Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Asklots, Browser Hijacker (Redirector)


  • This topic is locked This topic is locked
13 replies to this topic

#1 jaustindds

jaustindds

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 01 August 2010 - 01:55 PM

When trying to open a link that is found using google or yahoo on internet explorer, it redirects to another "search engine", asklots being one of them.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Austin Family at 14:23:27.35 on Sun 08/01/2010
Internet Explorer: 8.0.6001.18928
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.4094.1636 [GMT -4:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\SYSTEM32\WISPTIS.EXE
C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\AEADISRV.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\SysWOW64\OSDFORM.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Browser\Browser.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Rss\MyRss.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\System32\mobsync.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Austin Family\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.theonlinepractice.com/pro/websites/185611157/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=crossfire&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=crossfire&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=84&bd=crossfire&pf=cndt
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Yahooo Search Protection: {25bc7718-0bfa-40ea-b381-4b2d9732d686} - c:\program files (x86)\yahoo!\search protection\ysp.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~2\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files (x86)\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files (x86)\yahoo!\companion\installs\cpn0\yt.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\syswow64\TwcToolbarIe7.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files (x86)\spyware doctor\bdt\PCTBrowserDefender.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [HPSmartCenterBoot] c:\program files (x86)\hewlett-packard\touchsmart\smartcenter 2.0\SmartCenter.exe
uRun: [HPAdvisor] c:\program files (x86)\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [DW6] "c:\program files (x86)\the weather channel fw\desktop\DesktopWeather.exe"
uRun: [YSearchProtection] c:\program files (x86)\yahoo!\search protection\YspService.exe
uRun: [SpybotSD TeaTimer] c:\program files (x86)\spybot - search & destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [RegistryMechanic] c:\program files (x86)\registry mechanic\RMTray.exe /H
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [OsdMaestro] c:\program files\hewlett-packard\on-screen osd indicator\OSD64.exe
mRun: [HP KEYBOARD] "c:\program files (x86)\hewlett-packard\hp keyboard\HPKEYBOARD.EXE"
mRun: [Buttons & OSDs control application gen2] "c:\program files (x86)\hewlett packard\buttons & osds control application gen2\FastUserSwitching.exe"
mRun: [HP Health Check Scheduler] c:\program files (x86)\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [TSMAgent] "c:\program files (x86)\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files (x86)\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jusched.exe"
mRun: [HP Software Update] c:\program files (x86)\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [CLMLServer] "c:\program files (x86)\cyberlink\power2go\CLMLSvc.exe"
mRun: [P2Go_Menu] "c:\program files (x86)\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDRShortCut] "c:\program files (x86)\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [RemoteControl8] "c:\program files (x86)\cyberlink\powerdvd8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "c:\program files (x86)\cyberlink\powerdvd8\language\Language.exe"
mRun: [UpdatePPShortCut] "c:\program files (x86)\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [DVDAgent] "c:\program files (x86)\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files (x86)\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [YMailAdvisor] "c:\program files (x86)\yahoo!\common\YMailAdvisor.exe"
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SSDMonitor] "c:\program files (x86)\common files\pc tools\smonitor\SSDMonitor.exe"
StartupFolder: c:\progra~3\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~2\spybot~1\SDHelper.dll
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
Trusted Zone: yahoo.com\us.mg4.mail
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files (x86)\yahoo!\common\Yinsthelper.dll
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} - hxxp://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TB-X64: PC Tools Browser Guard: {472734EA-242A-422B-ADF8-83D1E48CC825} -
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [OsdMaestro] "c:\program files\hewlett-packard\on-screen osd indicator\OSD.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun-x64: [SoundMAX] "c:\program files (x86)\analog devices\soundmax\SoundMAX.exe" /tray
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [2010-8-1 233488]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-31 121936]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore64.exe [2010-6-29 128752]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-31 20048]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-7-31 61008]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\spyware doctor\bdt\BDTUpdateService.exe [2010-8-1 112592]
R2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\hewlett-packard\touchsmart\calendar\service\GCalService.exe [2008-8-1 21296]
R2 HP Touch Screen Enhance;HP Touch Screen Enhance;c:\program files (x86)\hewlett-packard\hp touch screen enhance service\HPTSEnSrv.EXE [2008-7-10 100864]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\common files\pc tools\smonitor\StartManSvc.exe [2010-8-1 632792]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\spybot - search & destroy\SDWinSec.exe [2010-7-31 1153368]
R3 ACPIService;Buttons and OSDs ACPI driver gen2;c:\windows\system32\drivers\OSDACPI.SYS [2009-8-13 15928]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-31 40384]
R3 AVerAVF2;AVerAVF2;c:\windows\system32\drivers\AVerAVF2.sys [2009-8-13 840960]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-13 36392]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\drivers\netr28x.sys [2009-8-13 459776]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\drivers\usbaapl64.sys [2009-8-28 49152]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 22528]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe [2008-1-20 93696]
S3 PerfHost;Performance Counter DLL Host;c:\windows\syswow64\perfhost.exe [2008-1-20 19968]
S3 rcmirror;rcmirror;c:\windows\system32\drivers\rcmirror.sys [2010-1-18 4608]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\spyware doctor\pctsAuxs.exe [2010-8-1 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files (x86)\spyware doctor\pctsSvc.exe [2010-8-1 1142224]

============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-01 18:18:55 0 ----a-w- c:\users\austin family\defogger_reenable
2010-08-01 16:46:51 0 d-----w- c:\users\austin~1\appdata\roaming\Registry Mechanic
2010-08-01 15:36:17 6012928 ----a-w- c:\users\austin family\s-1-5-21-179137026-861539501-149276422-1000.rrr
2010-08-01 15:27:50 880640 ----a-w- c:\windows\syswow64\UniBox10.ocx
2010-08-01 15:27:50 212992 ----a-w- c:\windows\syswow64\UniBoxVB12.ocx
2010-08-01 15:27:50 1101824 ----a-w- c:\windows\syswow64\UniBox210.ocx
2010-08-01 15:27:49 506368 ----a-w- c:\windows\syswow64\msxml.dll
2010-08-01 15:27:47 1081616 ----a-w- c:\windows\syswow64\MSCOMCTL.OCX
2010-08-01 14:51:57 882 ----a-w- c:\windows\RegSDImport.xml
2010-08-01 14:51:57 879 ----a-w- c:\windows\RegISSImport.xml
2010-08-01 14:51:57 767952 ----a-w- c:\windows\BDTSupport.dll
2010-08-01 14:51:57 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-08-01 14:51:57 131 ----a-w- c:\windows\IDB.zip
2010-08-01 14:51:56 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-08-01 14:51:56 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-08-01 14:51:56 1152444 ----a-w- c:\windows\UDB.zip
2010-08-01 14:50:44 7357 ----a-w- c:\windows\system32\drivers\pctgntdi64.cat
2010-08-01 14:50:44 306648 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2010-08-01 14:50:44 133072 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2010-08-01 14:50:42 7353 ----a-w- c:\windows\system32\drivers\pctcore64.cat
2010-08-01 14:50:42 233488 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2010-08-01 14:50:37 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2010-08-01 14:50:37 7353 ----a-w- c:\windows\system32\drivers\pctplsg64.cat
2010-08-01 14:50:27 0 d-----w- c:\users\austin~1\appdata\roaming\PC Tools
2010-08-01 14:50:27 0 d-----w- c:\programdata\PC Tools
2010-08-01 14:50:27 0 d-----w- c:\program files (x86)\Spyware Doctor
2010-08-01 14:50:27 0 d-----w- c:\program files (x86)\common files\PC Tools
2010-08-01 13:04:36 0 d-----w- c:\users\austin~1\appdata\roaming\SUPERAntiSpyware.com
2010-08-01 13:04:25 0 d-----w- c:\program files\SUPERAntiSpyware
2010-07-31 20:25:45 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-07-31 20:25:45 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-07-31 20:13:21 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-07-31 20:13:07 0 d-----w- c:\programdata\!SASCORE
2010-07-31 18:37:13 0 d-----w- c:\users\austin~1\appdata\roaming\Malwarebytes
2010-07-31 18:37:05 0 d-----w- c:\programdata\Malwarebytes
2010-07-31 18:37:04 24664 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-31 18:37:04 0 d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-07-31 16:49:22 88064 ----a-w- c:\windows\system32\admparse.dll
2010-07-31 16:47:20 32256 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-07-31 16:47:20 28672 ----a-w- c:\windows\syswow64\Apphlpdm.dll
2010-07-31 16:47:19 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-07-31 16:47:18 4240384 ----a-w- c:\windows\syswow64\GameUXLegacyGDFs.dll
2010-07-31 16:25:50 0 d-----w- c:\programdata\WinZip
2010-07-31 16:00:43 270208 ------w- c:\windows\system32\MpSigStub.exe
2010-07-31 16:00:39 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-07-31 16:00:39 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-07-31 16:00:18 171520 ----a-w- c:\windows\syswow64\wintrust.dll
2010-07-31 16:00:17 218112 ----a-w- c:\windows\system32\wintrust.dll
2010-07-31 16:00:13 145184 ----a-w- c:\windows\syswow64\java.exe
2010-07-31 16:00:08 98304 ----a-w- c:\windows\syswow64\cabview.dll
2010-07-31 16:00:02 104960 ----a-w- c:\windows\system32\cabview.dll
2010-07-31 15:54:43 61008 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-07-31 15:54:43 0 ----a-w- c:\windows\syswow64\config.nt
2010-07-31 15:53:25 38848 ----a-w- c:\windows\avastSS.scr
2010-07-31 15:53:23 165032 ----a-w- c:\windows\syswow64\aswBoot.exe
2010-07-31 15:49:14 0 d-----w- c:\programdata\Yahoo!
2010-07-31 15:48:14 2621440 ----a-w- c:\windows\system32\wucltux.dll
2010-07-31 15:47:57 98816 ----a-w- c:\windows\system32\wudriver.dll
2010-07-31 15:47:57 87552 ----a-w- c:\windows\syswow64\wudriver.dll
2010-07-31 15:47:57 575704 ----a-w- c:\windows\syswow64\wuapi.dll
2010-07-31 15:47:57 35552 ----a-w- c:\windows\syswow64\wups.dll
2010-07-31 15:47:42 36864 ----a-w- c:\windows\system32\wuapp.exe
2010-07-31 15:47:42 33792 ----a-w- c:\windows\syswow64\wuapp.exe
2010-07-31 15:47:42 185416 ----a-w- c:\windows\system32\wuwebv.dll
2010-07-31 15:47:42 171608 ----a-w- c:\windows\syswow64\wuwebv.dll
2010-07-31 15:30:53 524288 --sha-w- c:\users\austin family\NTUSER.DAT{5c88663d-9a61-11df-9695-002186d75c4e}.TMContainer00000000000000000002.regtrans-ms
2010-07-31 15:30:52 65536 --sha-w- c:\users\austin family\NTUSER.DAT{5c88663d-9a61-11df-9695-002186d75c4e}.TM.blf
2010-07-31 15:30:52 524288 --sha-w- c:\users\austin family\NTUSER.DAT{5c88663d-9a61-11df-9695-002186d75c4e}.TMContainer00000000000000000001.regtrans-ms
2010-07-18 22:11:07 0 d-----w- c:\programdata\Alwil Software
2010-07-18 22:11:07 0 d-----w- c:\program files\Alwil Software

==================== Find3M ====================

2010-08-01 01:33:07 51200 ----a-w- c:\windows\inf\infpub.dat
2010-08-01 01:33:07 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-07-31 19:12:51 86016 ----a-w- c:\windows\inf\infstor.dat
2010-07-17 09:00:04 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-06-08 12:46:06 0 ----a-w- c:\users\austin~1\appdata\roaming\wklnhst.dat
2010-05-04 06:56:19 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 06:51:49 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-05-04 06:51:48 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-05-04 05:59:21 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-05-04 05:59:11 1209344 ----a-w- c:\windows\syswow64\urlmon.dll
2010-05-04 05:58:07 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-05-04 05:56:49 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-05-04 05:56:28 5950976 ----a-w- c:\windows\syswow64\mshtml.dll
2010-05-04 05:56:25 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-05-04 05:56:25 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-05-04 05:55:56 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-05-04 05:55:42 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-05-04 05:55:42 1985536 ----a-w- c:\windows\syswow64\iertutil.dll
2010-05-04 05:55:42 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-05-04 05:55:42 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-05-04 05:55:41 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-05-04 05:55:41 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-05-04 05:55:41 11076096 ----a-w- c:\windows\syswow64\ieframe.dll
2010-05-04 05:55:37 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-05-04 05:01:59 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-05-04 04:31:05 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-05-04 04:30:58 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-05-04 04:30:19 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-03-16 13:00:29 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-08-13 16:11:10 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 14:24:19.79 ===============

Have tried Spybot S&D, Super Anitspyware Pro, Registry Mechanic, Spyware Doctor, and have avast installed...thanks, John

This problem is also present on a laptop and another desktop. Should I attach their logs as well?

Merged 3 posts. One computer per topic please. ~ OB

Attached Files


Edited by Orange Blossom, 01 August 2010 - 08:06 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 09 August 2010 - 12:48 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  1. Double click on RSIT.exe to run RSIT.
  2. Click Continue at the disclaimer screen.
  3. Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  1. Reply to this thread; do not start another!
  2. Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  3. Do not run any other tool until instructed to do so!
  4. Let me know if any of the links do not work or if any of the tools do not work.
  5. Tell me about problems or symptoms that occur during the fix.
  6. Do not run any other programs or open any other windows while doing a fix.
  7. Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 09 August 2010 - 12:50 PM

After sending you the log(s) I have turned the computer off and have not used it...do you still want new logs? Thanks in advance, John

#4 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 09 August 2010 - 05:37 PM

Logfile of random's system information tool 1.08 (written by random/random)
Run by Austin Family at 2010-08-09 18:32:43
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 564 GB (80%) free of 703 GB
Total RAM: 4094 MB (35% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:33:02 PM, on 8/9/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\SysWOW64\OSDFORM.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Browser\Browser.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Rss\MyRss.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Austin Family\Desktop\RSIT.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Program Files (x86)\trend micro\Austin Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonlinepractice.com/pro/websites/185611157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15949 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{53A6A850-3F5D-40A1-826E-5A779034E7D9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-16 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
Yahooo Search Protection - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll [2010-03-31 578872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}]
PC Tools Browser Guard BHO - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\WINDOWS\SysWow64\TwcToolbarIe7.dll [2009-06-23 331776]
{472734EA-242A-422B-ADF8-83D1E48CC825} - PC Tools Browser Guard - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll [2010-01-22 567248]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP KEYBOARD"=C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE [2008-06-20 464384]
"Buttons & OSDs control application gen2"=C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe [2008-05-27 208896]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"UCam_Menu"=c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-07-10 1140008]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-07-10 210216]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2007-10-17 128296]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-11-28 210216]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"DVDAgent"=C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-11 1148200]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-06-17 40368]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"YMailAdvisor"=C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]
"SSDMonitor"=C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2010-04-08 104408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"HPSmartCenterBoot"=C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe [2008-07-23 3658032]
"HPAdvisor"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-07-24 972080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"DW6"=C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe [2009-12-21 818288]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe [2010-03-31 243000]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010-07-19 2957040]
"RegistryMechanic"=C:\Program Files (x86)\Registry Mechanic\RMTray.exe [2010-04-08 292824]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-09 18:32:43 ----D---- C:\rsit
2010-08-09 18:32:43 ----D---- C:\Program Files (x86)\trend micro
2010-08-01 12:46:51 ----D---- C:\Users\Austin Family\AppData\Roaming\Registry Mechanic
2010-08-01 11:27:49 ----A---- C:\Windows\SysWOW64\msxml.dll
2010-08-01 11:27:40 ----D---- C:\Program Files (x86)\Registry Mechanic
2010-08-01 10:51:57 ----A---- C:\Windows\SGDetectionTool.dll
2010-08-01 10:51:57 ----A---- C:\Windows\BDTSupport.dll
2010-08-01 10:51:56 ----A---- C:\Windows\PCTBDRes.dll
2010-08-01 10:51:56 ----A---- C:\Windows\PCTBDCore.dll
2010-08-01 10:50:27 ----D---- C:\Users\Austin Family\AppData\Roaming\PC Tools
2010-08-01 10:50:27 ----D---- C:\ProgramData\PC Tools
2010-08-01 10:50:27 ----D---- C:\Program Files (x86)\Spyware Doctor
2010-08-01 10:50:27 ----D---- C:\Program Files (x86)\Common Files\PC Tools
2010-08-01 09:04:36 ----D---- C:\Users\Austin Family\AppData\Roaming\SUPERAntiSpyware.com
2010-07-31 16:25:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-31 16:25:45 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-07-31 16:13:21 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-07-31 16:13:07 ----D---- C:\ProgramData\!SASCORE
2010-07-31 14:37:13 ----D---- C:\Users\Austin Family\AppData\Roaming\Malwarebytes
2010-07-31 14:37:06 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-07-31 14:37:05 ----D---- C:\ProgramData\Malwarebytes
2010-07-31 14:37:04 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-07-31 12:53:49 ----A---- C:\Windows\SysWOW64\occache.dll
2010-07-31 12:53:49 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-07-31 12:53:47 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-07-31 12:53:47 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-07-31 12:53:47 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-07-31 12:53:46 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-07-31 12:53:46 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-07-31 12:53:46 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-07-31 12:53:45 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-07-31 12:53:45 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-07-31 12:53:44 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-07-31 12:53:44 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-07-31 12:53:44 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-07-31 12:53:43 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-07-31 12:53:43 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-07-31 12:53:41 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-07-31 12:53:38 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-07-31 12:53:37 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-07-31 12:53:35 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\icardie.dll
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\advpack.dll
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\admparse.dll
2010-07-31 12:49:21 ----A---- C:\Windows\SysWOW64\ieakeng.dll
2010-07-31 12:49:21 ----A---- C:\Windows\SysWOW64\corpol.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\wextract.exe
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\pngfilt.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\msls31.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\imgutil.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\webcheck.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\msrating.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\inseng.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\ieakui.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2010-07-31 12:49:16 ----A---- C:\Windows\SysWOW64\WinFXDocObj.exe
2010-07-31 12:49:16 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-07-31 12:49:16 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-07-31 12:49:15 ----A---- C:\Windows\SysWOW64\url.dll
2010-07-31 12:49:15 ----A---- C:\Windows\SysWOW64\mshtmler.dll
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\SetDepNx.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\PDMSetup.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\mshta.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\iexpress.exe
2010-07-31 12:47:20 ----A---- C:\Windows\SysWOW64\Apphlpdm.dll
2010-07-31 12:47:18 ----A---- C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2010-07-31 12:25:50 ----D---- C:\ProgramData\WinZip
2010-07-31 12:25:46 ----D---- C:\Program Files (x86)\WinZip
2010-07-31 12:00:39 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-07-31 12:00:39 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-07-31 12:00:18 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-07-31 12:00:13 ----A---- C:\Windows\SysWOW64\java.exe
2010-07-31 12:00:08 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-07-31 11:53:23 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2010-07-31 11:49:14 ----D---- C:\ProgramData\Yahoo!
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wups.dll
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wudriver.dll
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wuapi.dll
2010-07-31 11:47:42 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2010-07-31 11:47:42 ----A---- C:\Windows\SysWOW64\wuapp.exe
2010-07-28 09:51:52 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-27 14:34:55 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2010-07-18 18:11:07 ----D---- C:\ProgramData\Alwil Software

======List of files/folders modified in the last 1 months======

2010-08-09 18:33:02 ----D---- C:\Windows\winsxs
2010-08-09 18:32:43 ----RD---- C:\Program Files (x86)
2010-08-09 18:32:15 ----D---- C:\Windows\Temp
2010-08-09 18:30:39 ----D---- C:\Windows\System32
2010-08-09 18:30:39 ----D---- C:\Windows\inf
2010-08-09 18:29:49 ----SHD---- C:\System Volume Information
2010-08-09 18:25:01 ----AD---- C:\ProgramData\Temp
2010-08-01 14:23:27 ----D---- C:\Windows\Prefetch
2010-08-01 11:27:50 ----D---- C:\Windows\SysWOW64
2010-08-01 10:51:57 ----D---- C:\WINDOWS
2010-08-01 10:50:35 ----SHD---- C:\Windows\Installer
2010-08-01 10:50:27 ----HD---- C:\ProgramData
2010-08-01 10:50:27 ----D---- C:\Program Files (x86)\Common Files
2010-08-01 09:04:25 ----RD---- C:\Program Files
2010-07-31 16:27:57 ----D---- C:\Windows\Minidump
2010-07-31 16:27:51 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-07-31 15:13:26 ----D---- C:\ProgramData\Symantec
2010-07-31 15:08:11 ----D---- C:\Windows\SysWOW64\drivers
2010-07-31 15:08:00 ----D---- C:\Windows\Tasks
2010-07-31 14:27:48 ----D---- C:\Windows\rescache
2010-07-31 12:56:06 ----D---- C:\Windows\SysWOW64\migration
2010-07-31 12:56:06 ----D---- C:\Program Files (x86)\Internet Explorer
2010-07-31 12:55:45 ----D---- C:\Windows\SysWOW64\en-US
2010-07-31 12:55:40 ----D---- C:\Windows\PolicyDefinitions
2010-07-31 12:55:29 ----D---- C:\Windows\AppPatch
2010-07-31 12:00:10 ----D---- C:\Program Files (x86)\Java
2010-07-31 11:49:33 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-31 11:49:22 ----D---- C:\Program Files (x86)\Yahoo!
2010-07-31 11:28:32 ----SD---- C:\Windows\Downloaded Program Files
2010-07-31 11:28:32 ----RSD---- C:\Windows\Media
2010-07-31 11:28:32 ----D---- C:\Windows\SysWOW64\wbem
2010-07-31 11:28:32 ----D---- C:\Windows\SysWOW64\ias
2010-07-31 11:28:32 ----D---- C:\Windows\servicing
2010-07-31 11:28:32 ----D---- C:\Program Files (x86)\Windows Mail
2010-07-31 11:28:28 ----D---- C:\Windows\SMINST
2010-07-31 11:28:11 ----D---- C:\Windows\registration
2010-07-28 09:53:49 ----RSD---- C:\Windows\assembly
2010-07-28 09:52:48 ----D---- C:\Windows\Microsoft.NET
2010-07-28 09:24:10 ----D---- C:\Windows\Debug
2010-07-27 21:57:39 ----D---- C:\ProgramData\Apple
2010-07-26 12:02:04 ----SD---- C:\Users\Austin Family\AppData\Roaming\Microsoft
2010-07-25 20:54:02 ----D---- C:\Windows\SoftwareDistribution
2010-07-17 05:00:04 ----A---- C:\Windows\SysWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
R0 PCTCore;PCTools KDS; C:\Windows\system32\drivers\PCTCore64.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 ACPIService;Buttons and OSDs ACPI driver gen2; C:\Windows\system32\DRIVERS\OSDACPI.SYS []
R3 AVerAVF2;AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 Browser Defender Update Service;Browser Defender Update Service; C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [2010-01-22 112592]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-14 796712]
R2 CalendarSynchService;CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-08-01 21296]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HP Touch Screen Enhance;HP Touch Screen Enhance; c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2008-07-10 100864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-04-08 632792]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2008-10-06 241734]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service; C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
S3 sdCoreService;PC Tools Security Service; C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe [2010-03-15 1142224]

-----------------EOF-----------------


#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 10 August 2010 - 09:52 AM

Step 1

Often redirection is caused by a DNS and Hosts file hijack. Flush and restore both.

Clean Hosts File
    * Access folder C:\WINDOWS\SYSTEM32\DRIVERS\ETC in Explorer.
  1. Open file HOSTS in Notepad . Before making changes, do a Save As and save a backup of this file as HOSTS.BAK .
  2. Reopen the HOSTS file.
  3. Delete all entries in this file except for the following and any other entries you are sure have legitimate uses:

    127.0.0.1 localhost
  4. Save the file.
Note: If you use customized Hosts Files such as the mvps hosts file, you will need to download and install it again. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE.

Flush DNS:
  1. Open up a command prompt Start > Run > "cmd.exe" > OK.
  2. Type in the command ipconfig /flushdns.
Step 2

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
Be sure to download TDSSKiller.exe (v2.4.0.0) from Kaspersky's website and not TDSSKiller.zip which appears to be an older version 2.3.2.2 of the tool.
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.
Please post a new HijackThis log.


You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#6 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 10 August 2010 - 07:59 PM

Still redirecting when search for hijackthis on yahoo...not sure if that helps you or not...thanks, john

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:57:56 PM, on 8/10/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18928)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe
C:\Windows\SysWOW64\OSDFORM.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Browser\Browser.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Rss\MyRss.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Austin Family\Desktop\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonlinepractice.com/pro/websites/185611157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SysWow64\TwcToolbarIe7.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [SSDMonitor] "C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files (x86)\Registry Mechanic\RMTray.exe /H
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 15366 bytes


#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 11 August 2010 - 03:42 PM

Step 1

Please download ComboFix.
Alternate Link 1
Alternate Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop. Do NOT run it yet!

Step 2

We need to disconnect your computer from the Internet. By doing this, it prevents any further Internet activity until the removal of malware is complete. You need to make it impossible for viruses, trojan horses, worms and spyware to call for backup once you start to dismantle them. They will continue to infect your computer with new variants while you are connected to the Internet. We also need to prevent hackers from controlling your system and they will try to prevent you from removing the pests they installed on your computer.

According to how your computer connects to the Internet, please disconnect your computer from the Internet. Possible means of disconnecting your computer from the Internet include:
  • Physically remove the cable for your broadband Internet service “Always On” Connection from your computer.
  • Turn your modem off.
  • Disconnect your modem cable from your computer.
  • Turn the device off for Hand-held wireless connections.
  • Some laptops have a switch that will disconnect the laptop from the Internet.
Step 3

Prior to running ComboFix, we need to close or uninstall some programs.
  1. Close or disable all running Antivirus, Antispyware, and Firewall programs as they may interfere with the proper running of ComboFix
  2. If you are running Kaspersky antivirus, it may give you warnings about combofix.exe and catchme.exe being infected as Heur.Invader. These are false positives. Tell Kaspersky to Skip or Ignore these and let ComboFix run. McAfee may also interfere with ComboFix.
  3. If you are using Online Armor's Firewall, you will have to uninstall it in order for ComboFix to work properly.
  4. Close all open Windows including this one.
Step 4
  1. Double click on ComboFix and follow the prompts.
  2. As part of its process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it is strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  3. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  4. **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue its malware removal procedures.
  5. After the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    QUOTE
    The Recovery Console was successfully installed. Click 'Yes' to continue scanning for malware.
    Click 'No' to exit.
  6. Click Yes, to continue scanning for malware.
  7. When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  8. Notes:
    • Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    • ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
    • ComboFix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal and increase security. If this is an issue or makes it difficult for you -- please tell me.
    • ComboFix disconnects your machine from the Internet. The connection is automatically restored before ComboFix completes its run. If ComboFix runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
If you have any problems, see How to use ComboFix.

Step 5

Please post:
  • C:\ComboFix.txt (the log from ComboFix)
  • a new HijackThis log








You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 11 August 2010 - 07:18 PM

am running windows vista 64bit...i am not sure combo fix will work with this...thanks, john

#9 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 August 2010 - 07:29 AM

After reading some other forum posts, I decided to check my router settings (with a different computer)...I have disconnected the one we have been working on from the internet and local network...after looking at the settings it looks like there were some changes made to where I am routed for DNS function...also I forgot to reset the default password on the router from "password"...so I did a hard reset and changed the password on the router...I also ran malwarebytes and did an ESET online scan on that computer...afterwards, I tried dumping the ipconfig/dns settings with a command prompt but it came back that it needed to be "elevated" not sure what that meant...however after deleting and quarantining a few trojans first via malwarebytes and then with ESET, that computer does not appear to be redirecting...should I scan that one and attach a particular log? Maybe that would clue us in for the one we are working with? Just a though from a novice...thanks much, John

#10 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 12 August 2010 - 03:55 PM

I ran the malware antibytes program on computer that we were working on, then a ESET online scan. Afterwards no redirection...I believe that my viruses have been removed possibly, but am concerned if there were any registry changes/problems that I may have/encounter...here is a RSIT/Hijackthis log that was just completed.

Logfile of random's system information tool 1.08 (written by random/random)
Run by Austin Family at 2010-08-12 16:52:20
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 563 GB (80%) free of 703 GB
Total RAM: 4094 MB (37% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:52:31 PM, on 8/12/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\HWManager.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Windows\SysWOW64\OSDFORM.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartVideo.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Notes\LifeCenterNotes.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartPhoto.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\HPTouchSmartMusic.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\LifeCenterCalendar.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Clock\Clock.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Browser\Browser.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Rss\MyRss.exe
c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnProxy.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Messages\Messages.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Controls\Controls.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10d.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Austin Family\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\Austin Family.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.theonlinepractice.com/pro/websites/185611157/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...ire&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: YSPManager - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\WINDOWS\SysWow64\TwcToolbarIe7.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [OsdMaestro] c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe
O4 - HKLM\..\Run: [HP KEYBOARD] "C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE"
O4 - HKLM\..\Run: [Buttons & OSDs control application gen2] "C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UCam_Menu] "c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [YMailAdvisor] "C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe"
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [HPSmartCenterBoot] C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DW6] "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} (Hewlett-Packard Online Support Services) - http://h20364.www2.hp.com/CSMWeb/Customer/...DataManager.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files (x86)\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8FD07749-EFFA-48C6-947C-45A8D7BF422F} (CLVistaGenie Control) - http://www.cyberlink.com/prog/vista/prog/CLVistaGenie.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: SAS Core Service (!SASCORE) - Unknown owner - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (file missing)
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CalendarSynchService - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Touch Screen Enhance - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 14144 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{53A6A850-3F5D-40A1-826E-5A779034E7D9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2010-06-16 61888]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25BC7718-0BFA-40EA-B381-4B2D9732D686}]
Yahooo Search Protection - C:\Program Files (x86)\Yahoo!\Search Protection\ysp.dll [2010-03-31 578872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2010-04-12 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll [2010-03-23 158520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll [2010-03-23 1205560]
{2E5E800E-6AC0-411E-940A-369530A35E43} - The Weather Channel Toolbar - C:\WINDOWS\SysWow64\TwcToolbarIe7.dll [2009-06-23 331776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"=c:\hp\support\hpsysdrv.exe [2007-04-18 65536]
"OsdMaestro"=c:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD64.exe [2007-02-15 119296]
"HP KEYBOARD"=C:\Program Files (x86)\Hewlett-Packard\HP KEYBOARD\HPKEYBOARD.EXE [2008-06-20 464384]
"Buttons & OSDs control application gen2"=C:\Program Files (x86)\Hewlett Packard\Buttons & OSDs control application gen2\FastUserSwitching.exe [2008-05-27 208896]
"HP Health Check Scheduler"=c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-06-02 75008]
"UCam_Menu"=c:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2007-09-13 222504]
"TSMAgent"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [2008-07-10 1140008]
"CLMLServer for HP TouchSmart"=c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [2008-07-10 210216]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
"HP Software Update"=c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2009-11-11 417792]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2007-10-17 128296]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2007-08-17 218408]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [2008-11-28 210216]
"RemoteControl8"=C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
"PDVD8LanguageShortcut"=C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [2007-12-14 50472]
"UpdatePPShortCut"=C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"DVDAgent"=C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [2009-03-11 1148200]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [2010-06-17 40368]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-06-09 976832]
"YMailAdvisor"=C:\Program Files (x86)\Yahoo!\Common\YMailAdvisor.exe [2009-05-08 174424]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-06-28 2837864]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2008-01-20 1555968]
"HPSmartCenterBoot"=C:\Program Files (x86)\Hewlett-Packard\TouchSmart\SmartCenter 2.0\SmartCenter.exe [2008-07-23 3658032]
"HPAdvisor"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [2008-07-24 972080]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-20 138240]
"DW6"=C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe [2009-12-21 818288]
"YSearchProtection"=C:\Program Files (x86)\Yahoo!\Search Protection\YspService.exe [2010-03-31 243000]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\SysWOW64\Notepad.exe %1
.js - open - C:\Windows\SysWOW64\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2010-08-12 07:34:33 ----D---- C:\Program Files (x86)\ESET
2010-08-12 07:22:16 ----A---- C:\Windows\isRS-000.tmp
2010-08-12 07:20:50 ----A---- C:\Windows\SysWOW64\drivers\mbamswissarmy.sys
2010-08-12 07:20:48 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2010-08-11 20:24:00 ----D---- C:\32788R22FWJFW
2010-08-11 03:02:39 ----A---- C:\Windows\SysWOW64\PresentationHostProxy.dll
2010-08-11 03:02:39 ----A---- C:\Windows\SysWOW64\PresentationHost.exe
2010-08-11 03:02:39 ----A---- C:\Windows\SysWOW64\netfxperf.dll
2010-08-11 03:02:39 ----A---- C:\Windows\SysWOW64\mscoree.dll
2010-08-11 03:02:39 ----A---- C:\Windows\SysWOW64\dfshim.dll
2010-08-10 20:43:50 ----A---- C:\TDSSKiller.2.4.1.1_10.08.2010_20.43.50_log.txt
2010-08-10 20:34:04 ----A---- C:\Windows\SysWOW64\winhttp.dll
2010-08-10 20:33:50 ----A---- C:\Windows\SysWOW64\rtutils.dll
2010-08-10 20:33:47 ----A---- C:\Windows\SysWOW64\iccvid.dll
2010-08-10 20:32:58 ----A---- C:\Windows\SysWOW64\iertutil.dll
2010-08-10 20:32:57 ----A---- C:\Windows\SysWOW64\mshtml.dll
2010-08-10 20:32:57 ----A---- C:\Windows\SysWOW64\ieframe.dll
2010-08-10 20:32:56 ----A---- C:\Windows\SysWOW64\urlmon.dll
2010-08-10 20:32:55 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2010-08-10 20:32:49 ----A---- C:\Windows\SysWOW64\wininet.dll
2010-08-10 20:32:49 ----A---- C:\Windows\SysWOW64\mstime.dll
2010-08-10 20:32:49 ----A---- C:\Windows\SysWOW64\ieui.dll
2010-08-10 20:32:49 ----A---- C:\Windows\SysWOW64\iedkcs32.dll
2010-08-10 20:32:49 ----A---- C:\Windows\SysWOW64\ie4uinit.exe
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\occache.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\msfeedssync.exe
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\msfeedsbs.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\ieUnatt.exe
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\iesetup.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\iernonce.dll
2010-08-10 20:32:48 ----A---- C:\Windows\SysWOW64\iepeers.dll
2010-08-10 20:32:47 ----A---- C:\Windows\SysWOW64\msxml3.dll
2010-08-10 20:32:46 ----A---- C:\Windows\SysWOW64\schannel.dll
2010-08-09 19:00:43 ----D---- C:\Program Files (x86)\MSXML 4.0
2010-08-09 18:51:11 ----A---- C:\Windows\SysWOW64\icardres.dll
2010-08-09 18:51:10 ----A---- C:\Windows\SysWOW64\PresentationNative_v0300.dll
2010-08-09 18:51:09 ----A---- C:\Windows\SysWOW64\infocardapi.dll
2010-08-09 18:51:09 ----A---- C:\Windows\SysWOW64\icardagt.exe
2010-08-09 18:51:03 ----A---- C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2010-08-09 18:43:07 ----A---- C:\Windows\SysWOW64\mscorier.dll
2010-08-09 18:43:04 ----A---- C:\Windows\SysWOW64\mscories.dll
2010-08-09 18:40:52 ----A---- C:\Windows\SysWOW64\nshhttp.dll
2010-08-09 18:40:49 ----A---- C:\Windows\SysWOW64\httpapi.dll
2010-08-09 18:38:53 ----A---- C:\Windows\SysWOW64\psisdecd.dll
2010-08-09 18:38:53 ----A---- C:\Windows\SysWOW64\EncDec.dll
2010-08-09 18:32:43 ----D---- C:\rsit
2010-08-09 18:32:43 ----D---- C:\Program Files (x86)\trend micro
2010-08-09 18:31:50 ----A---- C:\Windows\SysWOW64\shell32.dll
2010-08-01 12:46:51 ----D---- C:\Users\Austin Family\AppData\Roaming\Registry Mechanic
2010-08-01 08:14:50 ----A---- C:\Windows\SysWOW64\jscript.dll
2010-08-01 08:14:48 ----A---- C:\Windows\SysWOW64\vbscript.dll
2010-08-01 03:17:30 ----A---- C:\Windows\SysWOW64\wmp.dll
2010-08-01 03:17:28 ----A---- C:\Windows\SysWOW64\unregmp2.exe
2010-08-01 03:17:26 ----A---- C:\Windows\SysWOW64\wmploc.DLL
2010-08-01 03:16:57 ----A---- C:\Windows\SysWOW64\connect.dll
2010-08-01 03:16:37 ----A---- C:\Windows\SysWOW64\Apphlpdm.dll
2010-08-01 03:16:36 ----A---- C:\Windows\SysWOW64\GameUXLegacyGDFs.dll
2010-08-01 03:16:32 ----A---- C:\Windows\SysWOW64\PortableDeviceApi.dll
2010-08-01 03:15:52 ----A---- C:\Windows\SysWOW64\RMActivate_isv.exe
2010-08-01 03:15:52 ----A---- C:\Windows\SysWOW64\RMActivate.exe
2010-08-01 03:15:51 ----A---- C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2010-08-01 03:15:51 ----A---- C:\Windows\SysWOW64\RMActivate_ssp.exe
2010-08-01 03:15:50 ----A---- C:\Windows\SysWOW64\secproc_isv.dll
2010-08-01 03:15:50 ----A---- C:\Windows\SysWOW64\secproc.dll
2010-08-01 03:15:49 ----A---- C:\Windows\SysWOW64\secproc_ssp_isv.dll
2010-08-01 03:15:49 ----A---- C:\Windows\SysWOW64\secproc_ssp.dll
2010-08-01 03:15:49 ----A---- C:\Windows\SysWOW64\msdrm.dll
2010-08-01 03:13:43 ----A---- C:\Windows\SysWOW64\Faultrep.dll
2010-08-01 03:13:39 ----A---- C:\Windows\SysWOW64\WindowsCodecsExt.dll
2010-08-01 03:13:39 ----A---- C:\Windows\SysWOW64\WindowsCodecs.dll
2010-08-01 03:13:39 ----A---- C:\Windows\SysWOW64\PhotoMetadataHandler.dll
2010-08-01 03:13:15 ----A---- C:\Windows\SysWOW64\t2embed.dll
2010-08-01 03:13:10 ----A---- C:\Windows\SysWOW64\quartz.dll
2010-08-01 03:13:07 ----A---- C:\Windows\SysWOW64\asycfilt.dll
2010-08-01 03:12:52 ----A---- C:\Windows\SysWOW64\WMSPDMOD.DLL
2010-08-01 03:12:48 ----A---- C:\Windows\SysWOW64\xolehlp.dll
2010-08-01 03:12:48 ----A---- C:\Windows\SysWOW64\msdtcprx.dll
2010-08-01 03:12:23 ----A---- C:\Windows\SysWOW64\rastls.dll
2010-08-01 03:12:22 ----A---- C:\Windows\SysWOW64\raschap.dll
2010-08-01 03:12:17 ----A---- C:\Windows\SysWOW64\rpcrt4.dll
2010-08-01 03:12:09 ----A---- C:\Windows\SysWOW64\msasn1.dll
2010-08-01 03:12:00 ----A---- C:\Windows\SysWOW64\explorer.exe
2010-08-01 03:11:59 ----A---- C:\Windows\explorer.exe
2010-08-01 03:11:51 ----A---- C:\Windows\SysWOW64\WMNetMgr.dll
2010-08-01 03:11:51 ----A---- C:\Windows\SysWOW64\logagent.exe
2010-08-01 03:11:34 ----A---- C:\Windows\SysWOW64\WMVCORE.DLL
2010-08-01 03:11:33 ----A---- C:\Windows\SysWOW64\mf.dll
2010-08-01 03:11:20 ----A---- C:\Windows\SysWOW64\inetcomm.dll
2010-08-01 03:11:03 ----A---- C:\Windows\SysWOW64\sdohlp.dll
2010-08-01 03:11:03 ----A---- C:\Windows\SysWOW64\iasrecst.dll
2010-08-01 03:11:03 ----A---- C:\Windows\SysWOW64\iashost.exe
2010-08-01 03:11:03 ----A---- C:\Windows\SysWOW64\iasdatastore.dll
2010-08-01 03:11:03 ----A---- C:\Windows\SysWOW64\iasads.dll
2010-08-01 03:09:38 ----A---- C:\Windows\SysWOW64\gdi32.dll
2010-08-01 03:09:27 ----A---- C:\Windows\SysWOW64\wdigest.dll
2010-08-01 03:09:27 ----A---- C:\Windows\SysWOW64\secur32.dll
2010-08-01 03:09:27 ----A---- C:\Windows\SysWOW64\msv1_0.dll
2010-08-01 03:09:17 ----A---- C:\Windows\SysWOW64\atl.dll
2010-08-01 03:09:02 ----A---- C:\Windows\SysWOW64\localspl.dll
2010-08-01 03:07:32 ----A---- C:\Windows\SysWOW64\mstscax.dll
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\TCPSVCS.EXE
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\ROUTE.EXE
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\NETSTAT.EXE
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\netiohlp.dll
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\MRINFO.EXE
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\HOSTNAME.EXE
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\finger.exe
2010-08-01 03:06:15 ----A---- C:\Windows\SysWOW64\ARP.EXE
2010-08-01 03:06:13 ----A---- C:\Windows\SysWOW64\netevent.dll
2010-08-01 03:05:32 ----A---- C:\Windows\SysWOW64\WSDApi.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\msvidc32.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\msvfw32.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\msrle32.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\mciavi32.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\avifil32.dll
2010-08-01 03:05:19 ----A---- C:\Windows\SysWOW64\avicap32.dll
2010-08-01 03:05:18 ----A---- C:\Windows\SysWOW64\tsbyuv.dll
2010-08-01 03:05:18 ----A---- C:\Windows\SysWOW64\msyuv.dll
2010-08-01 03:05:18 ----A---- C:\Windows\SysWOW64\iyuv_32.dll
2010-08-01 03:05:00 ----A---- C:\Windows\SysWOW64\msxml6.dll
2010-08-01 03:04:48 ----A---- C:\Windows\SysWOW64\kernel32.dll
2010-08-01 03:04:47 ----A---- C:\Windows\SysWOW64\apilogen.dll
2010-08-01 03:04:47 ----A---- C:\Windows\SysWOW64\amxread.dll
2010-08-01 03:04:26 ----A---- C:\Windows\SysWOW64\kerberos.dll
2010-08-01 03:03:26 ----A---- C:\Windows\SysWOW64\tzres.dll
2010-08-01 03:03:01 ----A---- C:\Windows\SysWOW64\win32spl.dll
2010-08-01 03:02:57 ----A---- C:\Windows\SysWOW64\fontsub.dll
2010-08-01 03:02:57 ----A---- C:\Windows\SysWOW64\dciman32.dll
2010-08-01 03:02:57 ----A---- C:\Windows\SysWOW64\atmlib.dll
2010-08-01 03:02:57 ----A---- C:\Windows\SysWOW64\atmfd.dll
2010-08-01 03:01:51 ----A---- C:\Windows\SysWOW64\wmpdxm.dll
2010-08-01 03:01:48 ----A---- C:\Windows\SysWOW64\spwmp.dll
2010-08-01 03:01:48 ----A---- C:\Windows\SysWOW64\dxmasf.dll
2010-08-01 03:00:49 ----A---- C:\Windows\SysWOW64\L2SecHC.dll
2010-08-01 03:00:48 ----A---- C:\Windows\SysWOW64\wlansec.dll
2010-08-01 03:00:48 ----A---- C:\Windows\SysWOW64\wlanmsm.dll
2010-08-01 03:00:31 ----A---- C:\Windows\SysWOW64\netapi32.dll
2010-07-31 16:25:45 ----D---- C:\ProgramData\Spybot - Search & Destroy
2010-07-31 16:25:45 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2010-07-31 16:13:21 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2010-07-31 16:13:07 ----D---- C:\ProgramData\!SASCORE
2010-07-31 14:37:13 ----D---- C:\Users\Austin Family\AppData\Roaming\Malwarebytes
2010-07-31 14:37:05 ----D---- C:\ProgramData\Malwarebytes
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\icardie.dll
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\advpack.dll
2010-07-31 12:49:22 ----A---- C:\Windows\SysWOW64\admparse.dll
2010-07-31 12:49:21 ----A---- C:\Windows\SysWOW64\ieakeng.dll
2010-07-31 12:49:21 ----A---- C:\Windows\SysWOW64\corpol.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\wextract.exe
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\pngfilt.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\msls31.dll
2010-07-31 12:49:20 ----A---- C:\Windows\SysWOW64\ieapfltr.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\imgutil.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\dxtrans.dll
2010-07-31 12:49:19 ----A---- C:\Windows\SysWOW64\dxtmsft.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\webcheck.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\msrating.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\mshtmled.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\licmgr10.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\inseng.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\ieakui.dll
2010-07-31 12:49:17 ----A---- C:\Windows\SysWOW64\ieaksie.dll
2010-07-31 12:49:16 ----A---- C:\Windows\SysWOW64\WinFXDocObj.exe
2010-07-31 12:49:15 ----A---- C:\Windows\SysWOW64\url.dll
2010-07-31 12:49:15 ----A---- C:\Windows\SysWOW64\mshtmler.dll
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\SetIEInstalledDate.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\SetDepNx.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\PDMSetup.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\mshta.exe
2010-07-31 12:49:14 ----A---- C:\Windows\SysWOW64\iexpress.exe
2010-07-31 12:25:50 ----D---- C:\ProgramData\WinZip
2010-07-31 12:25:46 ----D---- C:\Program Files (x86)\WinZip
2010-07-31 12:00:39 ----A---- C:\Windows\SysWOW64\javaws.exe
2010-07-31 12:00:39 ----A---- C:\Windows\SysWOW64\javaw.exe
2010-07-31 12:00:18 ----A---- C:\Windows\SysWOW64\wintrust.dll
2010-07-31 12:00:13 ----A---- C:\Windows\SysWOW64\java.exe
2010-07-31 12:00:08 ----A---- C:\Windows\SysWOW64\cabview.dll
2010-07-31 11:53:23 ----A---- C:\Windows\SysWOW64\aswBoot.exe
2010-07-31 11:49:14 ----D---- C:\ProgramData\Yahoo!
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wups.dll
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wudriver.dll
2010-07-31 11:47:57 ----A---- C:\Windows\SysWOW64\wuapi.dll
2010-07-31 11:47:42 ----A---- C:\Windows\SysWOW64\wuwebv.dll
2010-07-31 11:47:42 ----A---- C:\Windows\SysWOW64\wuapp.exe
2010-07-28 09:51:52 ----D---- C:\Program Files (x86)\Microsoft.NET
2010-07-27 14:34:55 ----D---- C:\Program Files (x86)\Windows Live Safety Center
2010-07-18 18:11:07 ----D---- C:\ProgramData\Alwil Software

======List of files/folders modified in the last 1 months======

2010-08-12 16:52:31 ----D---- C:\Windows\Prefetch
2010-08-12 16:52:29 ----D---- C:\Windows\Temp
2010-08-12 13:16:10 ----SHD---- C:\System Volume Information
2010-08-12 07:34:33 ----SD---- C:\Windows\Downloaded Program Files
2010-08-12 07:34:33 ----RD---- C:\Program Files (x86)
2010-08-12 07:30:31 ----D---- C:\Windows\System32
2010-08-12 07:30:31 ----D---- C:\Windows\inf
2010-08-12 07:24:33 ----D---- C:\WINDOWS
2010-08-12 07:21:58 ----D---- C:\Windows\SysWOW64\drivers
2010-08-12 03:00:53 ----D---- C:\Windows\winsxs
2010-08-11 20:07:59 ----RD---- C:\Program Files
2010-08-11 20:05:48 ----D---- C:\Program Files (x86)\Common Files
2010-08-11 20:04:27 ----AD---- C:\ProgramData\Temp
2010-08-11 20:04:25 ----HD---- C:\ProgramData
2010-08-11 20:04:00 ----D---- C:\Windows\SysWOW64
2010-08-11 03:44:21 ----D---- C:\Windows\Microsoft.NET
2010-08-11 03:44:14 ----RSD---- C:\Windows\assembly
2010-08-11 03:44:02 ----D---- C:\Windows\rescache
2010-08-11 03:24:51 ----D---- C:\Windows\SysWOW64\wbem
2010-08-11 03:24:50 ----D---- C:\Program Files (x86)\Internet Explorer
2010-08-11 03:24:49 ----D---- C:\Windows\SysWOW64\migration
2010-08-11 03:24:49 ----D---- C:\Windows\SysWOW64\en-US
2010-08-11 03:24:49 ----D---- C:\Program Files (x86)\Windows Mail
2010-08-09 19:44:59 ----D---- C:\Program Files (x86)\Windows Media Player
2010-08-09 19:44:58 ----D---- C:\Windows\AppPatch
2010-08-09 19:44:56 ----D---- C:\Windows\ehome
2010-08-09 19:44:55 ----D---- C:\Windows\SysWOW64\manifeststore
2010-08-09 19:44:54 ----D---- C:\Windows\SysWOW64\XPSViewer
2010-08-09 19:44:31 ----RSD---- C:\Windows\Fonts
2010-08-09 19:04:53 ----SHD---- C:\Windows\Installer
2010-07-31 16:27:57 ----D---- C:\Windows\Minidump
2010-07-31 16:27:51 ----D---- C:\Program Files (x86)\Common Files\Symantec Shared
2010-07-31 15:13:26 ----D---- C:\ProgramData\Symantec
2010-07-31 15:08:00 ----D---- C:\Windows\Tasks
2010-07-31 12:55:40 ----D---- C:\Windows\PolicyDefinitions
2010-07-31 12:00:10 ----D---- C:\Program Files (x86)\Java
2010-07-31 11:49:33 ----D---- C:\ProgramData\Yahoo! Companion
2010-07-31 11:49:22 ----D---- C:\Program Files (x86)\Yahoo!
2010-07-31 11:28:32 ----RSD---- C:\Windows\Media
2010-07-31 11:28:32 ----D---- C:\Windows\SysWOW64\ias
2010-07-31 11:28:32 ----D---- C:\Windows\servicing
2010-07-31 11:28:28 ----D---- C:\Windows\SMINST
2010-07-31 11:28:11 ----D---- C:\Windows\registration
2010-07-28 09:24:10 ----D---- C:\Windows\Debug
2010-07-27 21:57:39 ----D---- C:\ProgramData\Apple
2010-07-26 12:02:04 ----SD---- C:\Users\Austin Family\AppData\Roaming\Microsoft
2010-07-25 20:54:02 ----D---- C:\Windows\SoftwareDistribution
2010-07-17 05:00:04 ----A---- C:\Windows\SysWOW64\deployJava1.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iastor.sys []
R1 aswRdr;aswRdr; C:\Windows\SysWOW64\drivers\aswRdr.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R3 ACPIService;Buttons and OSDs ACPI driver gen2; C:\Windows\system32\DRIVERS\OSDACPI.SYS []
R3 AVerAVF2;AVerAVF2; C:\Windows\system32\DRIVERS\AVerAVF2.sys []
R3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys []
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh64.sys []
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys []
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys []
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys []
S3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys []
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys []
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys []
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys []
S3 rcmirror;rcmirror; C:\Windows\system32\DRIVERS\rcmirror.sys []
S3 USBAAPL64;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl64.sys []
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys []
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys []
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE []
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-20 21504]
R2 btwdins;Bluetooth Service; c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-05-14 796712]
R2 CalendarSynchService;CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [2008-08-01 21296]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-06-02 94208]
R2 HP Touch Screen Enhance;HP Touch Screen Enhance; c:\Program Files (x86)\Hewlett-Packard\HP Touch Screen Enhance Service\HPTSEnSrv.EXE [2008-07-10 100864]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2008-10-06 241734]
R2 YahooAUService;Yahoo! Updater; C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe [2008-11-09 602392]
S2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE []
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-06-28 40384]
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe [2008-03-28 165416]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-20 19968]

-----------------EOF-----------------


#11 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 14 August 2010 - 12:38 PM

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"

Ensure that you have the latest version of Adobe® Reader®. Adobe Reader and Acrobat 8 and earlier versions of Adobe Reader and Acrobat are plagued by Remote Code Execution Vulnerabilities. If you do not have the latest version, you may want to download the latest version, Adobe® Reader® 9.

How is your computer behaving? I do not see any obvious signs of malware. Good idea using Malwarebytes; it is an excellent program. The next step that I would have suggested uses Malwarebytes.

Edited by suebaby41, 14 August 2010 - 12:39 PM.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#12 jaustindds

jaustindds
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 August 2010 - 01:56 PM

Behaving well, as are all my other computers on my home network (that were previously redirecting)...I followed the same protocol for each....malwarebytes, then ESET. I made sure that any that were previously fixed were shut down when scanning and working with each of the possible infected computers...it seemed that once I reset my router (DNS settings were back to obtain automatically) and changed my password that all the computers stopped redirecting...but then of course I had to run the anti-viral software on all computers...would you recommend scanning the register for errors? if so, what software do you recommend? I will download adobe 9. Thanks for your time, John

#13 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 14 August 2010 - 04:34 PM

Some experts don't recommend using Registry cleaners. If you are interested, I use the free program, RegSeeker.

Step 1

ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore if needed. Removing modern malware infections often requires making changes to the registry, and a corrupt registry can prevent a system from booting.
  1. Please download Erunt
  2. Double-click erunt_setup.exe to run.
  3. Follow the prompts and install using the default configuration (setup language, install location, shortcuts...).
  4. Click No to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later.
  5. Start ERUNT.
  6. Choose a location for the backup
    The default location C:\WINDOWS\ERDNT\[today's date] is preferred
  7. The first two check boxes are checked by default.
    • System registry
    • Current user registry
  8. Press OK.
  9. When prompted, click YES to create a new folder.
  10. Progress bars will show backup status.
  11. A confirmation window will popup when complete. Click OK to close.
  12. Note: to restore your registry, go to the folder and start ERUNT.exe.
Question: Should I disable Windows XP’s System Restore function when using ERUNT?

Answer: Yes! Though System Restore backs up more than just the registry, the registry is essentially all you need to revert your system to a previous state. Advantages of ERUNT over System Restore are that each restore folder is standalone and independent of the others, minimizing the risk of restore failures, and that a restore can easily be done from outside Windows. Also, ERUNT backups usually take up less hard drive space than System Restore’s restore points and may be individually deleted at any time.

Step 2
RegSeeker is a FREEWARE utility designed to manage your Windows Registry. You can search for items, uninstall applications, clear histories, clean your registry (wrong entries) and more!
  1. Please download RegSeeker,
  2. Extract it to its own folder, open and double click RegSeeker.exe to start the program.
  3. Maximize the window and click Clean registry.
  4. Check all sections and click OK.
  5. When the scan is complete, verify the backup box in lower left corner is checked and click the Select all button, then Select all again.
  6. Then right click within the search results and select Delete.
  7. Run it again and again, deleting everything it finds until it finds nothing.
  8. Reboot and make sure your Control Panel and Add or Remove Programs programs are working properly. Basically, just do a quick check of everything.
  9. In the event anything was broken, you can open RegSeeker, click backups and double click any/all files to put the information back. A reboot may be required for the effects to be seen.
  10. Reboot when done.
  11. NOTE: To be extra safe you can choose to only remove the items in RED.
  12. Some items may come back because of the programs you have running.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#14 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:10:21 PM

Posted 21 August 2010 - 10:51 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.

You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users