Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search/Browser Redirect - Happili and Rocket News


  • This topic is locked This topic is locked
20 replies to this topic

#1 PaulFaust

PaulFaust

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 May 2012 - 10:42 PM

Hi,

I am suffering from a Google Redirect that is affecting all of my browsers; IE8, Firefox 12, and Google Chrome (Chrome just crashes).

It started with a redirect to a happili, and now it is directing all Google searches through rocketnews.com.

I have run my anti-malware/antivirus program (Norton) and all scans are coming up clean.

Any suggestions would be greatly appreciated.

Thanks so much for your help.

---------------------------------------------------------------------------

Please find my DDS log pasted below:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.3.1
Run by HP_Administrator at 8:04:54 on 2012-05-15
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1771 [GMT -6:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\astsrv.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Input Director\IDWinService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\zinstall_pod\ZinstallHelperService.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\CIRILab\bin\themes\KGErun.exe
C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\CIRILab\bin\java\jre1.5.0_14\bin\java.exe
C:\Program Files\Macro Express Pro\MacExp.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\ActiveWords\AWMonitor.exe
C:\Program Files\ActiveWords\AWMonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\ActiveWords\AWApps\AWInkpad\AWInkPad.exe
C:\Program Files\ActiveWords\AWApps\L&T\AWLearnTrain.exe
C:\Program Files\ActiveWords\AWFeedback.exe
C:\Program Files\ActiveWords\nahuatl.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\Program Files\ActiveWords\AWDirWindow.exe
C:\Program Files\Essentials Codec Pack\WECPUpdate.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\Input Director\InputDirector.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Program Files\AZC\ProductDiggerSetUP\ProductDigger.exe
C:\Program Files\AZC\LongtailSetup\Longtail Domain Finder.exe
C:\Program Files\Firefox\firefox.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Internet Explorer, optimized for Bing and MSN
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: KeywordSpySEO Helper: {5f9575c2-1ab4-4883-8505-5c6d0dfdf2d5} - c:\program files\keywordspy seoppc plug-in\KeywordSpySEO.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Complitly: {0fb6a909-6086-458f-bd92-1f8ee10042a0} - c:\documents and settings\hp_administrator\application data\complitly\Complitly.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: KeywordSpySEO Helper: {5f9575c2-1ab4-4883-8505-5c6d0dfdf2d5} - c:\program files\keywordspy seoppc plug-in\KeywordSpySEO.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\19.7.0.9\ips\IPSBHO.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS4/contributeieplugin.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Context Organizer: {3a6b27a2-0b3a-4976-924e-e1bb68680e29} - c:\program files\context discovery inc\context organizer\Context.CO-IE.dll
TB: WebFerret: {a58686ed-fc46-44c3-95c6-4a812ab776f1} - c:\program files\webferret\FerretBand.dll
TB: LastPass Toolbar: {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - c:\program files\lastpass\LPBar.dll
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\10.2.0.3\AVG Secure Search_toolbar.dll
TB: KeywordSpy™ SEO/PPC: {0ae831b0-427e-4d0a-bc88-4ba47e7471c3} - c:\program files\keywordspy seoppc plug-in\KeywordSpySEO.dll
TB: {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
{e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
uRun: [MmDesignPartner.exe] c:\program files\mindjet\mindmanager 8\MmDesignPartner.exe
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [InstallIQUpdater] "c:\program files\w3i\installiqupdater\InstallIQUpdater.exe" /silent /autorun
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatchTray12.exe"
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Freecorder FLV Service] "c:\program files\freecorder\FLVSrvc.exe" /run
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [ddoctorv2] "c:\program files\comcast\desktop doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [MMReminderService] c:\program files\mindjet\mindmanager 8\MMReminderService.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [KnowledgeGenerationEngine] c:\cirilab\bin\themes\KGErun.exe
mRun: [MindsystemsAmode AlarmNotifier] c:\program files\mindsystems\mindsystems amode\AlarmManager.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\active~1.lnk - c:\program files\activewords\AWMonitor.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\hp_adm~1\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\macroe~1.lnk - c:\program files\macro express pro\MacExp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\update~1.lnk - c:\program files\updates from hp\9972322\program\Updates from HP.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
IE: Add to Evernote 4.0 - c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Surfulater: Add &new Article - c:\program files\saig\surfulater\Surfulater.exe/SENDTOSURFULATER.HTML
IE: Surfulater: Add Article pl&us Page - c:\program files\saig\surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML
IE: Surfulater: Attac&h Page to Article - c:\program files\saig\surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML
IE: Surfulater: Book&mark this Page - c:\program files\saig\surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files\evernote\evernote\EvernoteIE.dll/204
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E5092D10-B990-4932-8667-7461041B3A32} - c:\documents and settings\hp_administrator\local settings\application data\difolders software\blogjet\blogthis.js
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 8\Mm8InternetExplorer.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - c:\program files\lastpass\LPBar.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
LSP: c:\program files\hma! pro vpn\bin\ForceInterfaceLSP.dll
Trusted Zone: cinemanow.com
Trusted Zone: kuaiche.com\software
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{892900FC-9814-4488-99C0-81491C1EE93D} : DhcpNameServer = 16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
TCP: Interfaces\{F2342C50-71FB-47BE-9E15-20E391023053} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF218E23-9FFE-4227-AE4A-C8333B34DE40} : NameServer = 10.26.56.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\common files\microsoft shared\information retrieval\itss50.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.2.0\ViProtocol.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau
IFEO: image file execution options - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: bcont.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: cinemanowshell.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: corelreg.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
IFEO: dtswizard.exe - "c:\program files\tuneup utilities 2012\TUAutoReactivator32.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator\application data\mozilla\firefox\profiles\qi7x7kb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\program files\adobe\acrobat 9.0\acrobat\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.61118.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [2010-1-12 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [2010-1-12 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1307000.009\symds.sys [2012-4-23 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1307000.009\symefa.sys [2012-4-23 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\bashdefs\20120507.001\BHDrvx86.sys [2012-5-8 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\nav\1307000.009\ccsetx86.sys [2012-4-23 132744]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [2010-1-12 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1307000.009\ironx86.sys [2012-4-23 149624]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\roxio\backontrack\disaster recovery\SaibSVC.exe [2009-6-2 457200]
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2010-2-19 29416]
R2 InputDirector;Input Director Service;c:\program files\input director\IDWinService.exe [2009-10-9 32768]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [2011-12-18 12184]
R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2010-1-8 4497704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2012\TuneUpUtilitiesService32.exe [2012-4-5 1529152]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\10.2.0\ToolbarUpdater.exe [2012-3-12 918880]
R2 WTouchService;WTouch Service;c:\program files\wtouch\WTouchService.exe [2010-1-8 113448]
R2 ZinstallHelperService;ZinstallHelperService;c:\windows\system32\zinstall_pod\ZinstallHelperService.exe [2010-10-6 11245192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-3-8 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\ipsdefs\20120512.001\IDSXpx86.sys [2012-5-14 356792]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\virusdefs\20120514.032\NAVENG.SYS [2012-5-15 86136]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_19.5.1.2\definitions\virusdefs\20120514.032\NAVEX15.SYS [2012-5-15 1576312]
R3 rzp3011za;rzp3011za;c:\windows\system32\drivers\zinstall_pod\rzp3011za.sys [2010-10-6 232648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2012\TuneUpUtilitiesDriver32.sys [2012-2-9 10064]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2010-1-8 16168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\sasdifsv.sys --> c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\saskutil.sys --> c:\docume~1\hp_adm~1\locals~1\temp\sas_selfextract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca90f4fb9587c2;Google Update Service (gupdate1ca90f4fb9587c2);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 133104]
S2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxWatch12.exe [2009-7-24 219632]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\common files\adobe\adobe version cue cs4\server\bin\VersionCueCS4.exe [2008-8-15 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-5-5 257696]
S3 awealloc;awealloc;c:\windows\system32\drivers\awealloc.sys [2010-10-6 18504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-9 133104]
S3 imdisk;imdisk;c:\windows\system32\drivers\imdisk.sys [2010-10-6 46408]
S3 imdsksvc;imdsksvc;c:\windows\system32\imdsksvc.exe [2010-10-6 21064]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 129976]
S3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\drivers\mvvideodemo.sys --> c:\windows\system32\drivers\mvvideodemo.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\common files\roxio shared\12.0\sharedcom\RoxMediaDB12.exe [2009-7-24 1116656]
S3 rzp3502za;rzp3502za;c:\windows\system32\drivers\zinstall_pod\rzp3502za.sys [2011-8-6 231960]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [2010-12-13 281024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2004-8-9 14336]
S3 ZInsDrv;Zinstall Support Driver;\??\a:\zinstallex\x86\zinsdrv.sys --> a:\zinstallex\x86\ZInsDrv.sys [?]
S4 CinemaNow Service;CinemaNow Service;c:\program files\cinemanow\cinemanow media manager\CinemaNowSvc.exe [2009-12-16 129520]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
S4 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\sqlservr.exe [2011-9-22 43028328]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [2011-9-22 238696]
S4 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-15 158856]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\microsoft sql server\mssql10.adcenterdesktop\mssql\binn\SQLAGENT.EXE [2011-9-22 370024]
S4 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-3-19 2666880]
S4 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
SUnknown Micro Niche Finder Background Download Service;Micro Niche Finder Background Download Service; [x]
.
=============== Created Last 30 ================
.
2012-05-15 06:36:35 -------- d-----w- c:\documents and settings\hp_administrator\application data\AmazonMastermindDomainFinder
2012-05-15 06:36:31 -------- d-----w- c:\program files\AmazonMastermindDomainFinder
2012-05-15 06:03:14 -------- d-----w- c:\program files\AzSiteBuilder
2012-05-15 05:59:28 -------- d-----w- c:\documents and settings\hp_administrator\Longtail Domain Finder
2012-05-15 05:53:24 -------- d-----w- c:\program files\AZC
2012-05-10 09:11:57 8198 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-05-06 23:12:38 -------- d-----w- c:\program files\Nichegenerator
2012-05-06 22:37:31 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\DVDPlay
2012-05-06 20:49:14 -------- d-----w- c:\documents and settings\all users\application data\vsosdk
2012-05-06 20:42:56 -------- d-----w- c:\documents and settings\all users\application data\dvdfab
2012-05-06 20:39:10 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-05-06 04:34:20 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-06 04:34:20 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 15:56:28 63488 ----a-w- c:\windows\system32\ZipDll.dll
2012-05-05 15:56:28 54784 ----a-w- c:\windows\system32\UnzDll.dll
2012-05-05 04:29:18 388096 ----a-r- c:\documents and settings\hp_administrator\application data\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2012-05-05 04:29:17 -------- d-----w- c:\program files\Trend Micro
2012-05-03 06:55:58 -------- d-----w- c:\documents and settings\hp_administrator\application data\IMGoldMiner
2012-05-03 06:55:55 -------- d-----w- c:\program files\IMGoldMiner
2012-05-03 06:37:48 -------- d-----w- c:\documents and settings\hp_administrator\application data\AmazonMoneyFinder
2012-05-03 06:37:44 -------- d-----w- c:\program files\Amazon Money Finder
2012-05-03 02:24:21 -------- d-----w- c:\documents and settings\hp_administrator\application data\DNAML
2012-05-03 02:24:04 274432 ----a-w- c:\windows\system32\SkinX.dll
2012-05-03 02:24:00 -------- d-----w- c:\program files\PDF2PageTurn
2012-05-03 02:07:54 -------- d-----w- c:\program files\ePageWiz-Pro
2012-05-01 23:07:17 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\GoogleGraphs
2012-05-01 23:05:46 -------- d-----w- c:\program files\KeywordMapPro
2012-04-29 16:42:25 -------- d-----w- c:\program files\ProcessDrivenResults
2012-04-29 07:03:20 -------- d-----w- c:\documents and settings\hp_administrator\local settings\application data\Gibson
2012-04-28 09:50:08 -------- d-----w- c:\program files\Market Samurai
2012-04-28 07:51:52 -------- d-----w- c:\documents and settings\hp_administrator\application data\ActiveWords 2.0
2012-04-28 07:45:02 232912 ----a-w- c:\windows\ActiveWords Uninstaller.exe
2012-04-28 07:45:00 -------- d-----w- c:\program files\common files\orangequava
2012-04-28 07:44:51 -------- d-----w- c:\program files\ActiveWords
2012-04-28 06:27:10 -------- d-----w- C:\Kindle Answers
2012-04-25 21:02:00 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 06:52:22 -------- d-----w- c:\program files\KeywordBlaze
2012-04-23 22:27:38 388216 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symtdi.sys
2012-04-23 22:27:38 345208 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symtdiv.sys
2012-04-23 22:27:38 318584 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symnets.sys
2012-04-23 22:27:37 905336 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symefa.sys
2012-04-23 22:27:37 574072 ----a-w- c:\windows\system32\drivers\nav\1307000.009\srtsp.sys
2012-04-23 22:27:37 340088 ----a-r- c:\windows\system32\drivers\nav\1307000.009\symds.sys
2012-04-23 22:27:37 32888 ----a-w- c:\windows\system32\drivers\nav\1307000.009\srtspx.sys
2012-04-23 22:27:37 149624 ----a-w- c:\windows\system32\drivers\nav\1307000.009\ironx86.sys
2012-04-23 22:27:36 132744 ----a-w- c:\windows\system32\drivers\nav\1307000.009\ccsetx86.sys
2012-04-23 22:27:09 4782 ----a-w- c:\windows\system32\drivers\nav\1307000.009\symvtcer.dat
2012-04-23 22:27:09 -------- d-----w- c:\windows\system32\drivers\nav\1307000.009
2012-04-23 03:32:32 -------- d-----w- c:\program files\Intalev
2012-04-23 03:32:32 -------- d-----w- c:\documents and settings\hp_administrator\application data\Intalev
2012-04-18 03:46:20 -------- d-----w- c:\documents and settings\hp_administrator\application data\com.sessionplannerpro.warriorsessionplannerpro
2012-04-18 03:45:42 -------- d-----w- c:\program files\Limitless Projects
2012-04-16 15:23:06 -------- d-----w- c:\program files\ePageWiz-Reader
.
==================== Find3M ====================
.
2012-05-14 20:12:11 60304 ----a-w- c:\documents and settings\hp_administrator\g2mdlhlpx.exe
2012-05-07 05:48:15 911898 ----a-w- c:\windows\Hot Keyword Hunter Uninstaller.exe
2012-05-05 11:40:05 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-30 05:02:10 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-04-30 05:02:10 26 ----a-w- c:\windows\dbrmdwb.bat
2012-04-30 05:02:10 2327704 ----a-w- c:\windows\dbplugin.ocx
2012-04-30 05:02:10 2179072 ----a-w- c:\windows\npdbplug.dll
2012-04-28 10:30:01 45056 ----a-w- c:\windows\NCUNINST.EXE
2012-04-25 05:37:40 165653 ----a-w- c:\windows\TweeterNaire Uninstaller.exe
2012-04-13 04:34:57 162783 ----a-w- c:\windows\TubeNaire RX Uninstaller.exe
2012-04-11 13:14:41 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-05 11:08:34 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08:24 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-03-25 06:04:21 21504 ----a-w- c:\windows\jestertb.dll
2012-03-23 13:32:26 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 13:32:26 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 17:34:16 115200 --sha-r- c:\windows\system32\wshnetbsj.dll
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-25 07:18:28 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-02-25 07:18:28 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-02-25 07:18:12 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-02-24 15:00:47 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-24 07:28:23 903887 ----a-w- c:\windows\Forum URL Scraper Software Uninstaller.exe
2012-02-19 11:56:56 905247 ----a-w- c:\windows\Hot Proxy Spy 2.0 Uninstaller.exe
2012-02-19 08:31:23 160541 ----a-w- c:\windows\TubeNaire DX Uninstaller.exe
2012-02-19 08:26:57 160915 ----a-w- c:\windows\TubeNaire WX Uninstaller.exe
2012-02-19 08:25:52 162880 ----a-w- c:\windows\TubeNaire MX Uninstaller.exe
2011-01-05 14:15:21 9163464 ----a-w- c:\program files\common files\lpuninstall.exe
2005-08-27 21:26:24 1581056 ----a-w- c:\program files\SAFlashPlayer.exe
.
============= FINISH: 8:06:18.92 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 15 May 2012 - 11:28 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 15 May 2012 - 11:43 PM

Hi Gringo,

The Combofix Log will follow in my next post.

Here is the Security Check Log:

esults of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton AntiVirus
McAfee Security Scan Plus
TrendMiner Pro v2.11
TrendMiner Pro v2.1
TrendMiner Pro v1.2
Trends Buzz v2.01
Antivirus up to date! (On Access scanning disabled!)
```````````````````````````````
Anti-malware/Other Utilities Check:

Hot Article Spy
Hot Keyword Suggest Spy
Hot Link Spy
Hot Proxy Spy 2.0
Hot URL Spy
KeywordSpy SEO/PPC Plug-in 1.0.2
SpyRankBank - System Files
SpyRankBank - System Files (C:\WINDOWS\system32\)
SpyRankBank - System Files (C:\WINDOWS\system32\) #3
Tube Spy
TubeSpy v1.0
Azon Spy
TuneUp Utilities 2012
TuneUp Utilities Language Pack (en-US)
TuneUp Utilities Language Pack (en-GB)
CCleaner
JavaFX 2.0.3
Java™ 6 Update 16
Java™ 6 Update 22
Java™ 6 Update 30
Java™ 7 Update 3
Adobe Flash Player 11.2.202.235
Adobe Reader X (10.1.3)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````End of Log````````````

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 16 May 2012 - 12:14 AM

ok I will check it out in the morning


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 May 2012 - 12:53 AM

Hi Gringo,

Here is the Combofix Log.

As for my computer/web browser problem, they continue to redirect to rocketnews as before. (no change)

I had no problems running Combofix. Everything went smoothly



ComboFix 12-05-15.04 - HP_Administrator 05/15/2012 23:05:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2282 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\boganm~1\KEYWOR~1\BOGAnm~1.exe
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\Application Data\.#
c:\documents and settings\HP_Administrator\Application Data\Microsoft Corporation\2007 Microsoft Office system
c:\documents and settings\HP_Administrator\Application Data\Microsoft Corporation\2007 Microsoft Office system\Offisync-UserSettings.config
c:\documents and settings\HP_Administrator\Application Data\Microsoft Corporation\2007 Microsoft Office system\ostelbuf.dat
c:\documents and settings\HP_Administrator\Application Data\ubot
c:\documents and settings\HP_Administrator\Application Data\ubotcompile1825166
c:\documents and settings\HP_Administrator\Application Data\ubotcompile1825166\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile2225101
c:\documents and settings\HP_Administrator\Application Data\ubotcompile2225101\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile2513336
c:\documents and settings\HP_Administrator\Application Data\ubotcompile2513336\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile357801
c:\documents and settings\HP_Administrator\Application Data\ubotcompile357801\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile3578826
c:\documents and settings\HP_Administrator\Application Data\ubotcompile3578826\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile395495
c:\documents and settings\HP_Administrator\Application Data\ubotcompile395495\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile5302352
c:\documents and settings\HP_Administrator\Application Data\ubotcompile5302352\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile6800783
c:\documents and settings\HP_Administrator\Application Data\ubotcompile6800783\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile7236823
c:\documents and settings\HP_Administrator\Application Data\ubotcompile7236823\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile7497186
c:\documents and settings\HP_Administrator\Application Data\ubotcompile7497186\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile8003144
c:\documents and settings\HP_Administrator\Application Data\ubotcompile8003144\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile8493725
c:\documents and settings\HP_Administrator\Application Data\ubotcompile8493725\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile9113064
c:\documents and settings\HP_Administrator\Application Data\ubotcompile9113064\bot.exe
c:\documents and settings\HP_Administrator\Application Data\ubotcompile9921736
c:\documents and settings\HP_Administrator\Application Data\ubotcompile9921736\bot.exe
c:\documents and settings\HP_Administrator\g2mdlhlpx.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\._Revolution_
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp\AMV4DMW5\DevExpress.Data.v10.1.DLL
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Native\STUBEXE\@PROGRAMFILES@\COMMON~1\MICROS~1\DW\DW20.EXE
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\Manifests\compile.exe_0x18B4A8932EC7878944025C3629BCB6DF.1.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2009.12.10T18.57\Virtual\XRegistry.tmp
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Native\STUBEXE\@SYSTEM@\rundll32.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\Manifests\compile.exe_0x3A111562E9BFCA8152D541519A1732FF.1.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.01.24T07.55\Virtual\XRegistry.tmp
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\compile.exe_0x9543C661C950B6BF49B0E80F891065C8.1.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.02.15T12.47\Virtual\XRegistry.tmp
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@SYSTEM@\verclsid.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\csc.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Native\STUBEXE\@WINDIR@\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\compile.exe_0x5F4166D53D18E674EF964D14371EFD8D.1.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Manifests\VmX.dll_0x708E180A6A058DCDE2E1F8586DD2BA4A.2.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\MyApplication.app@1.0.0.0\MyApplication.app@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\SXS\Xenocode.VMX@1.0.0.0\Xenocode.VMX@1.0.0.0.manifest
c:\documents and settings\HP_Administrator\Local Settings\Application Data\Xenocode\Sandbox\UBot_Standalone\1.0.0.0\2010.03.09T02.47\Virtual\XRegistry.tmp
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
c:\documents and settings\HP_Administrator\My Documents\afD5E.tmp
c:\documents and settings\HP_Administrator\My Documents\u-bot
c:\documents and settings\HP_Administrator\My Documents\u-bot\friendpos.txt
c:\documents and settings\HP_Administrator\My Documents\u-bot\mailpos.txt
c:\documents and settings\HP_Administrator\My Documents\u-bot\urls.txt
c:\documents and settings\HP_Administrator\WINDOWS
c:\documents and settings\UpdatusUser\WINDOWS
C:\install.exe
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Hotspot Shield\HssIE\HsSIe.dll
c:\program files\StartNow Toolbar
c:\program files\StartNow Toolbar\Resources\images\engine_images.png
c:\program files\StartNow Toolbar\Resources\images\engine_maps.png
c:\program files\StartNow Toolbar\Resources\images\engine_news.png
c:\program files\StartNow Toolbar\Resources\images\engine_videos.png
c:\program files\StartNow Toolbar\Resources\images\engine_web.png
c:\program files\StartNow Toolbar\Resources\images\icon_amazon.png
c:\program files\StartNow Toolbar\Resources\images\icon_ebay.png
c:\program files\StartNow Toolbar\Resources\images\icon_facebook.png
c:\program files\StartNow Toolbar\Resources\images\icon_games.png
c:\program files\StartNow Toolbar\Resources\images\icon_msn.png
c:\program files\StartNow Toolbar\Resources\images\icon_shopping.png
c:\program files\StartNow Toolbar\Resources\images\icon_travel.png
c:\program files\StartNow Toolbar\Resources\images\icon_twitter.png
c:\program files\StartNow Toolbar\Resources\images\startnow_logo.png
c:\program files\StartNow Toolbar\Resources\installer.xml
c:\program files\StartNow Toolbar\Resources\protect\index.html
c:\program files\StartNow Toolbar\Resources\protect\NotIE6.css
c:\program files\StartNow Toolbar\Resources\protect\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\protect\SearchProtectIcon.png
c:\program files\StartNow Toolbar\Resources\protect\window.css
c:\program files\StartNow Toolbar\Resources\protect\window.js
c:\program files\StartNow Toolbar\Resources\reactivate\index.html
c:\program files\StartNow Toolbar\Resources\reactivate\LeftImage.png
c:\program files\StartNow Toolbar\Resources\reactivate\NotIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\OnlyIE6.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.css
c:\program files\StartNow Toolbar\Resources\reactivate\window.js
c:\program files\StartNow Toolbar\Resources\skin\chevron_button.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_hover.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_dropdown_button_normal.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_background.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_left.png
c:\program files\StartNow Toolbar\Resources\skin\searchbox_input_middle.png
c:\program files\StartNow Toolbar\Resources\skin\separator.png
c:\program files\StartNow Toolbar\Resources\skin\splitter.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ff_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_hover_r.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_c.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_l.png
c:\program files\StartNow Toolbar\Resources\skin\toolbarbutton_ie_normal_r.png
c:\program files\StartNow Toolbar\Resources\toolbar.xml
c:\program files\StartNow Toolbar\Resources\update.xml
c:\program files\StartNow Toolbar\StartNowToolbarUninstall.exe
c:\program files\StartNow Toolbar\ToOLbar32.dll
c:\program files\StartNow Toolbar\ToolbarUpdaterService.exe
c:\program files\StartNow Toolbar\uninstall.dat
C:\VDMC7.tmp
C:\VDMC8.tmp
c:\windows\system32\_000014_.tmp.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\3cab2ae402765d52.fb
c:\windows\system32\Cache\4565f57e9b1d8736.fb
c:\windows\system32\Cache\46b59b10a9bffa8c.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c3d1d664354860d1.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\e5e7ba177409bc27.fb
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\PowerToyReadme.htm
c:\windows\system64
c:\windows\system64\atl100.dll
c:\windows\system64\mfc100.dll
c:\windows\system64\mfc100chs.dll
c:\windows\system64\mfc100cht.dll
c:\windows\system64\mfc100deu.dll
c:\windows\system64\mfc100enu.dll
c:\windows\system64\mfc100esn.dll
c:\windows\system64\mfc100fra.dll
c:\windows\system64\mfc100ita.dll
c:\windows\system64\mfc100jpn.dll
c:\windows\system64\mfc100kor.dll
c:\windows\system64\mfc100rus.dll
c:\windows\system64\mfc100u.dll
c:\windows\system64\mfcm100.dll
c:\windows\system64\mfcm100u.dll
c:\windows\system64\msvcp100.dll
c:\windows\system64\msvcr100.dll
c:\windows\system64\vcomp100.dll
c:\windows\XSxS
D:\Autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Legacy_Updater_Service_for_StartNow_Toolbar
-------\Service_Updater Service for StartNow Toolbar
-------\Service_Updater Service for StartNow Toolbar
.
.
((((((((((((((((((((((((( Files Created from 2012-04-16 to 2012-05-16 )))))))))))))))))))))))))))))))
.
.
2012-05-15 06:36 . 2012-05-15 06:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AmazonMastermindDomainFinder
2012-05-15 06:36 . 2012-05-15 06:36 -------- d-----w- c:\program files\AmazonMastermindDomainFinder
2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\program files\AzSiteBuilder
2012-05-15 05:59 . 2012-05-15 05:59 -------- d-----w- c:\documents and settings\HP_Administrator\Longtail Domain Finder
2012-05-15 05:53 . 2012-05-15 05:55 -------- d-----w- c:\program files\AZC
2012-05-10 09:11 . 2012-05-10 09:11 8198 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-05-06 23:12 . 2012-05-06 23:12 -------- d-----w- c:\program files\Nichegenerator
2012-05-06 22:37 . 2012-05-06 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CyberLink
2012-05-06 22:37 . 2012-05-06 22:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\DVDPlay
2012-05-06 20:49 . 2012-05-06 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2012-05-06 20:42 . 2012-05-06 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\dvdfab
2012-05-06 20:39 . 2012-05-06 20:54 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-05-06 04:34 . 2012-05-06 23:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 04:34 . 2012-05-06 23:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:56 . 2012-05-05 15:56 63488 ----a-w- c:\windows\system32\ZipDll.dll
2012-05-05 15:56 . 2012-05-05 15:56 54784 ----a-w- c:\windows\system32\UnzDll.dll
2012-05-05 04:29 . 2012-05-05 04:29 -------- d-----w- c:\program files\Trend Micro
2012-05-03 06:55 . 2012-05-03 06:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IMGoldMiner
2012-05-03 06:55 . 2012-05-03 06:55 -------- d-----w- c:\program files\IMGoldMiner
2012-05-03 06:37 . 2012-05-03 06:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AmazonMoneyFinder
2012-05-03 06:37 . 2012-05-03 06:37 -------- d-----w- c:\program files\Amazon Money Finder
2012-05-03 02:24 . 2012-05-03 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNAML
2012-05-03 02:24 . 2010-01-06 17:37 274432 ----a-w- c:\windows\system32\SkinX.dll
2012-05-03 02:24 . 2012-05-03 02:24 -------- d-----w- c:\program files\PDF2PageTurn
2012-05-03 02:07 . 2012-05-03 02:07 -------- d-----w- c:\program files\ePageWiz-Pro
2012-05-01 23:07 . 2012-05-01 23:07 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GoogleGraphs
2012-05-01 23:05 . 2012-05-01 23:06 -------- d-----w- c:\program files\KeywordMapPro
2012-04-29 16:42 . 2012-04-29 16:42 -------- d-----w- c:\program files\ProcessDrivenResults
2012-04-29 07:03 . 2012-04-29 07:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Gibson
2012-04-28 09:50 . 2012-04-28 09:50 -------- d-----w- c:\program files\Market Samurai
2012-04-28 07:51 . 2012-05-16 04:45 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ActiveWords 2.0
2012-04-28 07:45 . 2012-04-28 07:45 232912 ----a-w- c:\windows\ActiveWords Uninstaller.exe
2012-04-28 07:45 . 2012-04-28 07:45 -------- d-----w- c:\program files\Common Files\orangequava
2012-04-28 07:44 . 2012-04-28 07:51 -------- d-----w- c:\program files\ActiveWords
2012-04-28 06:27 . 2012-05-15 04:14 -------- d-----w- C:\Kindle Answers
2012-04-25 21:02 . 2012-04-25 21:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 06:52 . 2012-04-25 06:52 -------- d-----w- c:\program files\KeywordBlaze
2012-04-23 22:27 . 2012-05-05 19:19 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-23 03:32 . 2012-04-23 03:32 -------- d-----w- c:\program files\Intalev
2012-04-23 03:32 . 2012-04-23 03:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Intalev
2012-04-18 03:46 . 2012-04-18 03:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\com.sessionplannerpro.warriorsessionplannerpro
2012-04-18 03:45 . 2012-04-18 03:46 -------- d-----w- c:\program files\Limitless Projects
2012-04-16 15:23 . 2012-04-16 15:23 -------- d-----w- c:\program files\ePageWiz-Reader
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 05:48 . 2011-02-04 22:08 911898 ----a-w- c:\windows\Hot Keyword Hunter Uninstaller.exe
2012-05-05 11:40 . 2011-12-19 02:56 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-05-05 04:29 . 2012-05-05 04:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-04-30 05:02 . 2010-01-13 06:10 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-04-30 05:02 . 2010-01-13 06:10 26 ----a-w- c:\windows\dbrmdwb.bat
2012-04-30 05:02 . 2010-01-13 06:10 2327704 ----a-w- c:\windows\dbplugin.ocx
2012-04-30 05:02 . 2010-01-13 06:10 2179072 ----a-w- c:\windows\npdbplug.dll
2012-04-28 10:30 . 2010-01-21 19:35 45056 ----a-w- c:\windows\NCUNINST.EXE
2012-04-25 05:37 . 2012-02-03 05:59 165653 ----a-w- c:\windows\TweeterNaire Uninstaller.exe
2012-04-13 04:34 . 2011-10-11 02:43 162783 ----a-w- c:\windows\TubeNaire RX Uninstaller.exe
2012-04-13 03:53 . 2011-06-18 22:16 8171008 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PowerLeadsProSetup.msi
2012-04-11 13:14 . 2004-08-10 11:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-10 11:00 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-05 11:08 . 2012-03-30 11:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-04-14 14:09 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-03-25 06:04 . 2012-03-25 06:04 21504 ----a-w- c:\windows\jestertb.dll
2012-03-23 13:32 . 2012-03-08 02:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 13:32 . 2012-03-08 02:58 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 11:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-10 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-24 15:00 . 2011-12-19 02:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-24 07:28 . 2012-02-24 07:28 903887 ----a-w- c:\windows\Forum URL Scraper Software Uninstaller.exe
2012-02-19 11:56 . 2011-05-11 01:21 905247 ----a-w- c:\windows\Hot Proxy Spy 2.0 Uninstaller.exe
2012-02-19 08:31 . 2012-02-19 08:31 160541 ----a-w- c:\windows\TubeNaire DX Uninstaller.exe
2012-02-19 08:26 . 2012-02-03 05:36 160915 ----a-w- c:\windows\TubeNaire WX Uninstaller.exe
2012-02-19 08:25 . 2011-10-11 02:45 162880 ----a-w- c:\windows\TubeNaire MX Uninstaller.exe
2011-01-05 14:15 . 2011-01-05 14:15 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2005-08-27 21:26 . 2007-07-29 18:01 1581056 ----a-w- c:\program files\SAFlashPlayer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 23:21 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MmDesignPartner.exe"="c:\program files\Mindjet\MindManager 8\MmDesignPartner.exe" [2009-12-07 12640]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-30 109296]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-09-06 40960]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-12-07 38240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
"KnowledgeGenerationEngine"="c:\cirilab\bin\themes\KGErun.exe" [2008-03-05 94208]
"MindsystemsAmode AlarmNotifier"="c:\program files\Mindsystems\Mindsystems Amode\AlarmManager.exe" [2011-03-24 2428928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-30 109296]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ActiveWords.lnk - c:\program files\ActiveWords\AWMonitor.exe [2012-3-3 3321856]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-3-3 1101824]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-1-5 9163464]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-1-5 9163464]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-17 692224]
Macro Express Pro.lnk - c:\program files\Macro Express Pro\MacExp.exe [2010-7-7 6515712]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-7-31 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\m:\0autocheck autochk /r \??\l:\0autocheck autochk /r \??\L:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SureThing Labelflash service"=3 (0x3)
"AntiSpywareService"=2 (0x2)
"XobniService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PTT"="c:\program files\True Time Tracker\ttt.exe" silent
"SyncDocs"=c:\program files\Syncdocs\Syncdocs.exe
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe"
"TwitterSubmitter"=c:\program files\Toms Twitter\TomsTwitter.exe
"AppVodBurner"=c:\program files\VodBurner\vodburner.exe
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background
"PPWebCap"=c:\program files\ScanSoft\PaperPort\PPWebCap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe_ID0ENQBO"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Simpleology 1.0"=c:\program files\Simpleology\simpleology Wimiki\simpleology Wimiki.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"InputDirector"="c:\program files\Input Director\InputDirector.exe" /hide
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"Reminder"="c:\windows\Creator\Remind_XP.exe"
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS4\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Drive CS4\\ConnectUI\\Adobe Drive CS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Encore CS4\\Adobe Encore.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit CS4\\ExtendScript Toolkit.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager CS4\\Adobe Extension Manager CS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Fireworks CS4\\Fireworks.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS4\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS4\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Designer 8.2\\FormDesigner.exe"=
"c:\\Program Files\\Adobe\\Adobe Media Encoder CS4\\Adobe Media Encoder.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\Adobe\\Adobe OnLocation CS4\\Adobe OnLocation.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\Pixel Bender Toolkit\\pixel_bender_toolkit.exe"=
"c:\\Program Files\\Adobe\\Adobe Premiere Pro CS4\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Adobe\\Adobe Soundbooth CS4\\Adobe Soundbooth CS4.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\CIRILab\\bin\\java\\jre1.5.0_14\\bin\\java.exe"=
"c:\\Program Files\\FeedDemon\\FeedDemon.exe"=
"c:\\Program Files\\BlogJet\\BlogJet.exe"=
"c:\\ArticleAnnouncer\\ArticleAnnouncer.exe"=
"c:\\Program Files\\Buyer Keywords Generator\\BuyerKeywordsGenerator.exe"=
"c:\\Program Files\\Advanced File Organizer\\aforg.exe"=
"c:\\ContentComposer\\ContentComposer.exe"=
"c:\\Program Files\\Mindsystems\\KnowledgeLink V5\\KnowledgeLink.exe"=
"c:\\Program Files\\BlogHatter\\BlogHatter.exe"=
"c:\\Program Files\\Common Files\\Thraex Software\\AutoUpdator\\AutoUpdator.exe"=
"c:\\Program Files\\BIAS\\BIAS Authorization Manager\\BIAS Authorization Manager.exe"=
"c:\\Program Files\\Boris FX, Inc\\Boris Graffiti 5.2\\Graffiti5 Keyframer.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\Sonic Central\\Main\\Mediahub.exe"=
"c:\\Program Files\\Roxio 2010\\5.0\\CinePlayer.exe"=
"c:\\Program Files\\HP\\DVDPlay\\DVDPlay.exe"=
"c:\\Program Files\\Clickbank Marketplace Product Detective\\Marketplace.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Image-Line\\FL Studio 6\\FL.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\FeedDemon\\FeedStation.exe"=
"c:\\Program Files\\EditPlus 3\\editplus.exe"=
"c:\\hp\\support\\HPSysInfo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\InfoFinderPro\\IFP3.exe"=
"c:\\Program Files\\Instant Article Wizard 2.0\\Instant Article Wizard.exe"=
"c:\\Program Files\\Mindsystems\\KLNotifier Add-in\\KLNotify.exe"=
"c:\\Program Files\\Black Obelisk Software\\Liquid Story Binder XE\\Liquid Story Binder XE.exe"=
"c:\\Program Files\\Studio V5\\MyLogoMaker\\MyLogo.exe"=
"c:\\Program Files\\SEO PowerSuite\\LinkAssistant\\bin\\linkassistant.exe"=
"c:\\Program Files\\Roxio 2010\\Creator Classic 12\\Creator12.exe"=
"c:\\Program Files\\LightZone 3\\LightZone.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\SEOLab Professional v2009\\SEOLab Professional\\seolab.exe"=
"c:\\Program Files\\Orwell Pro\\orwellpro.exe"=
"c:\\Program Files\\SEO PowerSuite\\Rank Tracker\\bin\\ranktracker.exe"=
"c:\\Program Files\\Studio V5\\MyLogoMaker\\Update.exe"=
"c:\\Program Files\\CartyStudios Corporation\\WebMagnates - Auto Blogging Software\\Auto Blogging.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SAIG\\Surfulater\\Surfulater.exe"=
"c:\\Program Files\\Mitomjo\\IPA\\IdiotProofArticles.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\Micro Niche Finder 5.0\\MicroNicheFinder.exe"=
"c:\\Program Files\\Namo\\WebEditor 2006\\bin\\WebEditor.exe"=
"c:\\Program Files\\Namo\\WebCanvas 2006\\bin\\WebCanvas.exe"=
"c:\\Program Files\\Gmaximus Mailer\\setup.exe"=
"c:\\Program Files\\IM Quick Ping\\IM Quick Ping.exe"=
"c:\\WINDOWS\\Installer\\{372C7477-C799-4804-953F-4C767FCFC942}\\_805C370EB17BFE60DE6A3A.exe"=
"c:\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Website Font\\CoffeeCup Website Font.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Adobe\\Dreamweaver CS4\\en_US\\Configuration\\Shared\\Virtuosoft\\ThemeDreamer\\tdExtension\\tdExtension.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Adobe\\Dreamweaver CS4\\en_US\\Configuration\\Shared\\Virtuosoft\\ThemeServer\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\LastPass\\lastpass.exe"=
"c:\\Program Files\\HMA! Pro VPN\\bin\\HMA! Pro VPN.exe"=
"c:\\Program Files\\Mindsystems\\Mindsystems Amode\\AlarmManager.exe"=
"c:\\Program Files\\BlogHatterPro\\BlogHatter.exe"=
"c:\\Program Files\\Article Architect\\Article Architect.exe"=
"c:\\Program Files\\Summitsoft\\LogoDesignStudio Pro\\LDSProVUpdater.exe"=
"c:\\Program Files\\Auction Maul\\auctionmaul.exe"=
"c:\\Program Files\\Click-N-Learn Media Centre\\Click-N-LearnMediaCentre.exe"=
"c:\\Program Files\\XSitePro2\\XspVersion1Converter.exe"=
"c:\\Program Files\\XSitePro2\\XSitePro2.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\My Pictures\\QuickCam\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\WireframeSketcherStudio\\sketcher.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\iMarketing Soft\\Magic Site Cloner\\MagicSiteCloner.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Stealth Keyword Digger\\StealthKeywordDigger.exe"=
"c:\\Program Files\\Stealth Keyword Digger\\skd2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stephen Hawkins\\docmarketingrobot\\DocumentMarketingRobot.exe"=
"c:\\Program Files\\Stephen Hawkins\\docmarketingrobot\\PDFCreator.exe"=
"c:\\Program Files\\Stealth Keyword Competition Analyzer\\StealthKeywordCompetitionAnalyzer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5985:TCP"= 5985:TCP:Windows Remote Management
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data
"50353:TCP"= 50353:TCP:Windows Core Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/12/2010 11:14 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/12/2010 11:14 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [4/23/2012 4:27 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [4/23/2012 4:27 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [5/8/2012 2:51 PM 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [4/23/2012 4:27 PM 132744]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/12/2010 11:14 PM 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [4/23/2012 4:27 PM 149624]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2/19/2010 11:33 PM 29416]
R2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [10/9/2009 4:52 AM 32768]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/18/2011 8:56 PM 12184]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [4/23/2012 4:27 PM 138232]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 6:45 PM 35088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [1/8/2010 10:20 PM 4497704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [4/5/2012 5:08 AM 1529152]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 5:21 PM 918880]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [1/8/2010 10:36 PM 113448]
R2 ZinstallHelperService;ZinstallHelperService;c:\windows\system32\zinstall_pod\ZinstallHelperService.exe [10/6/2010 5:09 PM 11245192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/8/2012 2:55 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120515.001\IDSXpx86.sys [5/15/2012 6:02 PM 356792]
R3 rzp3011za;rzp3011za;c:\windows\system32\drivers\zinstall_pod\rzp3011za.sys [10/6/2010 11:14 AM 232648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2/9/2012 1:16 PM 10064]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/8/2010 10:36 PM 16168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1ca90f4fb9587c2;Google Update Service (gupdate1ca90f4fb9587c2);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 12:28 AM 133104]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 10:34 PM 257696]
S3 awealloc;awealloc;c:\windows\system32\drivers\awealloc.sys [10/6/2010 11:14 AM 18504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 12:28 AM 133104]
S3 imdisk;imdisk;c:\windows\system32\drivers\imdisk.sys [10/6/2010 11:14 AM 46408]
S3 imdsksvc;imdsksvc;c:\windows\system32\imdsksvc.exe [10/6/2010 11:14 AM 21064]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 3:02 PM 129976]
S3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys --> c:\windows\system32\DRIVERS\mvvideodemo.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
S3 rzp3502za;rzp3502za;c:\windows\system32\drivers\zinstall_pod\rzp3502za.sys [8/6/2011 10:23 AM 231960]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [12/13/2010 3:44 PM 281024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/9/2004 10:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ZInsDrv;Zinstall Support Driver;\??\a:\zinstallex\x86\ZInsDrv.sys --> a:\zinstallex\x86\ZInsDrv.sys [?]
S4 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [12/16/2009 11:15 AM 129520]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [9/22/2011 6:18 PM 43028328]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3/31/2009 2:44 AM 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [9/22/2011 6:10 PM 238696]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [9/22/2011 6:17 PM 370024]
S4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [3/19/2012 5:38 AM 2666880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 23:17]
.
2012-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-16 c:\windows\Tasks\BJMGB.job
- c:\windows\system32\wshnetbsj.dll [2012-02-29 17:34]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 06:28]
.
2012-05-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 06:28]
.
2012-05-09 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]
.
2011-05-22 c:\windows\Tasks\TSmaker Updates.job
- c:\windows\Installer\TSmaker Updates for All Users.lnk [2010-03-07 01:19]
.
2012-03-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-12-31 05:41]
.
2012-05-16 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Surfulater: Add &new Article - c:\program files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML
IE: Surfulater: Add Article pl&us Page - c:\program files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML
IE: Surfulater: Attac&h Page to Article - c:\program files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML
IE: Surfulater: Book&mark this Page - c:\program files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML
IE: {{E5092D10-B990-4932-8667-7461041B3A32} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
LSP: c:\program files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
Trusted Zone: cinemanow.com
Trusted Zone: kuaiche.com\software
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF218E23-9FFE-4227-AE4A-C8333B34DE40}: NameServer = 10.26.56.1
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qi7x7kb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-Malwarebytes' Anti-Malware_is1 - p:\malwarebytes' anti-malware\unins000.exe
AddRemove-_{05D60953-9012-44DF-A1A6-9DD97AD6580A} - c:\program files\Corel\Corel Painter X\MSILauncher {05D60953-9012-44DF-A1A6-9DD97AD6580A}
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
AddRemove-2950243292.d.seesmic.com - c:\program files\Microsoft Silverlight\4.0.60531.0\Silverlight.Configuration.exe
AddRemove-3107433371.d.seesmic.com - c:\program files\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
AddRemove-3490550900.d.seesmic.com - c:\program files\Microsoft Silverlight\4.0.51204.0\Silverlight.Configuration.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-15 23:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518214B9-D6F1-2D7C-B100-EF5DA0B025D6}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iabkioalnjkknnjceo"=hex:69,61,67,61,65,66,61,69,6e,6a,64,69,63,69,67,6a,6f,68,
00,00
"hapacobjgkkamphc"=hex:69,61,67,61,65,66,61,69,6e,6a,64,69,63,69,67,6a,6f,68,
00,00
.
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87E16125-4CE2-5D3B-84E9-D5FB56346BB0}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"madfifhgfdkfadcbkpgodpconb"=hex:6b,61,69,68,61,63,63,6e,61,65,64,70,69,6f,63,
6f,67,68,6d,68,61,6e,00,00
"ladfifhgfdkfadcbookdokda"=hex:64,62,6a,68,68,61,6b,6f,65,6c,67,6d,62,6d,61,67,
68,64,69,66,6d,68,6f,64,6a,66,6f,64,6b,63,67,63,6b,67,67,63,65,6c,6d,6f,00,\
"gadfifhglekmcc"=hex:69,61,6f,67,66,6b,6e,68,65,61,6b,6c,63,6f,6e,61,65,64,00,
66
"hadfifhgleplceip"=hex:64,61,64,62,62,66,61,6e,00,61
"cbdfifhgieembelnieopjmahdljifcdjlimeai"=hex:6d,61,66,67,6e,6c,6e,6a,65,6b,6b,
70,65,6a,68,63,68,62,68,64,6f,69,6c,6b,6f,6c,00,64
"madfifhgieembepeblcadfhnoh"=hex:67,61,6a,66,64,69,64,6c,70,6c,64,6d,65,6c,00,
63
"oadfifhgieembeiepbddpaflhmflah"=hex:69,61,69,66,70,6c,62,61,6a,6e,6d,6c,66,6d,
6c,70,6b,6c,00,64
.
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,91,99,a9,eb,17,d5,8e,df,39,d9,b9,12,85,b8,6a,8c,e3,82,cb,c7,cb,d8,
a3,67,36,f2,e5,a7,fe,0d,38,07,03,ce,a4,54,6f,0c,57,61,09,0b,2e,9e,48,82,94,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
@SACL=
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
@SACL=
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:27,0f,44,8e,c4,1e,10,ee,45,ec,23,d6,6d,0d,d6,e8,5d,e0,29,f3,d0,
96,ba,34,df,a5,e5,13,3b,50,fa,b1,83,48,2a,ab,06,6a,73,4d,8a,3b,79,9e,b5,f6,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:27,0f,44,8e,c4,1e,10,ee,45,ec,23,d6,6d,0d,d6,e8,5d,e0,29,f3,d0,
96,ba,34,df,a5,e5,13,3b,50,fa,b1,83,48,2a,ab,06,6a,73,4d,8a,3b,79,9e,b5,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(744)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(3144)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\windows\system32\rundll32.exe
c:\program files\WTouch\WTouchUser.exe
c:\windows\arservice.exe
c:\windows\system32\astsrv.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\xampp\xampp\FileZillaFTP\FileZilla server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Input Director\InputDirectorSessionHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\xampp\mysql\bin\mysqld.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\nvsvc32.exe
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\windows\system32\WISPTIS.EXE
c:\windows\system\hpsysdrv.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\dllhost.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DiscUpdMgr.exe
c:\program files\DISC\DiscStreamHub.exe
.
**************************************************************************
.
Completion time: 2012-05-15 23:41:26 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-16 05:41
.
Pre-Run: 12,048,285,696 bytes free
Post-Run: 12,141,727,744 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - D5275B98C18B14876E907BA580808CC4

Edited by PaulFaust, 16 May 2012 - 01:01 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 16 May 2012 - 05:20 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 16 May 2012 - 10:24 AM

Hi Gringo,

Here are the TDSSKiller and aswMBR Logs:


TDSSKiller Log:


08:10:59.0100 4792 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
08:11:00.0600 4792 ============================================================
08:11:00.0600 4792 Current date / time: 2012/05/16 08:11:00.0600
08:11:00.0600 4792 SystemInfo:
08:11:00.0600 4792
08:11:00.0600 4792 OS Version: 5.1.2600 ServicePack: 3.0
08:11:00.0600 4792 Product type: Workstation
08:11:00.0600 4792 ComputerName: YOUR-4DACD0EA75
08:11:00.0600 4792 UserName: HP_Administrator
08:11:00.0600 4792 Windows directory: C:\WINDOWS
08:11:00.0600 4792 System windows directory: C:\WINDOWS
08:11:00.0600 4792 Processor architecture: Intel x86
08:11:00.0600 4792 Number of processors: 2
08:11:00.0600 4792 Page size: 0x1000
08:11:00.0600 4792 Boot type: Normal boot
08:11:00.0600 4792 ============================================================
08:11:03.0178 4792 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
08:11:03.0194 4792 Drive \Device\Harddisk5\DR7 - Size: 0x1D197300000 (1862.36 Gb), SectorSize: 0x200, Cylinders: 0x3B5AB, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:11:03.0194 4792 Drive \Device\Harddisk6\DR13 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:11:03.0225 4792 ============================================================
08:11:03.0225 4792 \Device\Harddisk0\DR0:
08:11:03.0225 4792 MBR partitions:
08:11:03.0225 4792 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x162E7DFE
08:11:03.0225 4792 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xC, StartLBA 0x162EBCFE, BlocksNum 0x11B20C3
08:11:03.0225 4792 \Device\Harddisk5\DR7:
08:11:03.0225 4792 MBR partitions:
08:11:03.0225 4792 \Device\Harddisk5\DR7\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xE8CB9000
08:11:03.0225 4792 \Device\Harddisk6\DR13:
08:11:03.0225 4792 MBR partitions:
08:11:03.0225 4792 \Device\Harddisk6\DR13\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
08:11:03.0225 4792 ============================================================
08:11:03.0241 4792 C: <-> \Device\Harddisk0\DR0\Partition0
08:11:03.0272 4792 D: <-> \Device\Harddisk0\DR0\Partition1
08:11:03.0319 4792 L: <-> \Device\Harddisk6\DR13\Partition0
08:11:03.0334 4792 M: <-> \Device\Harddisk5\DR7\Partition0
08:11:03.0334 4792 ============================================================
08:11:03.0334 4792 Initialize success
08:11:03.0334 4792 ============================================================
08:11:06.0209 5032 ============================================================
08:11:06.0209 5032 Scan started
08:11:06.0209 5032 Mode: Manual;
08:11:06.0209 5032 ============================================================
08:11:07.0334 5032 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 (a15069eec83ebc54150564b2585cfdba) C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
08:11:07.0334 5032 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269 - ok
08:11:07.0444 5032 Abiosdsk - ok
08:11:07.0444 5032 abp480n5 - ok
08:11:07.0506 5032 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
08:11:07.0506 5032 ACPI - ok
08:11:07.0538 5032 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
08:11:07.0538 5032 ACPIEC - ok
08:11:07.0553 5032 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\WINDOWS\system32\drivers\adfs.sys
08:11:07.0553 5032 adfs - ok
08:11:07.0663 5032 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
08:11:07.0663 5032 Adobe Version Cue CS4 - ok
08:11:07.0741 5032 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:11:07.0741 5032 AdobeFlashPlayerUpdateSvc - ok
08:11:07.0756 5032 adpu160m - ok
08:11:07.0803 5032 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
08:11:07.0803 5032 aec - ok
08:11:07.0834 5032 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
08:11:07.0834 5032 Afc - ok
08:11:07.0881 5032 AFD (1e44bc1e83d8fd2305f8d452db109cf9) C:\WINDOWS\System32\drivers\afd.sys
08:11:07.0881 5032 AFD - ok
08:11:07.0897 5032 AFS2K (0ebb674888cbdefd5773341c16dd6a07) C:\WINDOWS\system32\drivers\AFS2K.sys
08:11:07.0913 5032 AFS2K - ok
08:11:07.0913 5032 Aha154x - ok
08:11:07.0928 5032 aic78u2 - ok
08:11:07.0944 5032 aic78xx - ok
08:11:08.0006 5032 Alerter (a9a3daa780ca6c9671a19d52456705b4) C:\WINDOWS\system32\alrsvc.dll
08:11:08.0006 5032 Alerter - ok
08:11:08.0053 5032 ALG (8c515081584a38aa007909cd02020b3d) C:\WINDOWS\System32\alg.exe
08:11:08.0069 5032 ALG - ok
08:11:08.0069 5032 AliIde - ok
08:11:08.0131 5032 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
08:11:08.0131 5032 AmdK8 - ok
08:11:08.0131 5032 amsint - ok
08:11:08.0256 5032 Apache2.2 (fb32f046a2578755fa0da5052c6a9cd3) C:\xampp\xampp\apache\bin\httpd.exe
08:11:08.0256 5032 Apache2.2 - ok
08:11:08.0381 5032 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
08:11:08.0381 5032 Apple Mobile Device - ok
08:11:08.0397 5032 AppMgmt (d8849f77c0b66226335a59d26cb4edc6) C:\WINDOWS\System32\appmgmts.dll
08:11:08.0397 5032 AppMgmt - ok
08:11:08.0428 5032 aracpi (00523019e3579c8f8a94457fe25f0f24) C:\WINDOWS\system32\DRIVERS\aracpi.sys
08:11:08.0428 5032 aracpi - ok
08:11:08.0444 5032 arhidfltr (9fedaa46eb1a572ac4d9ee6b5f123cf2) C:\WINDOWS\system32\DRIVERS\arhidfltr.sys
08:11:08.0444 5032 arhidfltr - ok
08:11:08.0444 5032 arkbcfltr (82969576093cd983dd559f5a86f382b4) C:\WINDOWS\system32\DRIVERS\arkbcfltr.sys
08:11:08.0444 5032 arkbcfltr - ok
08:11:08.0459 5032 armoucfltr (9b21791d8a78faece999fadbebda6c22) C:\WINDOWS\system32\DRIVERS\armoucfltr.sys
08:11:08.0459 5032 armoucfltr - ok
08:11:08.0475 5032 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
08:11:08.0475 5032 Arp1394 - ok
08:11:08.0491 5032 ARPolicy (7a2da7c7b0c524ef26a79f17a5c69fde) C:\WINDOWS\system32\DRIVERS\arpolicy.sys
08:11:08.0491 5032 ARPolicy - ok
08:11:08.0522 5032 ARSVC (9a0d9b2e263bede80fb79ddbad240ec1) C:\WINDOWS\arservice.exe
08:11:08.0522 5032 ARSVC - ok
08:11:08.0522 5032 asc - ok
08:11:08.0538 5032 asc3350p - ok
08:11:08.0538 5032 asc3550 - ok
08:11:08.0616 5032 Aspi32 (b979979ab8027f7f53fb16ec4229b7db) C:\WINDOWS\system32\drivers\Aspi32.sys
08:11:08.0616 5032 Aspi32 - ok
08:11:08.0709 5032 aspnet_state (776acefa0ca9df0faa51a5fb2f435705) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
08:11:08.0709 5032 aspnet_state - ok
08:11:08.0725 5032 astcc (0c83fc56707bf68db04947052a8188b1) C:\WINDOWS\system32\astsrv.exe
08:11:08.0741 5032 astcc - ok
08:11:08.0741 5032 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
08:11:08.0741 5032 AsyncMac - ok
08:11:08.0803 5032 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
08:11:08.0803 5032 atapi - ok
08:11:08.0803 5032 Atdisk - ok
08:11:08.0850 5032 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
08:11:08.0850 5032 Atmarpc - ok
08:11:08.0881 5032 AudioSrv (def7a7882bec100fe0b2ce2549188f9d) C:\WINDOWS\System32\audiosrv.dll
08:11:08.0881 5032 AudioSrv - ok
08:11:08.0881 5032 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
08:11:08.0881 5032 audstub - ok
08:11:08.0975 5032 awealloc (90a4fad5e3cf34d7e54769adf34a8b7d) C:\WINDOWS\system32\drivers\awealloc.sys
08:11:08.0975 5032 awealloc - ok
08:11:09.0038 5032 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
08:11:09.0038 5032 Beep - ok
08:11:09.0319 5032 BHDrvx86 (a503d32ae26f77cb942aed530112edaa) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys
08:11:09.0319 5032 BHDrvx86 - ok
08:11:09.0350 5032 BITS (574738f61fca2935f5265dc4e5691314) C:\WINDOWS\system32\qmgr.dll
08:11:09.0366 5032 BITS - ok
08:11:09.0491 5032 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
08:11:09.0491 5032 Bonjour Service - ok
08:11:09.0522 5032 Browser (a06ce3399d16db864f55faeb1f1927a9) C:\WINDOWS\System32\browser.dll
08:11:09.0522 5032 Browser - ok
08:11:09.0569 5032 BthEnum (b279426e3c0c344893ed78a613a73bde) C:\WINDOWS\system32\DRIVERS\BthEnum.sys
08:11:09.0569 5032 BthEnum - ok
08:11:09.0584 5032 BthPan (80602b8746d3738f5886ce3d67ef06b6) C:\WINDOWS\system32\DRIVERS\bthpan.sys
08:11:09.0584 5032 BthPan - ok
08:11:09.0631 5032 BTHPORT (662bfd909447dd9cc15b1a1c366583b4) C:\WINDOWS\system32\Drivers\BTHport.sys
08:11:09.0631 5032 BTHPORT - ok
08:11:09.0663 5032 BthServ (f4c43c66471b87996d95db7a3a664a37) C:\WINDOWS\System32\bthserv.dll
08:11:09.0663 5032 BthServ - ok
08:11:09.0663 5032 BTHUSB (61364cd71ef63b0f038b7e9df00f1efa) C:\WINDOWS\system32\Drivers\BTHUSB.sys
08:11:09.0663 5032 BTHUSB - ok
08:11:09.0694 5032 BVRPMPR5 (c834f8816ab652064176b4fbd93a2dc8) C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
08:11:09.0694 5032 BVRPMPR5 - ok
08:11:09.0694 5032 catchme - ok
08:11:09.0709 5032 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
08:11:09.0709 5032 cbidf2k - ok
08:11:09.0741 5032 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
08:11:09.0741 5032 CCDECODE - ok
08:11:09.0788 5032 ccSet_NAV (599e7f6259a127c174c49938d2aa6a60) C:\WINDOWS\system32\drivers\NAV\1307000.009\ccSetx86.sys
08:11:09.0803 5032 ccSet_NAV - ok
08:11:09.0803 5032 cd20xrnt - ok
08:11:09.0834 5032 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
08:11:09.0834 5032 Cdaudio - ok
08:11:09.0850 5032 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
08:11:09.0850 5032 Cdfs - ok
08:11:09.0881 5032 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
08:11:09.0881 5032 Cdrom - ok
08:11:09.0881 5032 Changer - ok
08:11:10.0006 5032 CinemaNow Service (28144ad5c70509e4b44a6f1265b8fa9d) C:\Program Files\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
08:11:10.0006 5032 CinemaNow Service - ok
08:11:10.0038 5032 CiSvc (1cfe720eb8d93a7158a4ebc3ab178bde) C:\WINDOWS\system32\cisvc.exe
08:11:10.0038 5032 CiSvc - ok
08:11:10.0053 5032 ClipSrv (34cbe729f38138217f9c80212a2a0c82) C:\WINDOWS\system32\clipsrv.exe
08:11:10.0053 5032 ClipSrv - ok
08:11:10.0241 5032 clr_optimization_v2.0.50727_32 (d87acaed61e417bba546ced5e7e36d9c) c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:11:10.0241 5032 clr_optimization_v2.0.50727_32 - ok
08:11:10.0319 5032 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:11:10.0319 5032 clr_optimization_v4.0.30319_32 - ok
08:11:10.0319 5032 CmdIde - ok
08:11:10.0334 5032 COMSysApp - ok
08:11:10.0334 5032 Cpqarray - ok
08:11:10.0381 5032 CryptSvc (3d4e199942e29207970e04315d02ad3b) C:\WINDOWS\System32\cryptsvc.dll
08:11:10.0381 5032 CryptSvc - ok
08:11:10.0381 5032 dac2w2k - ok
08:11:10.0381 5032 dac960nt - ok
08:11:10.0444 5032 DcomLaunch (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\system32\rpcss.dll
08:11:10.0444 5032 DcomLaunch - ok
08:11:10.0491 5032 DFUBTUSB (31273c758c6df7fc27b00be78c7220e9) C:\WINDOWS\system32\Drivers\frmupgr.sys
08:11:10.0491 5032 DFUBTUSB - ok
08:11:10.0522 5032 Dhcp (5e38d7684a49cacfb752b046357e0589) C:\WINDOWS\System32\dhcpcsvc.dll
08:11:10.0522 5032 Dhcp - ok
08:11:10.0553 5032 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
08:11:10.0553 5032 Disk - ok
08:11:10.0553 5032 dmadmin - ok
08:11:10.0647 5032 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
08:11:10.0647 5032 dmboot - ok
08:11:10.0678 5032 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
08:11:10.0678 5032 dmio - ok
08:11:10.0709 5032 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
08:11:10.0709 5032 dmload - ok
08:11:10.0741 5032 dmserver (57edec2e5f59f0335e92f35184bc8631) C:\WINDOWS\System32\dmserver.dll
08:11:10.0741 5032 dmserver - ok
08:11:10.0756 5032 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
08:11:10.0756 5032 DMusic - ok
08:11:10.0788 5032 Dnscache (5f7e24fa9eab896051ffb87f840730d2) C:\WINDOWS\System32\dnsrslvr.dll
08:11:10.0788 5032 Dnscache - ok
08:11:10.0819 5032 Dot3svc (0f0f6e687e5e15579ef4da8dd6945814) C:\WINDOWS\System32\dot3svc.dll
08:11:10.0819 5032 Dot3svc - ok
08:11:10.0819 5032 dpti2o - ok
08:11:10.0897 5032 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
08:11:10.0897 5032 drmkaud - ok
08:11:10.0928 5032 EapHost (2187855a7703adef0cef9ee4285182cc) C:\WINDOWS\System32\eapsvc.dll
08:11:10.0928 5032 EapHost - ok
08:11:11.0069 5032 eeCtrl (579a6b6135d32b857faf0e3a974535d8) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
08:11:11.0084 5032 eeCtrl - ok
08:11:11.0178 5032 ehRecvr (5d1347aa5ae6e2f77d7f4f8372d95ac9) C:\WINDOWS\eHome\ehRecvr.exe
08:11:11.0178 5032 ehRecvr - ok
08:11:11.0209 5032 ehSched (a53243709439ac2a4c216b817f8d7411) C:\WINDOWS\eHome\ehSched.exe
08:11:11.0209 5032 ehSched - ok
08:11:11.0241 5032 EraserUtilRebootDrv (028d50f059bd0d2ccb209e9011b9a9a4) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
08:11:11.0241 5032 EraserUtilRebootDrv - ok
08:11:11.0272 5032 ERSvc (bc93b4a066477954555966d77fec9ecb) C:\WINDOWS\System32\ersvc.dll
08:11:11.0272 5032 ERSvc - ok
08:11:11.0288 5032 Eventlog (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:11:11.0303 5032 Eventlog - ok
08:11:11.0334 5032 EventSystem (d4991d98f2db73c60d042f1aef79efae) C:\WINDOWS\system32\es.dll
08:11:11.0350 5032 EventSystem - ok
08:11:11.0381 5032 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
08:11:11.0381 5032 Fastfat - ok
08:11:11.0428 5032 FastUserSwitchingCompatibility (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:11.0428 5032 FastUserSwitchingCompatibility - ok
08:11:11.0459 5032 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
08:11:11.0459 5032 Fdc - ok
08:11:11.0569 5032 FileZilla Server (395462de8c64e11da2978ef28e0104a9) C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
08:11:11.0569 5032 FileZilla Server - ok
08:11:11.0584 5032 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
08:11:11.0584 5032 Fips - ok
08:11:11.0663 5032 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
08:11:11.0663 5032 FLEXnet Licensing Service - ok
08:11:11.0788 5032 FlipShare Service (7a7f1d1c598c5c8b21ceaaab892b9fb8) C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
08:11:11.0788 5032 FlipShare Service - ok
08:11:11.0959 5032 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
08:11:11.0959 5032 Flpydisk - ok
08:11:12.0038 5032 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
08:11:12.0038 5032 FltMgr - ok
08:11:12.0225 5032 FontCache3.0.0.0 (8ba7c024070f2b7fdd98ed8a4ba41789) c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
08:11:12.0225 5032 FontCache3.0.0.0 - ok
08:11:12.0288 5032 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
08:11:12.0288 5032 Fs_Rec - ok
08:11:12.0725 5032 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
08:11:12.0725 5032 Ftdisk - ok
08:11:12.0741 5032 ftsata2 - ok
08:11:12.0897 5032 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
08:11:12.0897 5032 GEARAspiWDM - ok
08:11:12.0928 5032 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
08:11:12.0928 5032 Gpc - ok
08:11:13.0006 5032 gupdate1ca90f4fb9587c2 (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:13.0006 5032 gupdate1ca90f4fb9587c2 - ok
08:11:13.0006 5032 gupdatem (626a24ed1228580b9518c01930936df9) C:\Program Files\Google\Update\GoogleUpdate.exe
08:11:13.0006 5032 gupdatem - ok
08:11:13.0538 5032 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:11:13.0553 5032 gusvc - ok
08:11:13.0819 5032 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
08:11:13.0819 5032 HDAudBus - ok
08:11:13.0881 5032 helpsvc (4fcca060dfe0c51a09dd5c3843888bcd) C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
08:11:13.0881 5032 helpsvc - ok
08:11:13.0959 5032 HidBth (7bd2de4c85eb4241eed57672b16a7d8d) C:\WINDOWS\system32\DRIVERS\hidbth.sys
08:11:13.0959 5032 HidBth - ok
08:11:13.0975 5032 HidServ (deb04da35cc871b6d309b77e1443c796) C:\WINDOWS\System32\hidserv.dll
08:11:13.0975 5032 HidServ - ok
08:11:14.0038 5032 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
08:11:14.0038 5032 HidUsb - ok
08:11:14.0069 5032 hkmsvc (8878bd685e490239777bfe51320b88e9) C:\WINDOWS\System32\kmsvc.dll
08:11:14.0069 5032 hkmsvc - ok
08:11:14.0163 5032 HotspotShieldService (b2afa712b3cdf8ad04d85c56546bb174) C:\Program Files\Hotspot Shield\bin\openvpnas.exe
08:11:14.0163 5032 HotspotShieldService - ok
08:11:14.0163 5032 hpn - ok
08:11:14.0209 5032 HPZid412 (d03d10f7ded688fecf50f8fbf1ea9b8a) C:\WINDOWS\system32\DRIVERS\HPZid412.sys
08:11:14.0209 5032 HPZid412 - ok
08:11:14.0225 5032 HPZipr12 (89f41658929393487b6b7d13c8528ce3) C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
08:11:14.0225 5032 HPZipr12 - ok
08:11:14.0256 5032 HPZius12 (cf1b7951b4ec8d13f3c93b74bb2b461b) C:\WINDOWS\system32\DRIVERS\HPZius12.sys
08:11:14.0256 5032 HPZius12 - ok
08:11:14.0288 5032 HssDrv (4f28652ec514fa1ba473bc1a695a5c98) C:\WINDOWS\system32\DRIVERS\HssDrv.sys
08:11:14.0288 5032 HssDrv - ok
08:11:14.0350 5032 HssSrv (b8b90bb7011556691d432aaecaa0d26c) C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
08:11:14.0350 5032 HssSrv - ok
08:11:14.0366 5032 HssTrayService (8faab97946600e312cb3398061ad3059) C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
08:11:14.0366 5032 HssTrayService - ok
08:11:14.0381 5032 HssWd - ok
08:11:14.0413 5032 HSXHWBS2 (1f5c64b0c6b2e2f48735a77ae714ccb8) C:\WINDOWS\system32\DRIVERS\HSXHWBS2.sys
08:11:14.0428 5032 HSXHWBS2 - ok
08:11:14.0475 5032 HSX_DP (a7f8c9228898a1e871d2ae7082f50ac3) C:\WINDOWS\system32\DRIVERS\HSX_DP.sys
08:11:14.0491 5032 HSX_DP - ok
08:11:14.0522 5032 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
08:11:14.0522 5032 HTTP - ok
08:11:14.0569 5032 HTTPFilter (6100a808600f44d999cebdef8841c7a3) C:\WINDOWS\System32\w3ssl.dll
08:11:14.0569 5032 HTTPFilter - ok
08:11:14.0584 5032 i2omgmt - ok
08:11:14.0584 5032 i2omp - ok
08:11:14.0647 5032 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
08:11:14.0663 5032 i8042prt - ok
08:11:14.0725 5032 iaStor (9a65e42664d1534b68512caad0efe963) C:\WINDOWS\system32\DRIVERS\iaStor.sys
08:11:14.0741 5032 iaStor - ok
08:11:14.0897 5032 IDriverT (daf66902f08796f9c694901660e5a64a) C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
08:11:14.0897 5032 IDriverT - ok
08:11:15.0084 5032 idsvc (c01ac32dc5c03076cfb852cb5da5229c) c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:11:15.0116 5032 idsvc - ok
08:11:15.0397 5032 IDSxpx86 (c924bf6d42b3d9292268ff1998596bd1) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120515.001\IDSxpx86.sys
08:11:15.0413 5032 IDSxpx86 - ok
08:11:15.0553 5032 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
08:11:15.0553 5032 Imapi - ok
08:11:15.0647 5032 ImapiService (30deaf54a9755bb8546168cfe8a6b5e1) C:\WINDOWS\system32\imapi.exe
08:11:15.0647 5032 ImapiService - ok
08:11:15.0694 5032 imdisk (a33bd8543b44c3258af7fd28623b5dfe) C:\WINDOWS\system32\drivers\imdisk.sys
08:11:15.0694 5032 imdisk - ok
08:11:15.0756 5032 imdsksvc (b5e32601ef9d5c31ae96b50db83eb257) C:\WINDOWS\system32\imdsksvc.exe
08:11:15.0756 5032 imdsksvc - ok
08:11:15.0772 5032 ini910u - ok
08:11:15.0928 5032 InputDirector (5c106e27db0df13316f8317d5f2c493f) C:\Program Files\Input Director\IDWinService.exe
08:11:15.0928 5032 InputDirector - ok
08:11:16.0491 5032 IntcAzAudAddService (5d138adc44c43bf37634c8e528d75b1f) C:\WINDOWS\system32\drivers\RtkHDAud.sys
08:11:16.0600 5032 IntcAzAudAddService - ok
08:11:16.0741 5032 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
08:11:16.0741 5032 IntelIde - ok
08:11:16.0756 5032 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
08:11:16.0756 5032 intelppm - ok
08:11:16.0756 5032 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
08:11:16.0756 5032 Ip6Fw - ok
08:11:16.0788 5032 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
08:11:16.0788 5032 IpFilterDriver - ok
08:11:16.0788 5032 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
08:11:16.0788 5032 IpInIp - ok
08:11:16.0819 5032 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
08:11:16.0819 5032 IpNat - ok
08:11:16.0944 5032 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
08:11:16.0944 5032 iPod Service - ok
08:11:16.0975 5032 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
08:11:16.0975 5032 IPSec - ok
08:11:16.0991 5032 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
08:11:16.0991 5032 IRENUM - ok
08:11:17.0006 5032 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
08:11:17.0006 5032 isapnp - ok
08:11:17.0100 5032 JavaQuickStarterService (9aa67569d5257462e230767510b0c815) C:\Program Files\Java\jre6\bin\jqs.exe
08:11:17.0100 5032 JavaQuickStarterService - ok
08:11:17.0131 5032 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
08:11:17.0131 5032 Kbdclass - ok
08:11:17.0147 5032 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
08:11:17.0147 5032 kbdhid - ok
08:11:17.0225 5032 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
08:11:17.0225 5032 kmixer - ok
08:11:17.0241 5032 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
08:11:17.0256 5032 KSecDD - ok
08:11:17.0288 5032 lanmanserver (3a7c3cbe5d96b8ae96ce81f0b22fb527) C:\WINDOWS\System32\srvsvc.dll
08:11:17.0288 5032 lanmanserver - ok
08:11:17.0319 5032 lanmanworkstation (a8888a5327621856c0cec4e385f69309) C:\WINDOWS\System32\wkssvc.dll
08:11:17.0334 5032 lanmanworkstation - ok
08:11:17.0381 5032 LBeepKE (be2dc24d403643a2d1d98f33c7087b38) C:\WINDOWS\system32\Drivers\LBeepKE.sys
08:11:17.0381 5032 LBeepKE - ok
08:11:17.0381 5032 lbrtfdc - ok
08:11:17.0491 5032 LBTServ (910344e2a984010435ae84783b25e5eb) C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
08:11:17.0491 5032 LBTServ - ok
08:11:17.0522 5032 LHidFilt (01cc7fb6e790ef044b411377f3a1ff41) C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
08:11:17.0522 5032 LHidFilt - ok
08:11:17.0631 5032 LightScribeService (5d4b38a8d8525356798f5e560c3a3090) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
08:11:17.0631 5032 LightScribeService - ok
08:11:17.0663 5032 LmHosts (a7db739ae99a796d91580147e919cc59) C:\WINDOWS\System32\lmhsvc.dll
08:11:17.0678 5032 LmHosts - ok
08:11:17.0741 5032 LMouFilt (a2e7eae8898d7b4b8c302b8f4e836bb5) C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys
08:11:17.0741 5032 LMouFilt - ok
08:11:17.0850 5032 LVcKap (8113133ec42dd6c566908008ce913edd) C:\WINDOWS\system32\DRIVERS\LVcKap.sys
08:11:17.0866 5032 LVcKap - ok
08:11:17.0975 5032 LVCOMSer (9e41266c68c11d7101a2d18cd1f7553e) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
08:11:17.0975 5032 LVCOMSer - ok
08:11:18.0256 5032 LVMVDrv (0dd5b8af4917a2821047450195c511b3) C:\WINDOWS\system32\DRIVERS\LVMVDrv.sys
08:11:18.0272 5032 LVMVDrv - ok
08:11:18.0350 5032 LVPr2Mon (406b1d186f75b4b4832d6237859e1b00) C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
08:11:18.0350 5032 LVPr2Mon - ok
08:11:18.0381 5032 LVPrcSrv (85c2e84bc1224c75a20b5560d5a15db9) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
08:11:18.0381 5032 LVPrcSrv - ok
08:11:18.0428 5032 LVSrvLauncher (656180e9c0c5199520972426c44bc2f0) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
08:11:18.0428 5032 LVSrvLauncher - ok
08:11:18.0459 5032 MarvinBus (a3e700d78eec390f1208098cdca5c6b6) C:\WINDOWS\system32\DRIVERS\MarvinBus.sys
08:11:18.0459 5032 MarvinBus - ok
08:11:18.0538 5032 McrdSvc (df0a511f38f16016bf658fca0090cb87) C:\WINDOWS\ehome\mcrdsvc.exe
08:11:18.0538 5032 McrdSvc - ok
08:11:18.0569 5032 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
08:11:18.0569 5032 mdmxsdk - ok
08:11:18.0600 5032 Messenger (986b1ff5814366d71e0ac5755c88f2d3) C:\WINDOWS\System32\msgsvc.dll
08:11:18.0600 5032 Messenger - ok
08:11:18.0631 5032 MHN (b7521f69c0a9b29d356157229376fb21) C:\WINDOWS\System32\mhn.dll
08:11:18.0647 5032 MHN - ok
08:11:18.0647 5032 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
08:11:18.0647 5032 MHNDRV - ok
08:11:18.0725 5032 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
08:11:18.0725 5032 Microsoft Office Groove Audit Service - ok
08:11:18.0756 5032 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
08:11:18.0756 5032 mnmdd - ok
08:11:18.0772 5032 mnmsrvc (d18f1f0c101d06a1c1adf26eed16fcdd) C:\WINDOWS\system32\mnmsrvc.exe
08:11:18.0772 5032 mnmsrvc - ok
08:11:18.0803 5032 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
08:11:18.0803 5032 Modem - ok
08:11:18.0834 5032 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
08:11:18.0834 5032 Mouclass - ok
08:11:18.0850 5032 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
08:11:18.0850 5032 mouhid - ok
08:11:18.0866 5032 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
08:11:18.0866 5032 MountMgr - ok
08:11:18.0897 5032 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:11:18.0897 5032 MozillaMaintenance - ok
08:11:18.0928 5032 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
08:11:18.0928 5032 MPE - ok
08:11:18.0944 5032 mraid35x - ok
08:11:18.0975 5032 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
08:11:18.0975 5032 MRxDAV - ok
08:11:19.0022 5032 MRxSmb (7d304a5eb4344ebeeab53a2fe3ffb9f0) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
08:11:19.0038 5032 MRxSmb - ok
08:11:19.0053 5032 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
08:11:19.0053 5032 Msfs - ok
08:11:19.0069 5032 MSIServer - ok
08:11:19.0084 5032 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
08:11:19.0084 5032 MSKSSRV - ok
08:11:19.0116 5032 msloop (64e8b7c65eb4796939c0f64f8170821b) C:\WINDOWS\system32\DRIVERS\loop.sys
08:11:19.0116 5032 msloop - ok
08:11:19.0131 5032 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
08:11:19.0131 5032 MSPCLOCK - ok
08:11:19.0131 5032 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
08:11:19.0131 5032 MSPQM - ok
08:11:19.0163 5032 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
08:11:19.0163 5032 mssmbios - ok
08:11:19.0256 5032 MSSQL$ADCENTERDESKTOP - ok
08:11:19.0319 5032 MSSQL$SQLEXPRESS - ok
08:11:19.0381 5032 MSSQLServerADHelper (1d89eb4e2a99cabd4e81225f4f4c4b25) C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
08:11:19.0381 5032 MSSQLServerADHelper - ok
08:11:19.0459 5032 MSSQLServerADHelper100 (f1761c8fb2b25a32c6d63e36bb88c3ae) C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
08:11:19.0459 5032 MSSQLServerADHelper100 - ok
08:11:19.0491 5032 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
08:11:19.0491 5032 MSTEE - ok
08:11:19.0522 5032 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys
08:11:19.0522 5032 Mup - ok
08:11:19.0522 5032 mvvideodemo - ok
08:11:19.0897 5032 MySQL (21eef976d53a0bcb603abff4ab6e4c88) C:\xampp\xampp\mysql\bin\mysqld.exe
08:11:19.0928 5032 MySQL - ok
08:11:20.0131 5032 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
08:11:20.0131 5032 NABTSFEC - ok
08:11:20.0178 5032 napagent (0102140028fad045756796e1c685d695) C:\WINDOWS\System32\qagentrt.dll
08:11:20.0178 5032 napagent - ok
08:11:20.0288 5032 NAV (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
08:11:20.0303 5032 NAV - ok
08:11:20.0584 5032 NAVENG (f11033730b38260b6892e837c457fb4b) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120515.024\NAVENG.SYS
08:11:20.0584 5032 NAVENG - ok
08:11:20.0709 5032 NAVEX15 (4e4e7c0259d3bb97de24a636c0e06aba) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\VirusDefs\20120515.024\NAVEX15.SYS
08:11:20.0709 5032 NAVEX15 - ok
08:11:20.0803 5032 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
08:11:20.0803 5032 NDIS - ok
08:11:20.0850 5032 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
08:11:20.0850 5032 NdisIP - ok
08:11:20.0881 5032 NdisTapi (0109c4f3850dfbab279542515386ae22) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
08:11:20.0881 5032 NdisTapi - ok
08:11:20.0897 5032 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
08:11:20.0897 5032 Ndisuio - ok
08:11:20.0897 5032 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
08:11:20.0897 5032 NdisWan - ok
08:11:20.0928 5032 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
08:11:20.0928 5032 NDProxy - ok
08:11:20.0944 5032 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
08:11:20.0944 5032 NetBIOS - ok
08:11:20.0959 5032 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
08:11:20.0959 5032 NetBT - ok
08:11:21.0022 5032 NetDDE (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:11:21.0022 5032 NetDDE - ok
08:11:21.0022 5032 NetDDEdsdm (b857ba82860d7ff85ae29b095645563b) C:\WINDOWS\system32\netdde.exe
08:11:21.0022 5032 NetDDEdsdm - ok
08:11:21.0053 5032 Netlogon (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:21.0053 5032 Netlogon - ok
08:11:21.0069 5032 Netman (13e67b55b3abd7bf3fe7aae5a0f9a9de) C:\WINDOWS\System32\netman.dll
08:11:21.0069 5032 Netman - ok
08:11:21.0209 5032 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
08:11:21.0209 5032 NetTcpPortSharing - ok
08:11:21.0241 5032 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
08:11:21.0241 5032 NIC1394 - ok
08:11:21.0288 5032 Nla (943337d786a56729263071623bbb9de5) C:\WINDOWS\System32\mswsock.dll
08:11:21.0288 5032 Nla - ok
08:11:21.0319 5032 nm (1e421a6bcf2203cc61b821ada9de878b) C:\WINDOWS\system32\DRIVERS\NMnt.sys
08:11:21.0319 5032 nm - ok
08:11:21.0350 5032 npf (b48dc6abcd3aeff8618350ccbdc6b09a) C:\WINDOWS\system32\drivers\npf.sys
08:11:21.0350 5032 npf - ok
08:11:21.0350 5032 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
08:11:21.0350 5032 Npfs - ok
08:11:21.0413 5032 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
08:11:21.0413 5032 Ntfs - ok
08:11:21.0428 5032 NtLmSsp (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:21.0428 5032 NtLmSsp - ok
08:11:21.0459 5032 NtmsSvc (156f64a3345bd23c600655fb4d10bc08) C:\WINDOWS\system32\ntmssvc.dll
08:11:21.0475 5032 NtmsSvc - ok
08:11:21.0491 5032 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
08:11:21.0491 5032 Null - ok
08:11:22.0178 5032 nv (0dc79b60cedc3a8854c27b3c6e4b3414) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
08:11:22.0272 5032 nv - ok
08:11:22.0428 5032 NVENETFD (22eedb34c4d7613a25b10c347c6c4c21) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
08:11:22.0428 5032 NVENETFD - ok
08:11:22.0444 5032 nvnetbus (5e3f6ad5cad0f12d3cccd06fd964087a) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
08:11:22.0444 5032 nvnetbus - ok
08:11:22.0491 5032 NVSvc (971b4344aba9b79ed0e9d0bb2a5283c1) C:\WINDOWS\system32\nvsvc32.exe
08:11:22.0491 5032 NVSvc - ok
08:11:22.0522 5032 NWCWorkstation (2c2fd0e6b0180f94c260dd26706aa5f4) C:\WINDOWS\System32\nwwks.dll
08:11:22.0522 5032 NWCWorkstation - ok
08:11:22.0538 5032 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
08:11:22.0553 5032 NwlnkFlt - ok
08:11:22.0569 5032 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
08:11:22.0569 5032 NwlnkFwd - ok
08:11:22.0584 5032 NwlnkIpx (8b8b1be2dba4025da6786c645f77f123) C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
08:11:22.0584 5032 NwlnkIpx - ok
08:11:22.0616 5032 NwlnkNb (56d34a67c05e94e16377c60609741ff8) C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
08:11:22.0616 5032 NwlnkNb - ok
08:11:22.0631 5032 NwlnkSpx (c0bb7d1615e1acbdc99757f6ceaf8cf0) C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
08:11:22.0631 5032 NwlnkSpx - ok
08:11:22.0647 5032 NWRDR (36b9b950e3d2e100970a48d8bad86740) C:\WINDOWS\system32\DRIVERS\nwrdr.sys
08:11:22.0647 5032 NWRDR - ok
08:11:22.0678 5032 NwSapAgent (4b83fcbbe72af5f99d109798653e8b78) C:\WINDOWS\System32\ipxsap.dll
08:11:22.0678 5032 NwSapAgent - ok
08:11:22.0866 5032 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:11:22.0866 5032 odserv - ok
08:11:22.0913 5032 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
08:11:22.0913 5032 ohci1394 - ok
08:11:22.0991 5032 OpenVPNService (d8a0164a79d4bfd6083945c5431e41e7) C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
08:11:22.0991 5032 OpenVPNService - ok
08:11:23.0022 5032 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:11:23.0038 5032 ose - ok
08:11:23.0069 5032 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
08:11:23.0069 5032 Parport - ok
08:11:23.0084 5032 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
08:11:23.0100 5032 PartMgr - ok
08:11:23.0131 5032 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
08:11:23.0147 5032 ParVdm - ok
08:11:23.0163 5032 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
08:11:23.0163 5032 PCI - ok
08:11:23.0178 5032 PCIDump - ok
08:11:23.0194 5032 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
08:11:23.0194 5032 PCIIde - ok
08:11:23.0209 5032 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
08:11:23.0209 5032 Pcmcia - ok
08:11:23.0225 5032 PDCOMP - ok
08:11:23.0225 5032 PDFRAME - ok
08:11:23.0241 5032 PDRELI - ok
08:11:23.0241 5032 PDRFRAME - ok
08:11:23.0256 5032 perc2 - ok
08:11:23.0256 5032 perc2hib - ok
08:11:23.0319 5032 PlugPlay (65df52f5b8b6e9bbd183505225c37315) C:\WINDOWS\system32\services.exe
08:11:23.0319 5032 PlugPlay - ok
08:11:23.0350 5032 Pml Driver HPZ12 (2d091a99624fb9e7eef0a86d872ec0c3) C:\WINDOWS\system32\HPZipm12.exe
08:11:23.0350 5032 Pml Driver HPZ12 - ok
08:11:23.0381 5032 PolarUSB (3f1110901da07cc428710460276e28a0) C:\WINDOWS\system32\DRIVERS\PolarUSB.sys
08:11:23.0381 5032 PolarUSB - ok
08:11:23.0413 5032 PolicyAgent (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:23.0413 5032 PolicyAgent - ok
08:11:23.0428 5032 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
08:11:23.0444 5032 PptpMiniport - ok
08:11:23.0475 5032 Processor (a32bebaf723557681bfc6bd93e98bd26) C:\WINDOWS\system32\DRIVERS\processr.sys
08:11:23.0475 5032 Processor - ok
08:11:23.0475 5032 ProtectedStorage (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:23.0475 5032 ProtectedStorage - ok
08:11:23.0506 5032 ProtexisLicensing (64e413ba0c529aa40c3924bbcc4153db) C:\WINDOWS\system32\PSIService.exe
08:11:23.0522 5032 ProtexisLicensing - ok
08:11:23.0538 5032 Ps2 (390c204ced3785609ab24e9c52054a84) C:\WINDOWS\system32\DRIVERS\PS2.sys
08:11:23.0538 5032 Ps2 - ok
08:11:23.0553 5032 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
08:11:23.0553 5032 PSched - ok
08:11:23.0553 5032 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
08:11:23.0553 5032 Ptilink - ok
08:11:23.0569 5032 ql1080 - ok
08:11:23.0569 5032 Ql10wnt - ok
08:11:23.0584 5032 ql12160 - ok
08:11:23.0584 5032 ql1240 - ok
08:11:23.0600 5032 ql1280 - ok
08:11:23.0600 5032 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
08:11:23.0600 5032 RasAcd - ok
08:11:23.0631 5032 RasAuto (ad188be7bdf94e8df4ca0a55c00a5073) C:\WINDOWS\System32\rasauto.dll
08:11:23.0631 5032 RasAuto - ok
08:11:23.0647 5032 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
08:11:23.0647 5032 Rasl2tp - ok
08:11:23.0678 5032 RasMan (76a9a3cbeadd68cc57cda5e1d7448235) C:\WINDOWS\System32\rasmans.dll
08:11:23.0678 5032 RasMan - ok
08:11:23.0709 5032 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
08:11:23.0709 5032 RasPppoe - ok
08:11:23.0709 5032 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
08:11:23.0709 5032 Raspti - ok
08:11:23.0725 5032 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
08:11:23.0725 5032 Rdbss - ok
08:11:23.0741 5032 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
08:11:23.0741 5032 RDPCDD - ok
08:11:23.0772 5032 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
08:11:23.0772 5032 rdpdr - ok
08:11:23.0803 5032 RDPWD (5b3055daa788bd688594d2f5981f2a83) C:\WINDOWS\system32\drivers\RDPWD.sys
08:11:23.0803 5032 RDPWD - ok
08:11:23.0834 5032 RDSessMgr (3c37bf86641bda977c3bf8a840f3b7fa) C:\WINDOWS\system32\sessmgr.exe
08:11:23.0834 5032 RDSessMgr - ok
08:11:23.0866 5032 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
08:11:23.0866 5032 redbook - ok
08:11:23.0897 5032 RemoteAccess (7e699ff5f59b5d9de5390e3c34c67cf5) C:\WINDOWS\System32\mprdim.dll
08:11:23.0897 5032 RemoteAccess - ok
08:11:23.0928 5032 RemoteRegistry (5b19b557b0c188210a56a6b699d90b8f) C:\WINDOWS\system32\regsvc.dll
08:11:23.0928 5032 RemoteRegistry - ok
08:11:23.0944 5032 RFCOMM (851c30df2807fcfa21e4c681a7d6440e) C:\WINDOWS\system32\DRIVERS\rfcomm.sys
08:11:23.0944 5032 RFCOMM - ok
08:11:24.0131 5032 RoxMediaDB12 (ff578453d3b3adaab22d7151d7f9e592) C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
08:11:24.0131 5032 RoxMediaDB12 - ok
08:11:24.0178 5032 RoxWatch12 (71b38b8df1a9b55fc0fb64958cc7b9dd) C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
08:11:24.0178 5032 RoxWatch12 - ok
08:11:24.0319 5032 RpcLocator (aaed593f84afa419bbae8572af87cf6a) C:\WINDOWS\system32\locator.exe
08:11:24.0319 5032 RpcLocator - ok
08:11:24.0397 5032 RpcSs (6b27a5c03dfb94b4245739065431322c) C:\WINDOWS\System32\rpcss.dll
08:11:24.0397 5032 RpcSs - ok
08:11:24.0475 5032 RsFx0105 (6a7360e36cbd636972aeef0dd292a946) C:\WINDOWS\system32\DRIVERS\RsFx0105.sys
08:11:24.0475 5032 RsFx0105 - ok
08:11:24.0522 5032 RSVP (471b3f9741d762abe75e9deea4787e47) C:\WINDOWS\system32\rsvp.exe
08:11:24.0522 5032 RSVP - ok
08:11:24.0569 5032 rtl8139 (d507c1400284176573224903819ffda3) C:\WINDOWS\system32\DRIVERS\RTL8139.SYS
08:11:24.0569 5032 rtl8139 - ok
08:11:24.0616 5032 rzp3011za (219e2f1afd02affa6c10764db249eaad) C:\WINDOWS\system32\drivers\zinstall_pod\rzp3011za.sys
08:11:24.0631 5032 rzp3011za - ok
08:11:24.0663 5032 rzp3502za (44cd76f892826d39cbd252f864535983) C:\WINDOWS\system32\drivers\zinstall_pod\rzp3502za.sys
08:11:24.0663 5032 rzp3502za - ok
08:11:24.0709 5032 SahdIa32 (0b2d5d2341437d7d7e1a6c7bbce3786a) C:\WINDOWS\system32\Drivers\SahdIa32.sys
08:11:24.0709 5032 SahdIa32 - ok
08:11:24.0725 5032 SaibIa32 (7a5f65b16249af2bc9d18d815f5d7172) C:\WINDOWS\system32\Drivers\SaibIa32.sys
08:11:24.0741 5032 SaibIa32 - ok
08:11:24.0756 5032 SaibVd32 (e333c9515822de586a3ff759a0c9b7bf) C:\WINDOWS\system32\Drivers\SaibVd32.sys
08:11:24.0756 5032 SaibVd32 - ok
08:11:24.0788 5032 SamSs (bf2466b3e18e970d8a976fb95fc1ca85) C:\WINDOWS\system32\lsass.exe
08:11:24.0788 5032 SamSs - ok
08:11:24.0928 5032 SASDIFSV - ok
08:11:24.0944 5032 SASKUTIL - ok
08:11:24.0975 5032 SCardSvr (86d007e7a654b9a71d1d7d856b104353) C:\WINDOWS\System32\SCardSvr.exe
08:11:24.0991 5032 SCardSvr - ok
08:11:25.0038 5032 Schedule (0a9a7365a1ca4319aa7c1d6cd8e4eafa) C:\WINDOWS\system32\schedsvc.dll
08:11:25.0038 5032 Schedule - ok
08:11:25.0100 5032 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
08:11:25.0100 5032 Secdrv - ok
08:11:25.0131 5032 seclogon (cbe612e2bb6a10e3563336191eda1250) C:\WINDOWS\System32\seclogon.dll
08:11:25.0131 5032 seclogon - ok
08:11:25.0147 5032 SENS (7fdd5d0684eca8c1f68b4d99d124dcd0) C:\WINDOWS\system32\sens.dll
08:11:25.0147 5032 SENS - ok
08:11:25.0178 5032 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys
08:11:25.0178 5032 Serial - ok
08:11:25.0225 5032 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
08:11:25.0225 5032 Sfloppy - ok
08:11:25.0272 5032 SharedAccess (83f41d0d89645d7235c051ab1d9523ac) C:\WINDOWS\System32\ipnathlp.dll
08:11:25.0272 5032 SharedAccess - ok
08:11:25.0303 5032 ShellHWDetection (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:25.0319 5032 ShellHWDetection - ok
08:11:25.0319 5032 Simbad - ok
08:11:25.0413 5032 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
08:11:25.0413 5032 SkypeUpdate - ok
08:11:25.0444 5032 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
08:11:25.0444 5032 SLIP - ok
08:11:25.0459 5032 Sparrow - ok
08:11:25.0475 5032 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
08:11:25.0475 5032 splitter - ok
08:11:25.0522 5032 Spooler (60784f891563fb1b767f70117fc2428f) C:\WINDOWS\system32\spoolsv.exe
08:11:25.0522 5032 Spooler - ok
08:11:25.0600 5032 sprtsvc_ddoctorv2 (c3716ec0d36ad924b6888d794563e647) C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
08:11:25.0600 5032 sprtsvc_ddoctorv2 - ok
08:11:25.0725 5032 SQLAgent$ADCENTERDESKTOP (a892134c28777978ecde8283dc57ac0f) C:\Program Files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE
08:11:25.0725 5032 SQLAgent$ADCENTERDESKTOP - ok
08:11:25.0819 5032 SQLBrowser (10d936dced9eacd1a1b3fcdda6d7a4eb) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
08:11:25.0819 5032 SQLBrowser - ok
08:11:25.0866 5032 SQLWriter (135cdccc167ef0c250125bbd3abe18d5) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
08:11:25.0866 5032 SQLWriter - ok
08:11:25.0913 5032 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
08:11:25.0913 5032 sr - ok
08:11:25.0959 5032 srservice (3805df0ac4296a34ba4bf93b346cc378) C:\WINDOWS\system32\srsvc.dll
08:11:25.0959 5032 srservice - ok
08:11:26.0069 5032 SRTSP (9dd258ee034afd36259cb7357e19d0b1) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SRTSP.SYS
08:11:26.0069 5032 SRTSP - ok
08:11:26.0100 5032 SRTSPX (0cc3a10f363436c7b478419eb73f8d91) C:\WINDOWS\system32\drivers\NAV\1307000.009\SRTSPX.SYS
08:11:26.0100 5032 SRTSPX - ok
08:11:26.0163 5032 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
08:11:26.0178 5032 Srv - ok
08:11:26.0209 5032 SSDPSRV (0a5679b3714edab99e357057ee88fca6) C:\WINDOWS\System32\ssdpsrv.dll
08:11:26.0225 5032 SSDPSRV - ok
08:11:26.0256 5032 stisvc (8bad69cbac032d4bbacfce0306174c30) C:\WINDOWS\system32\wiaservc.dll
08:11:26.0272 5032 stisvc - ok
08:11:26.0303 5032 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
08:11:26.0303 5032 streamip - ok
08:11:26.0350 5032 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
08:11:26.0350 5032 swenum - ok
08:11:26.0381 5032 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
08:11:26.0381 5032 swmidi - ok
08:11:26.0397 5032 SwPrv - ok
08:11:26.0413 5032 symc810 - ok
08:11:26.0428 5032 symc8xx - ok
08:11:26.0491 5032 SymDS (690fa0e61b90084c4d9a721bd4f3d779) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMDS.SYS
08:11:26.0491 5032 SymDS - ok
08:11:26.0569 5032 SymEFA (4e55148a2e044d02245cbcdbb266b98c) C:\WINDOWS\system32\drivers\NAV\1307000.009\SYMEFA.SYS
08:11:26.0584 5032 SymEFA - ok
08:11:26.0631 5032 SymEvent (555fb450fe6908600310e990738b41d6) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
08:11:26.0647 5032 SymEvent - ok
08:11:26.0678 5032 SymIRON (2c356cca706505cf63cbe39d532b9236) C:\WINDOWS\system32\drivers\NAV\1307000.009\Ironx86.SYS
08:11:26.0678 5032 SymIRON - ok
08:11:26.0725 5032 SYMTDI (508bd882040f9cb12319e3a4fc78edb9) C:\WINDOWS\System32\Drivers\NAV\1307000.009\SYMTDI.SYS
08:11:26.0741 5032 SYMTDI - ok
08:11:26.0756 5032 sym_hi - ok
08:11:26.0756 5032 sym_u3 - ok
08:11:26.0788 5032 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
08:11:26.0803 5032 sysaudio - ok
08:11:26.0819 5032 SysmonLog (c7abbc59b43274b1109df6b24d617051) C:\WINDOWS\system32\smlogsvc.exe
08:11:26.0819 5032 SysmonLog - ok
08:11:27.0131 5032 TabletServicePen (099aee120cac4a43ce307a828998392f) C:\WINDOWS\system32\Pen_Tablet.exe
08:11:27.0209 5032 TabletServicePen - ok
08:11:27.0397 5032 tap0901 (11d34fc869f5bda29949fe3858380894) C:\WINDOWS\system32\DRIVERS\tap0901.sys
08:11:27.0397 5032 tap0901 - ok
08:11:27.0413 5032 taphss (0c3b2a9c4bd2dd9a6c2e4084314dd719) C:\WINDOWS\system32\DRIVERS\taphss.sys
08:11:27.0413 5032 taphss - ok
08:11:27.0444 5032 TapiSrv (3cb78c17bb664637787c9a1c98f79c38) C:\WINDOWS\System32\tapisrv.dll
08:11:27.0444 5032 TapiSrv - ok
08:11:27.0491 5032 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
08:11:27.0491 5032 Tcpip - ok
08:11:27.0522 5032 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
08:11:27.0538 5032 TDPIPE - ok
08:11:27.0538 5032 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
08:11:27.0538 5032 TDTCP - ok
08:11:27.0803 5032 TeamViewer7 (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
08:11:27.0850 5032 TeamViewer7 - ok
08:11:27.0944 5032 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
08:11:27.0944 5032 TermDD - ok
08:11:27.0975 5032 TermService (ff3477c03be7201c294c35f684b3479f) C:\WINDOWS\System32\termsrv.dll
08:11:27.0991 5032 TermService - ok
08:11:28.0053 5032 Themes (99bc0b50f511924348be19c7c7313bbf) C:\WINDOWS\System32\shsvcs.dll
08:11:28.0053 5032 Themes - ok
08:11:28.0100 5032 TlntSvr (db7205804759ff62c34e3efd8a4cc76a) C:\WINDOWS\system32\tlntsvr.exe
08:11:28.0116 5032 TlntSvr - ok
08:11:28.0116 5032 TosIde - ok
08:11:28.0147 5032 TrkWks (55bca12f7f523d35ca3cb833c725f54e) C:\WINDOWS\system32\trkwks.dll
08:11:28.0147 5032 TrkWks - ok
08:11:28.0334 5032 TuneUp.UtilitiesSvc (a3f474966e0f4cd4b560186896966984) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
08:11:28.0350 5032 TuneUp.UtilitiesSvc - ok
08:11:28.0381 5032 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
08:11:28.0381 5032 TuneUpUtilitiesDrv - ok
08:11:28.0491 5032 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
08:11:28.0506 5032 Udfs - ok
08:11:28.0522 5032 ultra - ok
08:11:28.0584 5032 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
08:11:28.0584 5032 Update - ok
08:11:28.0631 5032 upnphost (1ebafeb9a3fbdc41b8d9c7f0f687ad91) C:\WINDOWS\System32\upnphost.dll
08:11:28.0647 5032 upnphost - ok
08:11:28.0663 5032 UPS (05365fb38fca1e98f7a566aaaf5d1815) C:\WINDOWS\System32\ups.exe
08:11:28.0663 5032 UPS - ok
08:11:28.0709 5032 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\WINDOWS\system32\Drivers\usbaapl.sys
08:11:28.0709 5032 USBAAPL - ok
08:11:28.0756 5032 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
08:11:28.0756 5032 usbaudio - ok
08:11:28.0788 5032 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
08:11:28.0788 5032 usbccgp - ok
08:11:28.0803 5032 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
08:11:28.0803 5032 usbehci - ok
08:11:28.0819 5032 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
08:11:28.0819 5032 usbhub - ok
08:11:28.0850 5032 usbohci (0daecce65366ea32b162f85f07c6753b) C:\WINDOWS\system32\DRIVERS\usbohci.sys
08:11:28.0850 5032 usbohci - ok
08:11:28.0881 5032 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
08:11:28.0881 5032 usbprint - ok
08:11:28.0897 5032 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
08:11:28.0897 5032 usbscan - ok
08:11:28.0913 5032 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
08:11:28.0913 5032 usbstor - ok
08:11:28.0944 5032 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
08:11:28.0944 5032 usbuhci - ok
08:11:28.0959 5032 UxTuneUp (d95e42d5030c3be3e6fcd984669479ee) C:\WINDOWS\System32\uxtuneup.dll
08:11:28.0975 5032 UxTuneUp - ok
08:11:29.0022 5032 VCR2PC (4c033d95d7f2b2ab20e901c81edc7c37) C:\WINDOWS\system32\DRIVERS\0140_ION.sys
08:11:29.0022 5032 VCR2PC - ok
08:11:29.0038 5032 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
08:11:29.0053 5032 VgaSave - ok
08:11:29.0053 5032 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
08:11:29.0053 5032 ViaIde - ok
08:11:29.0069 5032 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
08:11:29.0069 5032 VolSnap - ok
08:11:29.0100 5032 VSS (7a9db3a67c333bf0bd42e42b8596854b) C:\WINDOWS\System32\vssvc.exe
08:11:29.0100 5032 VSS - ok
08:11:29.0303 5032 vToolbarUpdater10.2.0 (3080f1f093869a19fb3d1f0226c73809) C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
08:11:29.0303 5032 vToolbarUpdater10.2.0 - ok
08:11:29.0475 5032 W32Time (54af4b1d5459500ef0937f6d33b1914f) C:\WINDOWS\system32\w32time.dll
08:11:29.0475 5032 W32Time - ok
08:11:29.0538 5032 wacmoumonitor (8724531219ae3f9e3729012b61dce527) C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
08:11:29.0538 5032 wacmoumonitor - ok
08:11:29.0584 5032 wacommousefilter (427a8bc96f16c40df81c2d2f4edd32dd) C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
08:11:29.0584 5032 wacommousefilter - ok
08:11:29.0616 5032 wacomvhid (51d580f30d1a1f2ea4965af6abc2bcb2) C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
08:11:29.0616 5032 wacomvhid - ok
08:11:29.0616 5032 WacomVKHid - ok
08:11:29.0647 5032 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
08:11:29.0663 5032 Wanarp - ok
08:11:29.0694 5032 WDC_SAM (d6efaf429fd30c5df613d220e344cce7) C:\WINDOWS\system32\DRIVERS\wdcsam.sys
08:11:29.0694 5032 WDC_SAM - ok
08:11:29.0756 5032 Wdf01000 (fd47474bd21794508af449d9d91af6e6) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
08:11:29.0772 5032 Wdf01000 - ok
08:11:29.0788 5032 WDICA - ok
08:11:29.0834 5032 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
08:11:29.0834 5032 wdmaud - ok
08:11:29.0866 5032 WebClient (77a354e28153ad2d5e120a5a8687bc06) C:\WINDOWS\System32\webclnt.dll
08:11:29.0866 5032 WebClient - ok
08:11:29.0928 5032 winachsx (11ec1afceb5c917ce73d3c301ff4291e) C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
08:11:29.0944 5032 winachsx - ok
08:11:30.0022 5032 winmgmt (2d0e4ed081963804ccc196a0929275b5) C:\WINDOWS\system32\wbem\WMIsvc.dll
08:11:30.0022 5032 winmgmt - ok
08:11:30.0116 5032 WinRM (18f347402da544a780949b8fdf83351b) C:\WINDOWS\system32\WsmSvc.dll
08:11:30.0131 5032 WinRM - ok
08:11:30.0381 5032 wlidsvc (5144ae67d60ec653f97ddf3feed29e77) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:11:30.0381 5032 wlidsvc - ok
08:11:30.0491 5032 WmdmPmSN (c51b4a5c05a5475708e3c81c7765b71d) C:\WINDOWS\system32\MsPMSNSv.dll
08:11:30.0491 5032 WmdmPmSN - ok
08:11:30.0553 5032 Wmi (e76f8807070ed04e7408a86d6d3a6137) C:\WINDOWS\System32\advapi32.dll
08:11:30.0553 5032 Wmi - ok
08:11:30.0584 5032 WmiApSrv (e0673f1106e62a68d2257e376079f821) C:\WINDOWS\system32\wbem\wmiapsrv.exe
08:11:30.0584 5032 WmiApSrv - ok
08:11:30.0678 5032 WMPNetworkSvc (f74e3d9a7fa9556c3bbb14d4e5e63d3b) C:\Program Files\Windows Media Player\WMPNetwk.exe
08:11:30.0678 5032 WMPNetworkSvc - ok
08:11:30.0850 5032 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
08:11:30.0866 5032 WPFFontCache_v0400 - ok
08:11:30.0944 5032 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
08:11:30.0944 5032 WS2IFSL - ok
08:11:30.0975 5032 wscsvc (7c278e6408d1dce642230c0585a854d5) C:\WINDOWS\system32\wscsvc.dll
08:11:30.0991 5032 wscsvc - ok
08:11:30.0991 5032 WSearch - ok
08:11:31.0038 5032 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
08:11:31.0038 5032 WSTCODEC - ok
08:11:31.0100 5032 WTouchService (77a3988cf9b5848bcbc9fb6a79508a56) C:\Program Files\WTouch\WTouchService.exe
08:11:31.0100 5032 WTouchService - ok
08:11:31.0116 5032 wuauserv (35321fb577cdc98ce3eb3a3eb9e4610a) C:\WINDOWS\system32\wuauserv.dll
08:11:31.0131 5032 wuauserv - ok
08:11:31.0163 5032 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
08:11:31.0163 5032 WudfPf - ok
08:11:31.0178 5032 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
08:11:31.0178 5032 WudfRd - ok
08:11:31.0194 5032 WudfSvc (05231c04253c5bc30b26cbaae680ed89) C:\WINDOWS\System32\WUDFSvc.dll
08:11:31.0194 5032 WudfSvc - ok
08:11:31.0241 5032 WZCSVC (81dc3f549f44b1c1fff022dec9ecf30b) C:\WINDOWS\System32\wzcsvc.dll
08:11:31.0256 5032 WZCSVC - ok
08:11:31.0288 5032 xmlprov (295d21f14c335b53cb8154e5b1f892b9) C:\WINDOWS\System32\xmlprov.dll
08:11:31.0288 5032 xmlprov - ok
08:11:31.0303 5032 ZInsDrv - ok
08:11:31.0897 5032 ZinstallHelperService (6a4443c5e2ab7d0d638598e9f76e9c02) C:\WINDOWS\system32\zinstall_pod\ZinstallHelperService.exe
08:11:31.0975 5032 ZinstallHelperService - ok
08:11:32.0053 5032 MBR (0x1B8) (d11c727e03bb7318dcda069b06e652f0) \Device\Harddisk0\DR0
08:11:32.0084 5032 \Device\Harddisk0\DR0 - ok
08:11:32.0100 5032 MBR (0x1B8) (d4025c2a18fd21559e84996e5b68d96b) \Device\Harddisk5\DR7
08:11:32.0100 5032 \Device\Harddisk5\DR7 - ok
08:11:32.0131 5032 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk6\DR13
08:11:32.0131 5032 \Device\Harddisk6\DR13 - ok
08:11:32.0131 5032 Boot (0x1200) (afdc87977c35c19d131570a5e6bf9062) \Device\Harddisk0\DR0\Partition0
08:11:32.0131 5032 \Device\Harddisk0\DR0\Partition0 - ok
08:11:32.0147 5032 Boot (0x1200) (fab8caad0ff897a5f507a096ba9ddfbd) \Device\Harddisk0\DR0\Partition1
08:11:32.0147 5032 \Device\Harddisk0\DR0\Partition1 - ok
08:11:32.0147 5032 Boot (0x1200) (e2e8c6086a86bb7a601aa24a264f5914) \Device\Harddisk5\DR7\Partition0
08:11:32.0147 5032 \Device\Harddisk5\DR7\Partition0 - ok
08:11:32.0147 5032 Boot (0x1200) (5de01fc41ea6e376fc07a791aac7c149) \Device\Harddisk6\DR13\Partition0
08:11:32.0163 5032 \Device\Harddisk6\DR13\Partition0 - ok
08:11:32.0163 5032 ============================================================
08:11:32.0163 5032 Scan finished
08:11:32.0163 5032 ============================================================
08:11:32.0178 3772 Detected object count: 0
08:11:32.0178 3772 Actual detected object count: 0
08:11:42.0178 1720 Deinitialize success

--------------------------------------------------------------------------------------------------------------------------------

aswMBR Log:


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-16 08:11:48
-----------------------------
08:11:48.928 OS Version: Windows 5.1.2600 Service Pack 3
08:11:48.928 Number of processors: 2 586 0x4B02
08:11:48.928 ComputerName: YOUR-4DACD0EA75 UserName:
08:11:50.366 Initialize success
08:16:59.413 AVAST engine defs: 12051600
08:17:55.491 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-5
08:17:55.491 Disk 0 Vendor: WDC_WD2000JS-60NCB1 10.02E02 Size: 190782MB BusType: 3
08:17:55.506 Disk 0 MBR read successfully
08:17:55.506 Disk 0 MBR scan
08:17:55.538 Disk 0 unknown MBR code
08:17:55.538 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 181711 MB offset 63
08:17:55.584 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 9060 MB offset 372161790
08:17:55.584 Disk 0 scanning sectors +390716865
08:17:55.663 Disk 0 scanning C:\WINDOWS\system32\drivers
08:18:07.053 Service scanning
08:18:46.678 Modules scanning
08:18:58.350 Disk 0 trace - called modules:
08:18:58.366 ntkrnlpa.exe CLASSPNP.SYS disk.sys SahdIa32.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
08:18:58.381 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b1e7ab8]
08:18:58.381 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> [0x8b1c19c0]
08:18:58.381 5 SahdIa32.sys[b8129939] -> nt!IofCallDriver -> \Device\00000099[0x8b187f18]
08:18:58.381 7 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-5[0x8b186940]
08:18:59.272 AVAST engine scan C:\WINDOWS
08:19:11.772 AVAST engine scan C:\WINDOWS\system32
08:21:55.116 File: C:\WINDOWS\system32\wshnetbsj.dll **INFECTED** Win32:Diller-DK [Trj]
08:26:01.897 AVAST engine scan C:\WINDOWS\system32\drivers
08:26:26.241 AVAST engine scan C:\Documents and Settings\HP_Administrator
09:11:52.319 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\MBR.dat"
09:11:52.319 The log file has been saved successfully to "C:\Documents and Settings\HP_Administrator\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 17 May 2012 - 12:02 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
File::
C:\WINDOWS\system32\wshnetbsj.dll 
RegNull::
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{518214B9-D6F1-2D7C-B100-EF5DA0B025D6}*]
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{87E16125-4CE2-5D3B-84E9-D5FB56346BB0}*]

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 17 May 2012 - 01:58 AM

Hi Gringo,

Here is the latest Combofix Log per your previous post.

You had also asked if there was anything else that needs to be addressed.

For the last 3-4 months I have been unable to install the latest Flash player for Internet Explorer. I was wondering if this might be caused by the current virus?

I had no problems running the script but my browsers continue to redirect through Rocketnews so their doesn't seem to be any change to the virus as of yet.

Thanks for your help.


Combofix Log:


ComboFix 12-05-15.04 - HP_Administrator 05/16/2012 23:47:40.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1906 [GMT -6:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\HP_Administrator\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Norton AntiVirus *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
.
FILE ::
"c:\windows\system32\wshnetbsj.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\HP_Administrator\Application Data\.#
c:\documents and settings\HP_Administrator\Local Settings\Temp\IadHide5.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-17 to 2012-05-17 )))))))))))))))))))))))))))))))
.
.
2012-05-17 01:28 . 2012-05-17 01:28 63115 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\USERTILE.JS
2012-05-17 01:28 . 2012-05-17 01:28 9310 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXTBOX.JS
2012-05-17 01:28 . 2012-05-17 01:28 8646 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TILEBOX.JS
2012-05-17 01:28 . 2012-05-17 01:28 8613 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\SAVEDUSER.JS
2012-05-17 01:28 . 2012-05-17 01:28 6429 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UICORE.JS
2012-05-17 01:28 . 2012-05-17 01:28 5927 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\TEXT.JS
2012-05-17 01:28 . 2012-05-17 01:28 4599 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\UIRESOURCE.JS
2012-05-17 01:28 . 2012-05-17 01:28 1651 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\QUERYSTRING.JS
2012-05-17 01:28 . 2012-05-17 01:28 6910 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\NEWUSERCOMM.JS
2012-05-17 01:28 . 2012-05-17 01:28 18541 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LOCALIZATION.JS
2012-05-17 01:28 . 2012-05-17 01:28 8288 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\IMAGE.JS
2012-05-17 01:28 . 2012-05-17 01:28 6208 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\LINK.JS
2012-05-17 01:27 . 2012-05-17 01:27 51852 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\EXTERNALWRAPPER.JS
2012-05-17 01:27 . 2012-05-17 01:27 8782 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\BUTTON.JS
2012-05-17 01:27 . 2012-05-17 01:27 7271 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\CHECKBOX.JS
2012-05-17 01:27 . 2012-05-17 01:27 23327 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\COMBOBOX.JS
2012-05-17 01:27 . 2012-05-17 01:27 20719 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\IdentityCRL\production\temp\wlidui_WLIDSVC\DIVWRAPPER.JS
2012-05-16 23:44 . 2012-05-16 23:44 -------- d-----w- c:\program files\PLR Training Dashboard
2012-05-15 06:36 . 2012-05-15 06:36 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AmazonMastermindDomainFinder
2012-05-15 06:36 . 2012-05-15 06:36 -------- d-----w- c:\program files\AmazonMastermindDomainFinder
2012-05-15 06:03 . 2012-05-15 06:03 -------- d-----w- c:\program files\AzSiteBuilder
2012-05-15 05:59 . 2012-05-15 05:59 -------- d-----w- c:\documents and settings\HP_Administrator\Longtail Domain Finder
2012-05-15 05:53 . 2012-05-15 05:55 -------- d-----w- c:\program files\AZC
2012-05-10 09:11 . 2012-05-10 09:11 8198 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2012-05-06 23:12 . 2012-05-06 23:12 -------- d-----w- c:\program files\Nichegenerator
2012-05-06 22:37 . 2012-05-06 22:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\CyberLink
2012-05-06 22:37 . 2012-05-06 22:47 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\DVDPlay
2012-05-06 20:49 . 2012-05-06 20:49 -------- d-----w- c:\documents and settings\All Users\Application Data\vsosdk
2012-05-06 20:42 . 2012-05-06 20:44 -------- d-----w- c:\documents and settings\All Users\Application Data\dvdfab
2012-05-06 20:39 . 2012-05-06 20:54 -------- d-----w- c:\program files\DVDFab 8 Qt
2012-05-06 04:34 . 2012-05-06 23:17 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 04:34 . 2012-05-06 23:17 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 15:56 . 2012-05-05 15:56 63488 ----a-w- c:\windows\system32\ZipDll.dll
2012-05-05 15:56 . 2012-05-05 15:56 54784 ----a-w- c:\windows\system32\UnzDll.dll
2012-05-05 04:29 . 2012-05-05 04:29 388096 ----a-r- c:\documents and settings\HP_Administrator\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-05 04:29 . 2012-05-05 04:29 -------- d-----w- c:\program files\Trend Micro
2012-05-03 06:55 . 2012-05-03 06:55 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\IMGoldMiner
2012-05-03 06:55 . 2012-05-03 06:55 -------- d-----w- c:\program files\IMGoldMiner
2012-05-03 06:37 . 2012-05-03 06:37 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\AmazonMoneyFinder
2012-05-03 06:37 . 2012-05-03 06:37 -------- d-----w- c:\program files\Amazon Money Finder
2012-05-03 02:24 . 2012-05-03 02:24 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DNAML
2012-05-03 02:24 . 2010-01-06 17:37 274432 ----a-w- c:\windows\system32\SkinX.dll
2012-05-03 02:24 . 2012-05-03 02:24 -------- d-----w- c:\program files\PDF2PageTurn
2012-05-03 02:07 . 2012-05-03 02:07 -------- d-----w- c:\program files\ePageWiz-Pro
2012-05-01 23:07 . 2012-05-01 23:07 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\GoogleGraphs
2012-05-01 23:05 . 2012-05-01 23:06 -------- d-----w- c:\program files\KeywordMapPro
2012-04-29 16:42 . 2012-04-29 16:42 -------- d-----w- c:\program files\ProcessDrivenResults
2012-04-29 07:03 . 2012-04-29 07:03 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Gibson
2012-04-28 09:50 . 2012-04-28 09:50 -------- d-----w- c:\program files\Market Samurai
2012-04-28 07:51 . 2012-05-17 05:43 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\ActiveWords 2.0
2012-04-28 07:45 . 2012-04-28 07:45 232912 ----a-w- c:\windows\ActiveWords Uninstaller.exe
2012-04-28 07:45 . 2012-04-28 07:45 -------- d-----w- c:\program files\Common Files\orangequava
2012-04-28 07:44 . 2012-04-28 07:51 -------- d-----w- c:\program files\ActiveWords
2012-04-28 06:27 . 2012-05-15 04:14 -------- d-----w- C:\Kindle Answers
2012-04-25 21:02 . 2012-04-25 21:02 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-25 06:52 . 2012-04-25 06:52 -------- d-----w- c:\program files\KeywordBlaze
2012-04-23 22:27 . 2012-05-05 19:19 -------- d-----w- c:\windows\system32\drivers\NAV\1307000.009
2012-04-23 03:32 . 2012-04-23 03:32 -------- d-----w- c:\program files\Intalev
2012-04-23 03:32 . 2012-04-23 03:32 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Intalev
2012-04-18 03:46 . 2012-04-18 03:46 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\com.sessionplannerpro.warriorsessionplannerpro
2012-04-18 03:45 . 2012-04-18 03:46 -------- d-----w- c:\program files\Limitless Projects
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-07 05:48 . 2011-02-04 22:08 911898 ----a-w- c:\windows\Hot Keyword Hunter Uninstaller.exe
2012-05-05 11:40 . 2011-12-19 02:56 4140192 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2012-04-30 05:02 . 2010-01-13 06:10 31728 ----a-w- c:\windows\dbrmdwb.exe
2012-04-30 05:02 . 2010-01-13 06:10 26 ----a-w- c:\windows\dbrmdwb.bat
2012-04-30 05:02 . 2010-01-13 06:10 2327704 ----a-w- c:\windows\dbplugin.ocx
2012-04-30 05:02 . 2010-01-13 06:10 2179072 ----a-w- c:\windows\npdbplug.dll
2012-04-28 10:30 . 2010-01-21 19:35 45056 ----a-w- c:\windows\NCUNINST.EXE
2012-04-25 05:37 . 2012-02-03 05:59 165653 ----a-w- c:\windows\TweeterNaire Uninstaller.exe
2012-04-13 04:34 . 2011-10-11 02:43 162783 ----a-w- c:\windows\TubeNaire RX Uninstaller.exe
2012-04-13 03:53 . 2011-06-18 22:16 8171008 ----a-w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\PowerLeadsProSetup.msi
2012-04-11 13:14 . 2004-08-10 11:00 2148352 ------w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2004-08-10 04:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2004-08-10 11:00 2026496 ------w- c:\windows\system32\ntkrnlpa.exe
2012-04-05 11:08 . 2012-03-30 11:50 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2012-04-05 11:08 . 2012-04-14 14:09 28992 ----a-w- c:\windows\system32\uxtuneup.dll
2012-03-25 06:04 . 2012-03-25 06:04 21504 ----a-w- c:\windows\jestertb.dll
2012-03-23 13:32 . 2012-03-08 02:58 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2012-03-23 13:32 . 2012-03-08 02:58 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2004-08-10 04:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-10 04:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-10 04:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2004-08-10 11:00 148480 ------w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-10 04:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-10 04:00 385024 ----a-w- c:\windows\system32\html.iec
2012-02-24 15:00 . 2011-12-19 02:57 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-02-24 07:28 . 2012-02-24 07:28 903887 ----a-w- c:\windows\Forum URL Scraper Software Uninstaller.exe
2012-02-19 11:56 . 2011-05-11 01:21 905247 ----a-w- c:\windows\Hot Proxy Spy 2.0 Uninstaller.exe
2012-02-19 08:31 . 2012-02-19 08:31 160541 ----a-w- c:\windows\TubeNaire DX Uninstaller.exe
2012-02-19 08:26 . 2012-02-03 05:36 160915 ----a-w- c:\windows\TubeNaire WX Uninstaller.exe
2012-02-19 08:25 . 2011-10-11 02:45 162880 ----a-w- c:\windows\TubeNaire MX Uninstaller.exe
2011-01-05 14:15 . 2011-01-05 14:15 9163464 ----a-w- c:\program files\Common Files\lpuninstall.exe
2005-08-27 21:26 . 2007-07-29 18:01 1581056 ----a-w- c:\program files\SAFlashPlayer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-16_05.27.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-17 06:28 . 2012-05-17 06:28 16384 c:\windows\Temp\Perflib_Perfdata_fa8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-03-12 23:21 1869152 ----a-w- c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll" [2012-03-12 1869152]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MmDesignPartner.exe"="c:\program files\Mindjet\MindManager 8\MmDesignPartner.exe" [2009-12-07 12640]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-30 109296]
"InstallIQUpdater"="c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe" [2010-07-07 1008128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe" [2009-07-24 240112]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-04-11 56080]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"ftutil2"="ftutil2.dll" [2004-06-07 106496]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"RTHDCPL"="RTHDCPL.EXE" [2011-12-05 20065384]
"Freecorder FLV Service"="c:\program files\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2012-02-10 15494464]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-09-06 40960]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-30 67584]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-12-12 722256]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-03-12 982880]
"ddoctorv2"="c:\program files\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"MMReminderService"="c:\program files\Mindjet\MindManager 8\MMReminderService.exe" [2009-12-07 38240]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2012-02-10 108352]
"KnowledgeGenerationEngine"="c:\cirilab\bin\themes\KGErun.exe" [2008-03-05 94208]
"MindsystemsAmode AlarmNotifier"="c:\program files\Mindsystems\Mindsystems Amode\AlarmManager.exe" [2011-03-24 2428928]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2005-02-16 221184]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2012-03-30 109296]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
ActiveWords.lnk - c:\program files\ActiveWords\AWMonitor.exe [2012-3-3 3321856]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
Stickies.lnk - c:\program files\stickies\stickies.exe [2010-3-3 1101824]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Install LastPass FF RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-1-5 9163464]
Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2011-1-5 9163464]
.
c:\documents and settings\UpdatusUser\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-1-17 692224]
Macro Express Pro.lnk - c:\program files\Macro Express Pro\MacExp.exe [2010-7-7 6515712]
Updates From HP.lnk - c:\program files\Updates from HP\9972322\Program\Updates from HP.exe [2006-7-31 36903]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-7-31 27136]
PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-7-31 27136]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-09-27 19:03 66328 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /r \??\m:\0autocheck autochk /r \??\l:\0autocheck autochk /r \??\L:\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SureThing Labelflash service"=3 (0x3)
"AntiSpywareService"=2 (0x2)
"XobniService"=2 (0x2)
"ITMRTSVC"=2 (0x2)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"PTT"="c:\program files\True Time Tracker\ttt.exe" silent
"SyncDocs"=c:\program files\Syncdocs\Syncdocs.exe
"DisplayFusion"="c:\program files\DisplayFusion\DisplayFusion.exe"
"TwitterSubmitter"=c:\program files\Toms Twitter\TomsTwitter.exe
"AppVodBurner"=c:\program files\VodBurner\vodburner.exe
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" /background
"PPWebCap"=c:\program files\ScanSoft\PaperPort\PPWebCap.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"DNS7reminder"="c:\program files\Nuance\NaturallySpeaking10\Ereg\Ereg.exe" -r "c:\documents and settings\All Users\Application Data\Nuance\NaturallySpeaking10\Ereg.ini
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
"Adobe_ID0ENQBO"=c:\progra~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
"PaperPort PTD"=c:\program files\ScanSoft\PaperPort\pptd40nt.exe
"ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
"CPMonitor"="c:\program files\Roxio 2010\5.0\CPMonitor.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"AppleSyncNotifier"=c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
"Simpleology 1.0"=c:\program files\Simpleology\simpleology Wimiki\simpleology Wimiki.exe
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
"InputDirector"="c:\program files\Input Director\InputDirector.exe" /hide
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"Desktop Disc Tool"="c:\program files\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe"
"CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
"Reminder"="c:\windows\Creator\Remind_XP.exe"
"AlwaysReady Power Message APP"=ARPWRMSG.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\svc]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Version Cue CS4\\Server\\bin\\VersionCueCS4.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Adobe\\Adobe Bridge CS4\\Bridge.exe"=
"c:\\Program Files\\Adobe\\Adobe Photoshop CS4\\Photoshop.exe"=
"c:\\Program Files\\Adobe\\Acrobat.com\\Acrobat.com.exe"=
"c:\\Program Files\\Adobe\\Adobe After Effects CS4\\Support Files\\AfterFX.exe"=
"c:\\Program Files\\Adobe\\Adobe Contribute CS4\\Contribute.exe"=
"c:\\Program Files\\Adobe\\Adobe Device Central CS4\\DeviceCentral.exe"=
"c:\\Program Files\\Adobe\\Adobe Dreamweaver CS4\\Dreamweaver.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe Drive CS4\\ConnectUI\\Adobe Drive CS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Encore CS4\\Adobe Encore.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\ExtendScript Toolkit CS4\\ExtendScript Toolkit.exe"=
"c:\\Program Files\\Adobe\\Adobe Extension Manager CS4\\Adobe Extension Manager CS4.exe"=
"c:\\Program Files\\Adobe\\Adobe Fireworks CS4\\Fireworks.exe"=
"c:\\Program Files\\Adobe\\Adobe Flash CS4\\Flash.exe"=
"c:\\Program Files\\Adobe\\Adobe Illustrator CS4\\Support Files\\Contents\\Windows\\Illustrator.exe"=
"c:\\Program Files\\Adobe\\Adobe InDesign CS4\\InDesign.exe"=
"c:\\Program Files\\Adobe\\Acrobat 9.0\\Designer 8.2\\FormDesigner.exe"=
"c:\\Program Files\\Adobe\\Adobe Media Encoder CS4\\Adobe Media Encoder.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\Adobe\\Adobe OnLocation CS4\\Adobe OnLocation.exe"=
"c:\\Program Files\\Adobe\\Adobe Utilities\\Pixel Bender Toolkit\\pixel_bender_toolkit.exe"=
"c:\\Program Files\\Adobe\\Adobe Premiere Pro CS4\\Adobe Premiere Pro.exe"=
"c:\\Program Files\\Adobe\\Adobe Soundbooth CS4\\Adobe Soundbooth CS4.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
"c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
"c:\\Program Files\\DiskTrix\\UltimateDefrag2008\\UDefrag.exe"=
"c:\\Program Files\\Input Director\\InputDirector.exe"=
"c:\\Program Files\\Input Director\\InputDirectorSessionHelper.exe"=
"c:\\Program Files\\Roxio 2010\\Venue\\Venue.exe"=
"c:\\Program Files\\CinemaNow\\CinemaNow Media Manager\\CinemaNowShell.exe"=
"c:\\CIRILab\\bin\\java\\jre1.5.0_14\\bin\\java.exe"=
"c:\\Program Files\\FeedDemon\\FeedDemon.exe"=
"c:\\Program Files\\BlogJet\\BlogJet.exe"=
"c:\\ArticleAnnouncer\\ArticleAnnouncer.exe"=
"c:\\Program Files\\Buyer Keywords Generator\\BuyerKeywordsGenerator.exe"=
"c:\\Program Files\\Advanced File Organizer\\aforg.exe"=
"c:\\ContentComposer\\ContentComposer.exe"=
"c:\\Program Files\\Mindsystems\\KnowledgeLink V5\\KnowledgeLink.exe"=
"c:\\Program Files\\BlogHatter\\BlogHatter.exe"=
"c:\\Program Files\\Common Files\\Thraex Software\\AutoUpdator\\AutoUpdator.exe"=
"c:\\Program Files\\BIAS\\BIAS Authorization Manager\\BIAS Authorization Manager.exe"=
"c:\\Program Files\\Boris FX, Inc\\Boris Graffiti 5.2\\Graffiti5 Keyframer.exe"=
"c:\\Program Files\\Common Files\\Sonic Shared\\Sonic Central\\Main\\Mediahub.exe"=
"c:\\Program Files\\Roxio 2010\\5.0\\CinePlayer.exe"=
"c:\\Program Files\\HP\\DVDPlay\\DVDPlay.exe"=
"c:\\Program Files\\Clickbank Marketplace Product Detective\\Marketplace.exe"=
"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=
"c:\\Program Files\\Image-Line\\FL Studio 6\\FL.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\FeedDemon\\FeedStation.exe"=
"c:\\Program Files\\EditPlus 3\\editplus.exe"=
"c:\\hp\\support\\HPSysInfo.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqthb08.exe"=
"c:\\Program Files\\Market Samurai\\Market Samurai.exe"=
"c:\\Program Files\\InfoFinderPro\\IFP3.exe"=
"c:\\Program Files\\Instant Article Wizard 2.0\\Instant Article Wizard.exe"=
"c:\\Program Files\\Mindsystems\\KLNotifier Add-in\\KLNotify.exe"=
"c:\\Program Files\\Black Obelisk Software\\Liquid Story Binder XE\\Liquid Story Binder XE.exe"=
"c:\\Program Files\\Studio V5\\MyLogoMaker\\MyLogo.exe"=
"c:\\Program Files\\SEO PowerSuite\\LinkAssistant\\bin\\linkassistant.exe"=
"c:\\Program Files\\Roxio 2010\\Creator Classic 12\\Creator12.exe"=
"c:\\Program Files\\LightZone 3\\LightZone.exe"=
"c:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WksCal.exe"=
"c:\\Program Files\\SEOLab Professional v2009\\SEOLab Professional\\seolab.exe"=
"c:\\Program Files\\Orwell Pro\\orwellpro.exe"=
"c:\\Program Files\\SEO PowerSuite\\Rank Tracker\\bin\\ranktracker.exe"=
"c:\\Program Files\\Studio V5\\MyLogoMaker\\Update.exe"=
"c:\\Program Files\\CartyStudios Corporation\\WebMagnates - Auto Blogging Software\\Auto Blogging.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\SAIG\\Surfulater\\Surfulater.exe"=
"c:\\Program Files\\Mitomjo\\IPA\\IdiotProofArticles.exe"=
"c:\\Program Files\\WebFerret\\WebFerret.exe"=
"c:\\Program Files\\Micro Niche Finder 5.0\\MicroNicheFinder.exe"=
"c:\\Program Files\\Namo\\WebEditor 2006\\bin\\WebEditor.exe"=
"c:\\Program Files\\Namo\\WebCanvas 2006\\bin\\WebCanvas.exe"=
"c:\\Program Files\\Gmaximus Mailer\\setup.exe"=
"c:\\Program Files\\IM Quick Ping\\IM Quick Ping.exe"=
"c:\\WINDOWS\\Installer\\{372C7477-C799-4804-953F-4C767FCFC942}\\_805C370EB17BFE60DE6A3A.exe"=
"c:\\xampp\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\CoffeeCup Software\\CoffeeCup Website Font\\CoffeeCup Website Font.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Adobe\\Dreamweaver CS4\\en_US\\Configuration\\Shared\\Virtuosoft\\ThemeDreamer\\tdExtension\\tdExtension.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Documents and Settings\\HP_Administrator\\Application Data\\Adobe\\Dreamweaver CS4\\en_US\\Configuration\\Shared\\Virtuosoft\\ThemeServer\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\LastPass\\lastpass.exe"=
"c:\\Program Files\\HMA! Pro VPN\\bin\\HMA! Pro VPN.exe"=
"c:\\Program Files\\Mindsystems\\Mindsystems Amode\\AlarmManager.exe"=
"c:\\Program Files\\BlogHatterPro\\BlogHatter.exe"=
"c:\\Program Files\\Article Architect\\Article Architect.exe"=
"c:\\Program Files\\Summitsoft\\LogoDesignStudio Pro\\LDSProVUpdater.exe"=
"c:\\Program Files\\Auction Maul\\auctionmaul.exe"=
"c:\\Program Files\\Click-N-Learn Media Centre\\Click-N-LearnMediaCentre.exe"=
"c:\\Program Files\\XSitePro2\\XspVersion1Converter.exe"=
"c:\\Program Files\\XSitePro2\\XSitePro2.exe"=
"c:\\Documents and Settings\\HP_Administrator\\My Documents\\My Pictures\\QuickCam\\3ivx\\3ivx MPEG-4 5.0.3\\3ivxConfig.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\WireframeSketcherStudio\\sketcher.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"c:\\xampplite\\mysql\\bin\\mysqld.exe"=
"c:\\Program Files\\iMarketing Soft\\Magic Site Cloner\\MagicSiteCloner.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Stealth Keyword Digger\\StealthKeywordDigger.exe"=
"c:\\Program Files\\Stealth Keyword Digger\\skd2.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Stephen Hawkins\\docmarketingrobot\\DocumentMarketingRobot.exe"=
"c:\\Program Files\\Stephen Hawkins\\docmarketingrobot\\PDFCreator.exe"=
"c:\\Program Files\\Stealth Keyword Competition Analyzer\\StealthKeywordCompetitionAnalyzer.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3703:TCP"= 3703:TCP:Adobe Version Cue CS4 Server
"3704:TCP"= 3704:TCP:Adobe Version Cue CS4 Server
"51000:TCP"= 51000:TCP:Adobe Version Cue CS4 Server
"51001:TCP"= 51001:TCP:Adobe Version Cue CS4 Server
"5985:TCP"= 5985:TCP:Windows Remote Management
"21:TCP"= 21:TCP:FTP Server
"20:TCP"= 20:TCP:FTP-Data
"59907:TCP"= 59907:TCP:Windows Core Service
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R0 SahdIa32;HDD Filter Driver;c:\windows\system32\drivers\SahdIa32.sys [1/12/2010 11:14 PM 21488]
R0 SaibIa32;Volume Filter Driver;c:\windows\system32\drivers\SaibIa32.sys [1/12/2010 11:14 PM 15856]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NAV\1307000.009\symds.sys [4/23/2012 4:27 PM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NAV\1307000.009\symefa.sys [4/23/2012 4:27 PM 905336]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\BASHDefs\20120507.001\BHDrvx86.sys [5/8/2012 2:51 PM 821880]
R1 ccSet_NAV;Norton AntiVirus Settings Manager;c:\windows\system32\drivers\NAV\1307000.009\ccsetx86.sys [4/23/2012 4:27 PM 132744]
R1 SaibVd32;Virtual Disk Driver;c:\windows\system32\drivers\SaibVd32.sys [1/12/2010 11:14 PM 25584]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NAV\1307000.009\ironx86.sys [4/23/2012 4:27 PM 149624]
R2 9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269;Roxio SAIB Service;c:\program files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe [6/2/2009 8:05 PM 457200]
R2 Apache2.2;Apache2.2;c:\xampp\xampp\apache\bin\httpd.exe [2/19/2010 11:33 PM 29416]
R2 InputDirector;Input Director Service;c:\program files\Input Director\IDWinService.exe [10/9/2009 4:52 AM 32768]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [12/18/2011 8:56 PM 12184]
R2 NAV;Norton AntiVirus;c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccsvchst.exe [4/23/2012 4:27 PM 138232]
R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 6:45 PM 35088]
R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [1/8/2010 10:20 PM 4497704]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [4/5/2012 5:08 AM 1529152]
R2 vToolbarUpdater10.2.0;vToolbarUpdater10.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe [3/12/2012 5:21 PM 918880]
R2 WTouchService;WTouch Service;c:\program files\WTouch\WTouchService.exe [1/8/2010 10:36 PM 113448]
R2 ZinstallHelperService;ZinstallHelperService;c:\windows\system32\zinstall_pod\ZinstallHelperService.exe [10/6/2010 5:09 PM 11245192]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [3/8/2012 2:55 AM 106104]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_19.5.1.2\Definitions\IPSDefs\20120516.001\IDSXpx86.sys [5/16/2012 7:44 PM 356792]
R3 rzp3011za;rzp3011za;c:\windows\system32\drivers\zinstall_pod\rzp3011za.sys [10/6/2010 11:14 AM 232648]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2/9/2012 1:16 PM 10064]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [1/8/2010 10:36 PM 16168]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
S1 SASDIFSV;SASDIFSV;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS --> c:\docume~1\HP_ADM~1\LOCALS~1\Temp\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate1ca90f4fb9587c2;Google Update Service (gupdate1ca90f4fb9587c2);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 12:28 AM 133104]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe [7/24/2009 9:33 AM 219632]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [8/15/2008 6:46 AM 284016]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [5/5/2012 10:34 PM 257696]
S3 awealloc;awealloc;c:\windows\system32\drivers\awealloc.sys [10/6/2010 11:14 AM 18504]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [1/9/2010 12:28 AM 133104]
S3 imdisk;imdisk;c:\windows\system32\drivers\imdisk.sys [10/6/2010 11:14 AM 46408]
S3 imdsksvc;imdsksvc;c:\windows\system32\imdsksvc.exe [10/6/2010 11:14 AM 21064]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 3:02 PM 129976]
S3 mvvideodemo;MaxiVista Virtual Video Demo;c:\windows\system32\DRIVERS\mvvideodemo.sys --> c:\windows\system32\DRIVERS\mvvideodemo.sys [?]
S3 RoxMediaDB12;RoxMediaDB12;c:\program files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe [7/24/2009 9:33 AM 1116656]
S3 rzp3502za;rzp3502za;c:\windows\system32\drivers\zinstall_pod\rzp3502za.sys [8/6/2011 10:23 AM 231960]
S3 VCR2PC;VCR2PC Analog Capture;c:\windows\system32\drivers\0140_ION.sys [12/13/2010 3:44 PM 281024]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/9/2004 10:00 PM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
S3 ZInsDrv;Zinstall Support Driver;\??\a:\zinstallex\x86\ZInsDrv.sys --> a:\zinstallex\x86\ZInsDrv.sys [?]
S4 CinemaNow Service;CinemaNow Service;c:\program files\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [12/16/2009 11:15 AM 129520]
S4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS --> c:\program files\Hotspot Shield\bin\hsswd.exe -product HSS [?]
S4 MSSQL$ADCENTERDESKTOP;SQL Server (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\sqlservr.exe [9/22/2011 6:18 PM 43028328]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [3/31/2009 2:44 AM 47128]
S4 RsFx0105;RsFx0105 Driver;c:\windows\system32\drivers\RsFx0105.sys [9/22/2011 6:10 PM 238696]
S4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/15/2012 2:30 PM 158856]
S4 SQLAgent$ADCENTERDESKTOP;SQL Server Agent (ADCENTERDESKTOP);c:\program files\Microsoft SQL Server\MSSQL10.ADCENTERDESKTOP\MSSQL\Binn\SQLAGENT.EXE [9/22/2011 6:17 PM 370024]
S4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [3/19/2012 5:38 AM 2666880]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 23:17]
.
2012-03-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 23:57]
.
2012-05-17 c:\windows\Tasks\BJMGB.job
- c:\windows\system32\wshnetbsj.dll [2012-02-29 17:34]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 06:28]
.
2012-05-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-09 06:28]
.
2012-05-16 c:\windows\Tasks\Roxio PhotoShow Updater.job
- c:\program files\Roxio\PhotoShow\auto_updater_shim.exe [2009-06-24 02:21]
.
2011-05-22 c:\windows\Tasks\TSmaker Updates.job
- c:\windows\Installer\TSmaker Updates for All Users.lnk [2010-03-07 01:19]
.
2012-03-30 c:\windows\Tasks\videopadShakeIcon.job
- c:\program files\NCH Software\VideoPad\videopad.exe [2010-12-31 05:41]
.
2012-05-17 c:\windows\Tasks\Windows Codec Update Service.job
- c:\program files\Essentials Codec Pack\WECPUpdate.exe [2011-07-14 08:31]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Evernote 4.0 - c:\program files\Evernote\Evernote\EvernoteIE.dll/204
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Surfulater: Add &new Article - c:\program files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML
IE: Surfulater: Add Article pl&us Page - c:\program files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML
IE: Surfulater: Attac&h Page to Article - c:\program files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML
IE: Surfulater: Book&mark this Page - c:\program files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML
IE: {{E5092D10-B990-4932-8667-7461041B3A32} - c:\documents and settings\HP_Administrator\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
LSP: c:\program files\HMA! Pro VPN\bin\ForceInterfaceLSP.dll
Trusted Zone: cinemanow.com
Trusted Zone: kuaiche.com\software
Trusted Zone: qflix.com
Trusted Zone: roxio.com
Trusted Zone: sonic.com\redirect
Trusted Zone: sonic.com\redirect2
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FF218E23-9FFE-4227-AE4A-C8333B34DE40}: NameServer = 10.26.56.1
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\qi7x7kb1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-17 00:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAV]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NAV\" /m \"c:\program files\Norton AntiVirus\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2602980324-691215079-551540490-1007\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:12,91,99,a9,eb,17,d5,8e,df,39,d9,b9,12,85,b8,6a,8c,e3,82,cb,c7,cb,d8,
a3,67,36,f2,e5,a7,fe,0d,38,07,03,ce,a4,54,6f,0c,57,61,09,0b,2e,9e,48,82,94,\
"??"=hex:cf,55,c7,95,2b,14,4d,f8,66,7b,0c,1b,19,52,fe,22
.
[HKEY_LOCAL_MACHINE\software\Classes\.sol]
@DACL=(02 0000)
@SACL=
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\.sor]
@DACL=(02 0000)
@SACL=
"Content Type"="text/plain"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:27,0f,44,8e,c4,1e,10,ee,45,ec,23,d6,6d,0d,d6,e8,5d,e0,29,f3,d0,
96,ba,34,df,a5,e5,13,3b,50,fa,b1,83,48,2a,ab,06,6a,73,4d,8a,3b,79,9e,b5,f6,\
.
[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:27,0f,44,8e,c4,1e,10,ee,45,ec,23,d6,6d,0d,d6,e8,5d,e0,29,f3,d0,
96,ba,34,df,a5,e5,13,3b,50,fa,b1,83,48,2a,ab,06,6a,73,4d,8a,3b,79,9e,b5,f6,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1308)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(5760)
c:\windows\system32\WININET.dll
c:\docume~1\HP_ADM~1\LOCALS~1\Temp\IadHide5.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
c:\windows\system32\rundll32.exe
c:\program files\WTouch\WTouchUser.exe
c:\program files\Logitech\SetPointP\LBTWiz.exe
c:\windows\system32\rundll32.exe
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\system32\RUNDLL32.EXE
c:\hp\KBD\KBD.EXE
c:\windows\arservice.exe
c:\windows\system32\astsrv.exe
c:\cirilab\bin\java\jre1.5.0_14\bin\java.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\xampp\xampp\FileZillaFTP\FileZilla server.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Input Director\InputDirectorSessionHelper.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\xampp\xampp\mysql\bin\mysqld.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system\hpsysdrv.exe
c:\windows\system32\WISPTIS.EXE
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\program files\DISC\DISCover.exe
c:\program files\DISC\DiscUpdMgr.exe
c:\windows\system32\WTablet\Pen_TabletUser.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\dllhost.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\program files\DISC\DiscStreamHub.exe
c:\program files\zabkat\xplorer2\xplorer2_UC.exe
.
**************************************************************************
.
Completion time: 2012-05-17 00:42:03 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-17 06:41
.
Pre-Run: 12,728,434,688 bytes free
Post-Run: 12,846,067,712 bytes free
.
- - End Of File - - 25682F450803CC47CF8ED88E9FF3C4FB

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 17 May 2012 - 03:23 AM

Blitzblank.

Download BlitzBlank and save it to your desktop. Open Blitzblank.exe

  • Click OK at the warning (and take note of it, this is a VERY powerful tool!).
  • Click the Script tab and copy/paste the following text there:
DeleteFile:
c:\windows\system32\wshnetbsj.dll
  • Click Execute Now. Your computer will need to reboot in order to replace the files.
  • When done, post me the report created by Blitzblank. you can find it at the root of the drive Normaly C:\

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 17 May 2012 - 08:59 AM

Hi Gringo,

My browsers seem to have stopped redirecting.

Here is the BlitzBlank Log:


BlitzBlank 1.0.0.32

File/Registry Modification Engine native application
MoveFileOnReboot: sourceFile = "\??\c:\windows\system32\wshnetbsj.dll", destinationFile = "(null)", replaceWithDummy = 0

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 17 May 2012 - 12:47 PM

These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (Revo does allot better of a job)

Programs to remove

Freecorder 5
Java™ 6 Update 16
Java™ 6 Update 22
Java™ 6 Update 30
Java™ 7 Update 3
JavaFX 2.0.3
McAfee Security Scan Plus
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.



Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 17 May 2012 - 10:30 PM

Hi Gringo,

Everything went smoothly. My browsers are no longer redirecting or crashing.

Please find the Malware Bytes and Hijack This Logs listed below

----------------------------------------------------------------------------------------


Malwarebytes Log:


Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.17.08

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: YOUR-4DACD0EA75 [administrator]

5/17/2012 4:29:20 PM
mbam-log-2012-05-17 (16-29-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 291455
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

-----------------------------------------------------------------------------------------------------------
Hijack This Log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:34:25 PM, on 5/17/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WTouch\WTouchService.exe
C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WTouch\WTouchUser.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files\Logitech\SetPointP\LBTWiz.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\AVG Secure Search\vprot.exe
C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\CIRILab\bin\themes\KGErun.exe
C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\astsrv.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
C:\Program Files\Input Director\IDWinService.exe
C:\CIRILab\bin\java\jre1.5.0_14\bin\java.exe
C:\Program Files\Input Director\InputDirectorSessionHelper.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Macro Express Pro\MacExp.exe
C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system\hpsysdrv.exe
C:\xampp\xampp\mysql\bin\mysqld.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
C:\xampp\xampp\apache\bin\httpd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DISC\DISCover.exe
C:\Program Files\DISC\DiscUpdMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DISC\DiscStreamHub.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\zinstall_pod\ZinstallHelperService.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Input Director\InputDirector.exe
C:\Program Files\Evernote\Evernote\Evernote.exe
C:\Program Files\Evernote\Evernote\EvernoteTray.exe
C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Program Files\zabkat\xplorer2\xplorer2_UC.exe
C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
C:\Program Files\Firefox\firefox.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: KeywordSpySEO Helper - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: Complitly - {0FB6A909-6086-458F-BD92-1F8EE10042A0} - C:\Documents and Settings\HP_Administrator\Application Data\Complitly\Complitly.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHOPopup - {5F9575C2-1AB4-4883-8505-5C6D0DFDF2D5} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: Context Organizer - {3A6B27A2-0B3A-4976-924E-E1BB68680E29} - C:\Program Files\Context Discovery Inc\Context Organizer\Context.CO-IE.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\WebFerret\FerretBand.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\10.2.0.3\AVG Secure Search_toolbar.dll
O3 - Toolbar: KeywordSpy™ SEO/PPC - {0AE831B0-427E-4D0A-BC88-4BA47E7471C3} - C:\Program Files\KeywordSpy SEOPPC Plug-in\KeywordSpySEO.dll
O3 - Toolbar: (no name) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - (no file)
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KnowledgeGenerationEngine] C:\CIRILab\bin\themes\KGErun.exe
O4 - HKLM\..\Run: [MindsystemsAmode AlarmNotifier] C:\Program Files\Mindsystems\Mindsystems Amode\AlarmManager.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [MmDesignPartner.exe] C:\Program Files\Mindjet\MindManager 8\MmDesignPartner.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
O4 - HKUS\S-1-5-18\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (User 'Default user')
O4 - S-1-5-18 Startup: ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe (User 'Default user')
O4 - .DEFAULT Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: ActiveWords.lnk = C:\Program Files\ActiveWords\AWMonitor.exe
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Macro Express Pro.lnk = C:\Program Files\Macro Express Pro\MacExp.exe
O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Show RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Surfulater: Add &new Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDTOSURFULATER.HTML
O8 - Extra context menu item: Surfulater: Add Article pl&us Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/SENDANDATTACHTOSURFULATER.HTML
O8 - Extra context menu item: Surfulater: Attac&h Page to Article - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/ATTACHTOSURFULATER.HTML
O8 - Extra context menu item: Surfulater: Book&mark this Page - res://C:\Program Files\SAIG\Surfulater\Surfulater.exe/BOOKMARKINSURFULATER.HTML
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 8\Mm8InternetExplorer.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Namo SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: BlogJet This! - {E5092D10-B990-4932-8667-7461041B3A32} - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra 'Tools' menuitem: BlogJet This! - {E5092D10-B990-4932-8667-7461041B3A32} - C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\DiFolders Software\BlogJet\blogthis.js
O9 - Extra button: Surfulater - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe (HKCU)
O9 - Extra 'Tools' menuitem: SAIG Surfula&ter - {A9B34036-3ED6-460a-9C59-696DC24C516F} - C:\Program Files\SAIG\Surfulater\Surfulater.exe (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\hma! pro vpn\bin\forceinterfacelsp.dll
O15 - Trusted Zone: http://*.cinemanow.com
O15 - Trusted Zone: http://software.kuaiche.com
O15 - Trusted Zone: http://*.qflix.com
O15 - Trusted Zone: http://*.roxio.com
O15 - Trusted Zone: http://redirect.sonic.com
O15 - Trusted Zone: http://redirect2.sonic.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FF218E23-9FFE-4227-AE4A-C8333B34DE40}: NameServer = 10.26.56.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.2.0\ViProtocol.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Roxio SAIB Service (9734BF6A-2DCD-40f0-BAB0-5AAFEEBE1269) - Unknown owner - C:\Program Files\Roxio\BackOnTrack\Disaster Recovery\SaibSVC.exe
O23 - Service: Adobe Version Cue CS4 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apache2.2 - Apache Software Foundation - C:\xampp\xampp\apache\bin\httpd.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\WINDOWS\system32\astsrv.exe
O23 - Service: FileZilla Server - FileZilla Project - C:\xampp\xampp\FileZillaFTP\FileZilla server.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1ca90f4fb9587c2) (gupdate1ca90f4fb9587c2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: imdsksvc - Olof Lagerkvist - C:\WINDOWS\system32\imdsksvc.exe
O23 - Service: Input Director Service (InputDirector) - Unknown owner - C:\Program Files\Input Director\IDWinService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MySQL - MySQL AB - C:\xampp\xampp\mysql\bin\mysqld.exe
O23 - Service: Norton AntiVirus (NAV) - Symantec Corporation - C:\Program Files\Norton AntiVirus\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\HMA! Pro VPN\bin\openvpnserv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RoxMediaDB12 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
O23 - Service: vToolbarUpdater10.2.0 - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.2.0\ToolbarUpdater.exe
O23 - Service: WTouch Service (WTouchService) - Wacom Technology, Corp. - C:\Program Files\WTouch\WTouchService.exe
O23 - Service: ZinstallHelperService - Zinstall.com - C:\WINDOWS\system32\zinstall_pod\ZinstallHelperService.exe

--
End of file - 23401 bytes

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:30 AM

Posted 17 May 2012 - 10:46 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\12.0\SharedCOM\RoxWatchTray12.exe"
      O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
      O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
      O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
      O4 - HKLM\..\Run: [ddoctorv2] "C:\Program Files\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
      O4 - HKLM\..\Run: [MMReminderService] C:\Program Files\Mindjet\MindManager 8\MMReminderService.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [InstallIQUpdater] "C:\Program Files\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
      O4 - S-1-5-18 Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'SYSTEM')
      O4 - S-1-5-18 Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe (User 'Default user')
      O4 - .DEFAULT Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe (User 'Default user')
      O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
      O4 - Startup: Stickies.lnk = C:\Program Files\stickies\stickies.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: Updates From HP.lnk = C:\Program Files\Updates from HP\9972322\Program\Updates from HP.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the ActiveX control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Click on copy to clipboard or copy and paste the results here in this topic

Copy and paste that log as a reply to this topic

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 PaulFaust

PaulFaust
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:30 AM

Posted 18 May 2012 - 10:31 AM

Hi Gringo,

I have removed all of the programs you suggested from the start-up menu and am now just waiting for the ESET Online Scanner to finish it's scan.

(The program is going to take quite a while to complete it's scan as I have a lot of files on my computer)

I will post back here when the scan is complete.

Thanks




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users