Windows\SysNative\IPROSetMonitor.exe -- (Intel(R)
SRV:64bit: - [2010/02/10 21:50:50 | 000,072,296 | ---- | M] (O2Micro International) [Auto | Running] -- C:\Windows\SysNative\drivers\o2flash.exe -- (O2FLASH)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009/03/03 06:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Program Files\IDT\WDM\AESTSr64.exe -- (AESTFilters)
SRV - [2012/07/20 12:46:59 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/12/03 19:20:18 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010/12/03 19:20:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/11/29 13:10:32 | 000,210,896 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe -- (jhi_service)
SRV - [2010/11/25 06:34:18 | 000,219,632 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe -- (RoxWatch12)
SRV - [2010/11/25 06:33:18 | 001,116,656 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe -- (RoxMediaDB12OEM)
SRV - [2010/07/13 15:02:32 | 001,629,696 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe -- (tcsd_win32.exe)
SRV - [2010/03/18 17:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 14:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/05/14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0)
SRV - [2003/04/18 22:06:26 | 000,008,192 | ---- | M] () [Auto | Running] -- c:\Windows\SysWOW64\srvany.exe -- (O2SDIOAssist)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/04/27 11:50:22 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/03/20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012/03/01 02:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/02/15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/28 14:37:28 | 012,256,544 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/23 17:51:32 | 000,083,560 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2sdjw7x64.sys -- (O2SDJRDR)
DRV:64bit: - [2011/03/11 02:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 02:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/01/25 05:57:18 | 000,520,192 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2011/01/15 15:00:00 | 000,022,592 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bcm42rly.sys -- (BCM42RLY)
DRV:64bit: - [2011/01/15 14:59:54 | 004,719,680 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011/01/06 00:47:12 | 000,343,160 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2011/01/03 18:19:56 | 000,074,984 | ---- | M] (O2Micro ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\O2MDRw7x64.sys -- (O2MDRRDR)
DRV:64bit: - [2011/01/03 16:04:44 | 000,072,808 | ---- | M] (O2Micro ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\o2mdfw7x64.sys -- (O2MDFRDR)
DRV:64bit: - [2010/12/13 10:34:14 | 000,027,760 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelern.sys -- (Acceler)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:48 | 000,168,448 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netvsc60.sys -- (netvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010/11/20 23:23:48 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VMBusVideoM.sys -- (SynthVid)
DRV:64bit: - [2010/11/20 23:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/11/05 22:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/10/28 11:42:32 | 000,315,568 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1c62x64.sys -- (e1cexpress)
DRV:64bit: - [2010/10/19 20:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/15 05:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/08/24 18:46:02 | 000,038,440 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV:64bit: - [2010/08/20 12:05:12 | 000,021,616 | ---- | M] (ST Microelectronics) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stdcfltn.sys -- (stdcfltn)
DRV:64bit: - [2010/03/19 04:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/09/16 17:08:48 | 000,172,960 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV:64bit: - [2009/07/13 21:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 21:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 21:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 16:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2008/06/04 14:14:00 | 000,032,240 | ---- | M] (Dell Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PBADRV.SYS -- (PBADRV)
DRV - [2012/08/13 21:09:06 | 000,035,712 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\SysWow64\drivers\trS37xfH.sys -- (trS37xfH)
DRV - [2009/07/13 21:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{49606DC7-976D-4030-A74E-9FB5C842FA68}: "URL" = http://www.bing.com/search?q={searchTerms}&form=DLRDF8&pc=MDDR&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USREL/1
IE - HKCU\..\SearchScopes,DefaultScope = {49606DC7-976D-4030-A74E-9FB5C842FA68}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@talkbean.com/TBLPlugin: C:\Program Files (x86)\talkbeanLIVE2\npTBLPlugin.dll (Interpark Communications Korea)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Anne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Anne\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9}: C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\FirefoxPlugin\{01A8CA0A-4C96-465b-A49B-65C46FAD54F9} [2011/12/04 23:13:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/20 17:30:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 12:47:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/05 09:25:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{215B6270-D699-11E1-8270-B8AC6F996F26}: C:\Users\Anne\AppData\Local\{215B6270-D699-11E1-8270-B8AC6F996F26}\ [2012/07/25 16:41:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 12:47:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/03/05 09:25:56 | 000,000,000 | ---D | M]

[2011/12/04 22:35:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Extensions
[2012/05/02 17:38:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\exlzpcgg.default\extensions
[2012/04/27 00:29:46 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Anne\AppData\Roaming\Mozilla\Firefox\Profiles\exlzpcgg.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012/03/19 09:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/01/19 02:27:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/25 16:41:42 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\ANNE\APPDATA\LOCAL\{215B6270-D699-11E1-8270-B8AC6F996F26}
[2012/07/20 12:46:59 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/03/05 09:25:51 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012/07/20 12:46:50 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/20 12:46:50 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\Application\20.0.1132.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Anne\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: talkbeanLIVE2 Plugin (Enabled) = C:\Program Files (x86)\talkbeanLIVE2\npTBLPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Anne\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: B\u00FAsqueda de Google = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.8.0.8855_0\
CHR - Extension: \u003Cvideo\u003E de HTML5 de DivX Plus Web Player = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_1\
CHR - Extension: Gmail = C:\Users\Anne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/02 08:57:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5\Plugins\IEPlugin\contributeieplugin.dll (Adobe Systems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Dell\DW WLAN Card\WLTRAY.EXE (Dell Inc.)
O4:64bit: - HKLM..\Run: [FreeFallProtection] C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Desktop Disc Tool] C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe (Intel Corporation)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIHVA.EXE /EPT "EPLTarget\P0000000000000000" /M "WorkForce 645" File not found
O4 - HKCU..\Run: [googletalk] C:\Users\Anne\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{47ECA915-9F81-485D-B669-CDA2228B7E53}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7283793-CDDD-410D-8BE3-150729689297}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\spba: DllName - (C:\Program Files\Common Files\SPBA\homefus2.dll) - C:\Program Files\Common Files\SPBA\homefus2.dll (UPEK Inc.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

abks26, Aug 18, 2012

#40

Page 2 of 4

Add New Comment

	Social Login & Guest Posting			TechSpot Members Login here or sign up for free, it takes about a minute.
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.