Jump to content

Songbreeze

Members
 View Profile  See their activity

  • Posts

    11

  • Joined

  • Last visited

 Content Type 

Everything posted by Songbreeze

  1. Songbreeze
    Thank you so much for your help! I assume if the OTCleanIt didn't remove adwcleaner and HijackThis, I should remove those as well?
  2. Songbreeze
    Done! These are the threats that it found: C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero 9\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero BackItUp 4\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero MediaHome 4 Trial\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
  3. Songbreeze
    I'm working on the scan right now (replying on my phone). It might take quite some time--the scan has been running for 11 hours and is only at 32%.
  4. Songbreeze
    Hi! I didn't actually have to install HijackThis, but it seemed to run fine. My computer seems to be ok right now. The log from MBAM: Malwarebytes Anti-Malware 1.60.0.1800 www.malwarebytes.org Database version: v2012.01.02.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Margaret :: MARGARET-HP-DM4 [administrator] 1/2/2012 12:06:39 PM mbam-log-2012-01-02 (12-06-39).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 176945 Time elapsed: 4 minute(s), 33 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) The report from HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:46:35 AM, on 12/2/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Users\Margaret\Desktop\HijackThis.exe R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - ESC Trusted Zone: http://*.update.microsoft.com O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect Secure Mobility Client Web Control) - https://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\ASTSRV.EXE O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing) O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe O23 - Service: NitroPDFExpressDriverCreatorReadSpool (NitroExpressDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 15350 bytes
  5. Songbreeze
    Hi! I'm being swamped with work right now that requires heavy computer use (sorry about the slow response!), but I am in the middle of following the steps. Margaret
  6. Songbreeze
    Sorry! I just got back from traveling last night and I didn't bring my laptop. Combofix still ran in Chinese and had the same messages about my antivirus, but I did disable it. It didn't have any issues as it ran though. My computer is doing fine as far as I can tell--I haven't seen a redirect yet. ComboFix 12-11-20.02 - Margaret 4/2012 Sat 22:37:01.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.4146 [GMT -8:00] 執行位置: c:\users\Margaret\Desktop\ComboFix.exe Command switches used :: c:\users\Margaret\Desktop\CFScript.txt AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((( 2012-10-25 至 2012-11-25 的新的檔案 ))))))))))))))))))))))))))))))) . . 2012-11-25 06:48 . 2012-11-25 06:48 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-25 06:48 . 2012-11-25 06:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp 2012-11-18 07:37 . 2012-11-18 07:37 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-11-15 15:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 15:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 15:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 15:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 15:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 15:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 15:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 15:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 15:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 15:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 15:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-12 01:38 . 2012-11-12 01:38 -------- d-----w- c:\users\Margaret\AppData\Roaming\SUPERAntiSpyware.com 2012-11-12 01:37 . 2012-11-16 08:20 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-11-12 01:37 . 2012-11-12 01:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 15:15 . 2011-11-06 05:56 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-09-30 02:54 . 2012-01-02 17:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-28 17:55 . 2012-09-28 17:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-28 17:54 . 2012-09-28 17:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-28 17:54 . 2012-02-01 01:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-09 20:06 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-09 20:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-08-31 18:19 . 2012-10-09 20:06 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys 2012-08-30 18:03 . 2012-10-09 20:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-08-30 17:12 . 2012-10-09 20:06 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12 . 2012-10-09 20:06 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe . . ((((((((((((((((((((((((((((((((((((( 重要登入點 )))))))))))))))))))))))))))))))))))))))))))))))))) . . *注意* 空白與合法缺省登錄將不會被顯示 REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584] "TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-16 5629312] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440] "HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008] "Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192] "ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472] "RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-02-16 9520488] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-05-23 94864] R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560] R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584] R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.30661.0.sys [2011-02-17 17408] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200] R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-18 36680] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-02-16 13936] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856] S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200] S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304] S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608] S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544] S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600] S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064] S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672] S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408] S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600] S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992] S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592] S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168] S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944] S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400] S2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-07 324912] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280] S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-02-16 205424] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440] S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496] S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . ‘計劃任務’ 文件夾 裡的內容 . 2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001Core.job - c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26] . 2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001UA.job - c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26] . 2012-11-20 c:\windows\Tasks\HPCeeScheduleForMargaret.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472] "Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024] "IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200] "SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648] "TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032] . ------- 而外的掃描 ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: purdue.edu\webvpn TCP: DhcpNameServer = 192.168.2.1 DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS] "ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . 完成時間: 2012-11-24 22:52:32 ComboFix-quarantined-files.txt 2012-11-25 06:52 ComboFix2.txt 2012-11-21 09:09 . Pre-Run: 410,469,081,088 bytes free Post-Run: 410,078,113,792 bytes free . - - End Of File - - 26FEA24F9B401B44A50A4553EB856A34
  7. Songbreeze
    <p>I'm not entirely sure why, but Combofix ran in Chinese, so I can't really say what was going on other than I had some warnings about my antivirus pop up even though I had disabled it. The log is below, but some of the headings are in Chinese as well. I haven't been redirecting after this though.</p> <p> </p> <p> </p> <div>ComboFix 12-11-20.02 - Margaret 1/2012 Wed 0:46.1.4 - x64</div> <div>Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.3995 [GMT -8:00]</div> <div>執行位置: c:\users\Margaret\Desktop\ComboFix.exe</div> <div>AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div> <div>FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div> <div>SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div> <div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>C:\Install.exe</div> <div>c:\programdata\Roaming</div> <div>c:\users\Margaret\Documents\~WRL0002.tmp</div> <div>c:\users\Margaret\Documents\~WRL0005.tmp</div> <div>c:\users\Margaret\Documents\~WRL0853.tmp</div> <div>c:\users\Margaret\Documents\~WRL1142.tmp</div> <div>c:\users\Margaret\Documents\~WRL1143.tmp</div> <div>c:\users\Margaret\Documents\~WRL1270.tmp</div> <div>c:\users\Margaret\Documents\~WRL1370.tmp</div> <div>c:\users\Margaret\Documents\~WRL1606.tmp</div> <div>c:\users\Margaret\Documents\~WRL1725.tmp</div> <div>c:\users\Margaret\Documents\~WRL2308.tmp</div> <div>c:\users\Margaret\Documents\~WRL2359.tmp</div> <div>c:\users\Margaret\Documents\~WRL2427.tmp</div> <div>c:\users\Margaret\Documents\~WRL2788.tmp</div> <div>c:\users\Margaret\Documents\~WRL3240.tmp</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((( 2012-10-21 至 2012-11-21 的新的檔案 )))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>2012-11-21 09:03 . 2012-11-21 09:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div> <div>2012-11-18 07:37 . 2012-11-18 07:37<span class="Apple-tab-span" style="white-space:pre"> </span>36680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamchameleon.sys</div> <div>2012-11-15 15:22 . 2012-07-26 04:47<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\en-US\wdf01000.sys.mui</div> <div>2012-11-15 15:22 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Wdf01000.sys</div> <div>2012-11-15 15:22 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WdfLdr.sys</div> <div>2012-11-15 15:22 . 2012-07-26 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Wdfres.dll</div> <div>2012-11-15 15:14 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>87040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFPf.sys</div> <div>2012-11-15 15:14 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>198656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFRd.sys</div> <div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>229888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFHost.exe</div> <div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>84992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFSvc.dll</div> <div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>744448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFx.dll</div> <div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFCoinstaller.dll</div> <div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>194048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFPlatform.dll</div> <div>2012-11-12 01:38 . 2012-11-12 01:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Margaret\AppData\Roaming\SUPERAntiSpyware.com</div> <div>2012-11-12 01:37 . 2012-11-16 08:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div> <div>2012-11-12 01:37 . 2012-11-12 01:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div> <div>.</div> <div>.</div> <div>.</div> <div>(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>2012-11-15 15:15 . 2011-11-06 05:56<span class="Apple-tab-span" style="white-space:pre"> </span>66395536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div> <div>2012-09-30 02:54 . 2012-01-02 17:05<span class="Apple-tab-span" style="white-space:pre"> </span>25928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div> <div>2012-09-28 17:55 . 2012-09-28 17:55<span class="Apple-tab-span" style="white-space:pre"> </span>95208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\WindowsAccessBridge-32.dll</div> <div>2012-09-28 17:54 . 2012-09-28 17:55<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npDeployJava1.dll</div> <div>2012-09-28 17:54 . 2012-02-01 01:27<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div> <div>2012-09-14 19:19 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</div> <div>2012-09-14 18:28 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\tzres.dll</div> <div>2012-08-31 18:19 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>1659760<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ntfs.sys</div> <div>2012-08-30 18:03 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>5559664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div> <div>2012-08-30 17:12 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>3968880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntkrnlpa.exe</div> <div>2012-08-30 17:12 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>3914096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntoskrnl.exe</div> <div>2012-08-24 18:05 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>220160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div> <div>2012-08-24 16:57 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\wintrust.dll</div> <div>.</div> <div>.</div> <div>((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))</div> <div>.</div> <div>.</div> <div>*注意* 空白與合法缺省登錄將不會被顯示 </div> <div>REGEDIT4</div> <div>.</div> <div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]</div> <div>"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]</div> <div>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-16 5629312]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div> <div>"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]</div> <div>"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]</div> <div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]</div> <div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]</div> <div>"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]</div> <div>"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]</div> <div>"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]</div> <div>"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]</div> <div>"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]</div> <div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]</div> <div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]</div> <div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]</div> <div>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div> <div>.</div> <div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div> <div>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div> <div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div> <div>"ConsentPromptBehaviorUser"= 3 (0x3)</div> <div>"EnableUIADesktopToggle"= 0 (0x0)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div> <div>@=""</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div> <div>@="Driver"</div> <div>.</div> <div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div> <div>R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-02-16 9520488]</div> <div>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]</div> <div>R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-05-23 94864]</div> <div>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]</div> <div>R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]</div> <div>R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.30661.0.sys [2011-02-17 17408]</div> <div>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]</div> <div>R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]</div> <div>R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-18 36680]</div> <div>R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]</div> <div>R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]</div> <div>R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]</div> <div>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]</div> <div>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]</div> <div>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]</div> <div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]</div> <div>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]</div> <div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]</div> <div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736]</div> <div>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]</div> <div>S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-02-16 13936]</div> <div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]</div> <div>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200]</div> <div>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]</div> <div>S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]</div> <div>S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]</div> <div>S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]</div> <div>S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-09-06 513184]</div> <div>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]</div> <div>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]</div> <div>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]</div> <div>S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]</div> <div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]</div> <div>S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]</div> <div>S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]</div> <div>S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]</div> <div>S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]</div> <div>S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]</div> <div>S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]</div> <div>S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]</div> <div>S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]</div> <div>S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]</div> <div>S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]</div> <div>S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]</div> <div>S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]</div> <div>S2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-07 324912]</div> <div>S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]</div> <div>S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]</div> <div>S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]</div> <div>S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-02-16 205424]</div> <div>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]</div> <div>S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]</div> <div>S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]</div> <div>S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div> <div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div> <div>.</div> <div> ‘計劃任務’ 文件夾 裡的內容</div> <div>.</div> <div>2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001Core.job</div> <div>- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]</div> <div>.</div> <div>2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001UA.job</div> <div>- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]</div> <div>.</div> <div>2012-11-20 c:\windows\Tasks\HPCeeScheduleForMargaret.job</div> <div>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]</div> <div>.</div> <div>.</div> <div>--------- X64 Entries -----------</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div> <div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]</div> <div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]</div> <div>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]</div> <div>"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]</div> <div>"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]</div> <div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]</div> <div>"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]</div> <div>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]</div> <div>"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]</div> <div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]</div> <div>.</div> <div>------- 而外的掃描 -------</div> <div>.</div> <div>uLocal Page = c:\windows\system32\blank.htm</div> <div>mLocal Page = c:\windows\SysWOW64\blank.htm</div> <div>uInternet Settings,ProxyOverride = *.local</div> <div>IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204</div> <div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000</div> <div>IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105</div> <div>Trusted Zone: purdue.edu\webvpn</div> <div>TCP: DhcpNameServer = 192.168.2.1</div> <div>DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab</div> <div>.</div> <div>- - - - ORPHANS REMOVED - - - -</div> <div>.</div> <div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div> <div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div> <div>AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe</div> <div>.</div> <div>.</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]</div> <div>"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"</div> <div>.</div> <div>--------------------- LOCKED REGISTRY KEYS ---------------------</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="FlashBroker"</div> <div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div> <div>"Enabled"=dword:00000001</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Shockwave Flash Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div> <div>@="0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash.11"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="ShockwaveFlash.ShockwaveFlash"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="Macromedia Flash Factory Object"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"</div> <div>"ThreadingModel"="Apartment"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div> <div>@="FlashFactory.FlashFactory.1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div> <div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div> <div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div> <div>@="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div> <div>@="FlashFactory.FlashFactory"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div> <div>@Denied: (A 2) (Everyone)</div> <div>@="IFlashBroker4"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div> <div>@="{00020424-0000-0000-C000-000000000046}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div> <div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div> <div>"Version"="1.0"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</div> <div>@Denied: (A) (Everyone)</div> <div>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</div> <div>@Denied: (A) (Everyone)</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</div> <div>"Key"="ActionsPane3"</div> <div>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div> <div>@Denied: (A) (Users)</div> <div>@Denied: (A) (Everyone)</div> <div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div> <div>"BlindDial"=dword:00000000</div> <div>.</div> <div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div> <div>@Denied: (Full) (Everyone)</div> <div>.</div> <div>完成時間: 2012-11-21 01:09:33</div> <div>ComboFix-quarantined-files.txt 2012-11-21 09:09</div> <div>.</div> <div>Pre-Run: 407,698,370,560 bytes free</div> <div>Post-Run: 409,177,653,248 bytes free</div> <div>.</div> <div>- - End Of File - - BDA63701C053F210F89F6188058255BA</div> <div> </div>
  8. Songbreeze
    Report from RogueKiller: RogueKiller V8.3.0 [Nov 18 2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website: http://tigzy.geekstogo.com/roguekiller.php Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Margaret [Admin rights] Mode : Remove -- Date : 11/19/2012 01:07:11 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : EPSON Stylus CX4800 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SC308.tmp" /EF "HKCU") -> DELETED [TASK][sUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> DELETED [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: SAMSUNG HM641JI +++++ --- User --- [MBR] 9e21dc005b3d4e5ddfc5da56b0973727 [bSP] ef89f0f7f6a9b2e7e5d78d9d5091ba84 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo 3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] c29b559c3a3ce5948b296025dd215ae5 [bSP] ef89f0f7f6a9b2e7e5d78d9d5091ba84 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo 1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo 2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo 3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo Finished : << RKreport[2]_D_11192012_02d0107.txt >> RKreport[1]_S_11192012_02d0105.txt ; RKreport[2]_D_11192012_02d0107.txt As of right now, I haven't been redirected yet, but it's unpredictable so I'm not sure. I'll have to use the internet a bit more to be certain whether or not it's ok.
  9. Songbreeze
    From AdwCleaner: # AdwCleaner v2.008 - Logfile created 11/19/2012 at 00:41:42 # Updated 17/11/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Margaret - MARGARET-HP-DM4 # Boot Mode : Normal # Running from : C:\Users\Margaret\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\ProgramData\InstallMate Folder Deleted : C:\ProgramData\Premium ***** [Registry] ***** Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827} ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Google Chrome v23.0.1271.64 File : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[s1].txt - [1802 octets] - [19/11/2012 00:41:42] ########## EOF - C:\AdwCleaner[s1].txt - [1862 octets] ##########
  10. Songbreeze
    Thank you for helping me! I have run Security Check and am going to work on the following steps now. From Security Check: Results of screen317's Security Check version 0.99.54 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Internet Security WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 6 Update 30 Java 7 Update 7 Java version out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.92 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  11. Songbreeze
    Hi! I'm not quite sure what's going on, but my internet redirects to a random ad or fake award type page and doesn't load the original page, but if I hit back and try again, it sometimes works. It doesn't seem to matter what website I'm on--I've had google, blogs, and news sites redirect, but blogs seem to be the most likely, and doesn't seem to have a reason. I ran a full scan with Malware Bytes, though, and it didn't find anything. I've pasted my DDS log files below Thanks! Margaret DDS (Ver_2012-11-07.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2 Run by Margaret at 9:45:39 on 2012-11-18 Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.3472 [GMT -8:00] . AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202} FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe C:\Windows\System32\WUDFHost.exe C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k WbioSvcGroup C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Program Files\IDT\WDM\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Windows\SysWOW64\ASTSRV.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Apoint2K\Apoint.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe C:\Windows\System32\spool\drivers\x64\3\E_IATIADA.EXE C:\Windows\System32\StikyNot.exe C:\Windows\system32\taskeng.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe C:\Program Files (x86)\Citrix\ICA Client\concentr.exe C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Windows\servicing\TrustedInstaller.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Margaret\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\sysWOW64\wbem\wmiprvse.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\wbem\WmiApSrv.exe C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll mWinlogon: Userinit = userinit.exe, BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe uRun: [Google Update] "C:\Users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SC308.tmp" /EF "HKCU" uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{B3244C77-682D-4DD2-BBC7-93844B7037A6} : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{B3C38AF8-870F-42E3-9BB2-1322817FC96A} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\0796E656160707C65637 : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\145734F6175756C65647 : DHCPNameServer = 10.0.0.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\16D6977757 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\2656C6B696E6E2834323 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\45F6077457E6 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\74F6C64656E645275656 : DHCPNameServer = 128.107.241.185 12.127.16.68 12.127.17.71 Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned> x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2011-11-20 13936] R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-8 55856] R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2012-1-7 433200] R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2012-1-7 221304] R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608] R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2012-1-7 593544] R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600] R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121116.001\IDSviA64.sys [2012-11-16 513184] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2012-1-7 150064] R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2012-1-7 451704] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-20 89600] R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-2-16 9520488] R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-5 263496] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992] R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-20 13592] R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-20 2375168] R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944] R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-1-7 126400] R2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-6 324912] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-20 2656280] R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-5-23 465872] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2011-11-20 205424] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496] R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-23 77936] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-5-23 94864] S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560] S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_5.5.30661.0.sys [2011-2-16 17408] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200] S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-11-17 36680] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-20 337512] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-6 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-11-18 07:37:37 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-11-15 15:22:43 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 15:22:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 15:22:42 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 15:22:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 15:14:29 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 15:14:29 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 15:14:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 15:14:28 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 15:14:28 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 15:14:28 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 15:14:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-12 01:38:01 -------- d-----w- C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com 2012-11-12 01:37:51 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-11-12 01:37:51 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-11-02 16:50:57 -------- d-----w- C:\Users\Margaret\AppData\Local\{5680A53D-C8CC-4065-BA26-25019DC7DB55} 2012-10-24 19:27:15 -------- d-----w- C:\Users\Margaret\AppData\Local\{E308B700-86E2-4E86-8185-C71A7D85A24B} . ==================== Find3M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-28 17:55:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-09-28 17:54:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-09-28 17:54:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe . ============= FINISH: 9:46:50.49 =============== Attach: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-07.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 11/5/2011 9:00:50 PM System Uptime: 11/18/2012 9:32:47 AM (0 hours ago) . Motherboard: Hewlett-Packard | | 1650 Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 792/1333mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 571 GiB total, 372.458 GiB free. D: is FIXED (NTFS) - 21 GiB total, 2.257 GiB free. E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free. F: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 Device ID: ROOT\NET\0000 Manufacturer: Cisco Systems Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64 PNP Device ID: ROOT\NET\0000 Service: vpnva . ==== System Restore Points =================== . RP125: 9/26/2012 7:22:59 AM - Windows Modules Installer RP126: 9/28/2012 10:54:22 AM - Installed Java 7 Update 7 RP127: 10/11/2012 7:07:02 AM - Windows Update RP128: 10/11/2012 10:15:57 PM - Installed StuffIt Expander 2011. RP129: 10/26/2012 2:27:53 PM - Removed StuffIt Expander 2011. RP131: 11/15/2012 7:12:59 AM - Windows Modules Installer . ==== Installed Programs ====================== . "Nero SoundTrax Help 4500_G510gm_Help 4500G510gm 4500G510gm_Software_Min 64 Bit HP CIO Components Installer Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Photoshop Elements 9 Adobe Premiere Elements 9 Adobe Reader X MUI Adobe Shockwave Player 11.5 Advertising Center Agatha Christie - Peril at End House ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver AuthenTec TrueAPI AX88772A & AX88772 Windows 7 Drivers Bejeweled 3 Bing Bar BlackBerry Desktop Software 6.1 Blackhawk Striker 2 Blasterball 3 Bonjour Bounce Symphony BufferChm Cake Mania calibre Chronicles of Albian Chuzzle Deluxe Cisco AnyConnect Diagnostics and Reporting Tool Cisco AnyConnect Secure Mobility Client Cisco AnyConnect Secure Mobility Client Citrix online plug-in - web Citrix online plug-in (DV) Citrix online plug-in (HDX) Citrix online plug-in (USB) Citrix online plug-in (Web) Cradle of Rome 2 CyberLink YouCam D3DX10 DataPilot 7 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Destinations DeviceDiscovery DisplayLink Core Software DocMgr DocProc DolbyFiles dynadock Utility_II Elements 9 Organizer Elements STI Installer EPSON Printer Software EPSON Scan ESU for Microsoft Windows 7 SP1 Evernote v. 4.2.3 Farm Frenzy FATE Fax Google Chrome Google Talk Plugin Governor of Poker 2 Premium Edition GPBaseService2 Hewlett-Packard ACLM.NET v1.1.1.0 HP 3D DriveGuard HP Client Services HP CoolSense HP Customer Experience Enhancements HP Customer Participation Program 13.0 HP Document Manager 2.0 HP Documentation HP Games HP Imaging Device Functions 13.0 HP Launch Box HP Officejet 4500 G510g-m HP On Screen Display HP Power Manager HP Quick Launch HP QuickWeb HP Setup HP Setup Manager HP SimplePass 2011 HP Smart Web Printing 4.5 HP Software Framework HP Solution Center 13.0 HP Support Assistant HP Update HPProductAssistant HPSSupply IDT Audio ImagXpress Intel PROSet Wireless Intel® Control Center Intel® Identity Protection Technology 1.1.2.0 Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® WiDi Intel® Wireless Display iTunes Java 7 Update 7 Java Auto Updater Java 6 Update 30 Jewel Quest: The Sleepless Star - Collector's Edition Junk Mail filter update MAGIX audio cleaning lab 10 MAGIX Media Manager 2004 silver MAGIX music maker 2005 deLuxe MAGIX music studio 2005 deLuxe Mah Jong Medley Malwarebytes Anti-Malware version 1.65.1.1000 MarketResearch MATLAB R2011a Menu Templates - Starter Kit Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft IntelliPoint 8.2 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft XML Parser Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_CRT_x86 Movie Templates - Starter Kit MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery of Mortlake Mansion Namco All-Stars: PAC-MAN Nero 9 Nero BurningROM Nero BurnRights Nero ControlCenter Nero CoverDesigner Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DriveSpeed Nero Express Nero InfoTool Nero Installer Nero Live Nero Live Help Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode Help Nero Rescue Agent Nero ShowTime Nero StartSmart Nero StartSmart Help Nero Vision Nero WaveEditor Nero WaveEditor Help NeroBurningROM NeroExpress neroxml Network64 Nitro PDF Express Norton Internet Security OCR Software by I.R.I.S. 13.0 Penguins! PL-2303 USB-to-Serial Plants vs. Zombies - Game of the Year Poker Superstars III Polar Bowler Polar Golfer Realtek PCIE Card Reader Recovery Manager Scan Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Shop for HP Supplies Skype 5.10 Slingo Supreme SmartSound Quicktracks for Premiere Elements 9.0 SmartWebPrinting SolutionCenter SoundTrax Status SUPERAntiSpyware Toolbox TOSHIBA dynadock TrayApp Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Update Installer for WildTangent Games App Vacation Quest - The Hawaiian Islands Validity WBF DDK VIP Access SDK (1.0.1.2) Virtual Villagers 5 - New Believers VLC media player 2.0.0 WebReg WildTangent Games App (HP Games) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 beta 1 (64-bit) Yahoo! Toolbar Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 11/18/2012 9:30:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 11/18/2012 1:45:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 11/18/2012 1:45:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 11/18/2012 1:45:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 11/18/2012 1:45:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 11/18/2012 1:45:47 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21 11/18/2012 1:45:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 11/18/2012 1:45:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP ctxusbm discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6 11/17/2012 9:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 11/17/2012 9:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 11/17/2012 9:50:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 11/17/2012 11:32:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state. 11/17/2012 11:32:03 PM, Error: Service Control Manager [7022] - The Intel® Rapid Storage Technology service hung on starting. 11/17/2012 11:31:03 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting. 11/17/2012 11:29:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect. 11/17/2012 11:29:28 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/17/2012 11:28:57 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 11/17/2012 11:21:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 11/15/2012 6:35:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DisplayLinkManager service to connect. 11/15/2012 6:35:56 PM, Error: Service Control Manager [7000] - The DisplayLinkManager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 11/15/2012 4:55:22 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service. 11/15/2012 11:12:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service. 11/13/2012 9:45:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.