Songbreeze
-
Posts
11 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Songbreeze
-
-
Done!
These are the threats that it found:
C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero 9\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero BackItUp 4\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
C:\Users\Margaret\Downloads\Install Disks\nero 9\Nero MediaHome 4 Trial\unit_app_75\Toolbar.exe Win32/Toolbar.AskSBar application
-
I'm working on the scan right now (replying on my phone). It might take quite some time--the scan has been running for 11 hours and is only at 32%.
-
Hi!
I didn't actually have to install HijackThis, but it seemed to run fine. My computer seems to be ok right now.
The log from MBAM:
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org
Database version: v2012.01.02.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Margaret :: MARGARET-HP-DM4 [administrator]
1/2/2012 12:06:39 PM
mbam-log-2012-01-02 (12-06-39).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 176945
Time elapsed: 4 minute(s), 33 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
The report from HijackThis:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:46:35 AM, on 12/2/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\Margaret\Desktop\HijackThis.exe
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\IPSBHO.DLL
O2 - BHO: TSBHO Class - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coIEPlg.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
O4 - HKLM\..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} (Cisco AnyConnect Secure Mobility Client Web Control) - https://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\ASTSRV.EXE
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Identity Protection Technology Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
O23 - Service: NitroPDFExpressDriverCreatorReadSpool (NitroExpressDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Cisco AnyConnect Secure Mobility Agent (vpnagent) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 15350 bytes
-
Hi!
I'm being swamped with work right now that requires heavy computer use (sorry about the slow response!), but I am in the middle of following the steps.
Margaret
-
Sorry! I just got back from traveling last night and I didn't bring my laptop. Combofix still ran in Chinese and had the same messages about my antivirus, but I did disable it. It didn't have any issues as it ran though. My computer is doing fine as far as I can tell--I haven't seen a redirect yet.
ComboFix 12-11-20.02 - Margaret 4/2012 Sat 22:37:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.4146 [GMT -8:00]
執行位置: c:\users\Margaret\Desktop\ComboFix.exe
Command switches used :: c:\users\Margaret\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( 2012-10-25 至 2012-11-25 的新的檔案 )))))))))))))))))))))))))))))))
.
.
2012-11-25 06:48 . 2012-11-25 06:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-25 06:48 . 2012-11-25 06:48 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-18 07:37 . 2012-11-18 07:37 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-11-15 15:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 15:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 15:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 15:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 15:14 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 15:14 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 15:14 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 15:14 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 15:14 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 15:14 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 15:14 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-12 01:38 . 2012-11-12 01:38 -------- d-----w- c:\users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
2012-11-12 01:37 . 2012-11-16 08:20 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-11-12 01:37 . 2012-11-12 01:37 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 15:15 . 2011-11-06 05:56 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-09-30 02:54 . 2012-01-02 17:05 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-28 17:55 . 2012-09-28 17:55 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 17:54 . 2012-09-28 17:55 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 17:54 . 2012-02-01 01:27 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-09 20:06 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-09 20:06 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-08-31 18:19 . 2012-10-09 20:06 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-09 20:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-09 20:06 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-09 20:06 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*注意* 空白與合法缺省登錄將不會被顯示
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-16 5629312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]
"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-02-16 9520488]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-05-23 94864]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.30661.0.sys [2011-02-17 17408]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-18 36680]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-02-16 13936]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121123.001\IDSvia64.sys [2012-09-06 513184]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]
S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
S2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-07 324912]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-02-16 205424]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
‘計劃任務’ 文件夾 裡的內容
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001Core.job
- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]
.
2012-11-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001UA.job
- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]
.
2012-11-20 c:\windows\Tasks\HPCeeScheduleForMargaret.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]
"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
.
------- 而外的掃描 -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: purdue.edu\webvpn
TCP: DhcpNameServer = 192.168.2.1
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
完成時間: 2012-11-24 22:52:32
ComboFix-quarantined-files.txt 2012-11-25 06:52
ComboFix2.txt 2012-11-21 09:09
.
Pre-Run: 410,469,081,088 bytes free
Post-Run: 410,078,113,792 bytes free
.
- - End Of File - - 26FEA24F9B401B44A50A4553EB856A34
-
<p>I'm not entirely sure why, but Combofix ran in Chinese, so I can't really say what was going on other than I had some warnings about my antivirus pop up even though I had disabled it. The log is below, but some of the headings are in Chinese as well. I haven't been redirecting after this though.</p>
<p> </p>
<p> </p>
<div>ComboFix 12-11-20.02 - Margaret 1/2012 Wed 0:46.1.4 - x64</div>
<div>Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.3995 [GMT -8:00]</div>
<div>執行位置: c:\users\Margaret\Desktop\ComboFix.exe</div>
<div>AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}</div>
<div>FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}</div>
<div>SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}</div>
<div>SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((((( 被刪除的檔案 )))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>C:\Install.exe</div>
<div>c:\programdata\Roaming</div>
<div>c:\users\Margaret\Documents\~WRL0002.tmp</div>
<div>c:\users\Margaret\Documents\~WRL0005.tmp</div>
<div>c:\users\Margaret\Documents\~WRL0853.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1142.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1143.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1270.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1370.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1606.tmp</div>
<div>c:\users\Margaret\Documents\~WRL1725.tmp</div>
<div>c:\users\Margaret\Documents\~WRL2308.tmp</div>
<div>c:\users\Margaret\Documents\~WRL2359.tmp</div>
<div>c:\users\Margaret\Documents\~WRL2427.tmp</div>
<div>c:\users\Margaret\Documents\~WRL2788.tmp</div>
<div>c:\users\Margaret\Documents\~WRL3240.tmp</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((( 2012-10-21 至 2012-11-21 的新的檔案 )))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>2012-11-21 09:03 . 2012-11-21 09:03<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Default\AppData\Local\temp</div>
<div>2012-11-18 07:37 . 2012-11-18 07:37<span class="Apple-tab-span" style="white-space:pre"> </span>36680<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbamchameleon.sys</div>
<div>2012-11-15 15:22 . 2012-07-26 04:47<span class="Apple-tab-span" style="white-space:pre"> </span>2560<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\en-US\wdf01000.sys.mui</div>
<div>2012-11-15 15:22 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>785512<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\Wdf01000.sys</div>
<div>2012-11-15 15:22 . 2012-07-26 04:55<span class="Apple-tab-span" style="white-space:pre"> </span>54376<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WdfLdr.sys</div>
<div>2012-11-15 15:22 . 2012-07-26 02:36<span class="Apple-tab-span" style="white-space:pre"> </span>9728<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\Wdfres.dll</div>
<div>2012-11-15 15:14 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>87040<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFPf.sys</div>
<div>2012-11-15 15:14 . 2012-07-26 02:26<span class="Apple-tab-span" style="white-space:pre"> </span>198656<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\WUDFRd.sys</div>
<div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>229888<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFHost.exe</div>
<div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>84992<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFSvc.dll</div>
<div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>744448<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFx.dll</div>
<div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>45056<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFCoinstaller.dll</div>
<div>2012-11-15 15:14 . 2012-07-26 03:08<span class="Apple-tab-span" style="white-space:pre"> </span>194048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\WUDFPlatform.dll</div>
<div>2012-11-12 01:38 . 2012-11-12 01:38<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\users\Margaret\AppData\Roaming\SUPERAntiSpyware.com</div>
<div>2012-11-12 01:37 . 2012-11-16 08:20<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\program files\SUPERAntiSpyware</div>
<div>2012-11-12 01:37 . 2012-11-12 01:37<span class="Apple-tab-span" style="white-space:pre"> </span>--------<span class="Apple-tab-span" style="white-space:pre"> </span>d-----w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\programdata\SUPERAntiSpyware.com</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>(((((((((((((((((((((((((((((((((((((((( 在三個月內被修改的檔案 ))))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>2012-11-15 15:15 . 2011-11-06 05:56<span class="Apple-tab-span" style="white-space:pre"> </span>66395536<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\MRT.exe</div>
<div>2012-09-30 02:54 . 2012-01-02 17:05<span class="Apple-tab-span" style="white-space:pre"> </span>25928<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\mbam.sys</div>
<div>2012-09-28 17:55 . 2012-09-28 17:55<span class="Apple-tab-span" style="white-space:pre"> </span>95208<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\WindowsAccessBridge-32.dll</div>
<div>2012-09-28 17:54 . 2012-09-28 17:55<span class="Apple-tab-span" style="white-space:pre"> </span>821736<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\npDeployJava1.dll</div>
<div>2012-09-28 17:54 . 2012-02-01 01:27<span class="Apple-tab-span" style="white-space:pre"> </span>746984<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\deployJava1.dll</div>
<div>2012-09-14 19:19 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\tzres.dll</div>
<div>2012-09-14 18:28 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>2048<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\tzres.dll</div>
<div>2012-08-31 18:19 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>1659760<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\drivers\ntfs.sys</div>
<div>2012-08-30 18:03 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>5559664<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\ntoskrnl.exe</div>
<div>2012-08-30 17:12 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>3968880<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntkrnlpa.exe</div>
<div>2012-08-30 17:12 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>3914096<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\ntoskrnl.exe</div>
<div>2012-08-24 18:05 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>220160<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\system32\wintrust.dll</div>
<div>2012-08-24 16:57 . 2012-10-09 20:06<span class="Apple-tab-span" style="white-space:pre"> </span>172544<span class="Apple-tab-span" style="white-space:pre"> </span>----a-w-<span class="Apple-tab-span" style="white-space:pre"> </span>c:\windows\SysWow64\wintrust.dll</div>
<div>.</div>
<div>.</div>
<div>((((((((((((((((((((((((((((((((((((( 重要登入點 ))))))))))))))))))))))))))))))))))))))))))))))))))</div>
<div>.</div>
<div>.</div>
<div>*注意* 空白與合法缺省登錄將不會被顯示 </div>
<div>REGEDIT4</div>
<div>.</div>
<div>[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]</div>
<div>"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]</div>
<div>"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-16 5629312]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"HPQuickWebProxy"="c:\program files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe" [2011-06-28 168504]</div>
<div>"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2011-04-08 586808]</div>
<div>"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]</div>
<div>"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]</div>
<div>"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-06-13 336440]</div>
<div>"HP CoolSense"="c:\program files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe" [2011-05-31 1342008]</div>
<div>"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2011-05-23 522192]</div>
<div>"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]</div>
<div>"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]</div>
<div>"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]</div>
<div>"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-27 421736]</div>
<div>"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]</div>
<div>"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]</div>
<div>.</div>
<div>c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\</div>
<div>HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]</div>
<div>"ConsentPromptBehaviorAdmin"= 5 (0x5)</div>
<div>"ConsentPromptBehaviorUser"= 3 (0x3)</div>
<div>"EnableUIADesktopToggle"= 0 (0x0)</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]</div>
<div>@=""</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]</div>
<div>@="Driver"</div>
<div>.</div>
<div>R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]</div>
<div>R2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2011-02-16 9520488]</div>
<div>R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]</div>
<div>R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2011-05-23 94864]</div>
<div>R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]</div>
<div>R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-07-28 52584]</div>
<div>R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.5.30661.0.sys [2011-02-17 17408]</div>
<div>R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]</div>
<div>R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-05-17 34200]</div>
<div>R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-11-18 36680]</div>
<div>R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-05-02 340240]</div>
<div>R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-08-01 45416]</div>
<div>R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-03-25 337512]</div>
<div>R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]</div>
<div>R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]</div>
<div>R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]</div>
<div>R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]</div>
<div>R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]</div>
<div>R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]</div>
<div>R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-11-06 1255736]</div>
<div>R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]</div>
<div>S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2011-02-16 13936]</div>
<div>S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]</div>
<div>S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1109000.00C\SYMDS64.SYS [2009-10-15 433200]</div>
<div>S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1109000.00C\SYMEFA64.SYS [2011-08-22 221304]</div>
<div>S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]</div>
<div>S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NISx64\1109000.00C\ccHPx64.sys [2011-08-04 593544]</div>
<div>S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]</div>
<div>S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121120.001\IDSvia64.sys [2012-09-06 513184]</div>
<div>S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]</div>
<div>S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]</div>
<div>S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1109000.00C\Ironx64.SYS [2010-04-29 150064]</div>
<div>S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NISx64\1109000.00C\SYMTDIV.SYS [2011-08-22 451704]</div>
<div>S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-07-11 140672]</div>
<div>S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]</div>
<div>S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]</div>
<div>S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-05-06 263496]</div>
<div>S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]</div>
<div>S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]</div>
<div>S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]</div>
<div>S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-27 30520]</div>
<div>S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-04-08 26680]</div>
<div>S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-04-30 13592]</div>
<div>S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-03-08 2375168]</div>
<div>S2 jhi_service;Intel® Identity Protection Technology Host Interface Service;c:\program files (x86)\Intel\Services\IPT\jhi_service.exe [2011-02-24 212944]</div>
<div>S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]</div>
<div>S2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;c:\program files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-07 324912]</div>
<div>S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-02-22 2656280]</div>
<div>S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-05-23 465872]</div>
<div>S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]</div>
<div>S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2011-02-16 205424]</div>
<div>S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-09 138912]</div>
<div>S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]</div>
<div>S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-05-17 25496]</div>
<div>S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-03-23 77936]</div>
<div>.</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]</div>
<div>hpdevmgmt<span class="Apple-tab-span" style="white-space:pre"> </span>REG_MULTI_SZ <span class="Apple-tab-span" style="white-space:pre"> </span>hpqcxs08 hpqddsvc</div>
<div>.</div>
<div> ‘計劃任務’ 文件夾 裡的內容</div>
<div>.</div>
<div>2012-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001Core.job</div>
<div>- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]</div>
<div>.</div>
<div>2012-11-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3252702678-144079836-2530887271-1001UA.job</div>
<div>- c:\users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-04 16:26]</div>
<div>.</div>
<div>2012-11-20 c:\windows\Tasks\HPCeeScheduleForMargaret.job</div>
<div>- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]</div>
<div>.</div>
<div>.</div>
<div>--------- X64 Entries -----------</div>
<div>.</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]</div>
<div>"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]</div>
<div>"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 392472]</div>
<div>"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 416024]</div>
<div>"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-05-02 1935120]</div>
<div>"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]</div>
<div>"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2011-02-19 569200]</div>
<div>"SetDefault"="c:\program files\Hewlett-Packard\HP LaunchBox\SetDefault.exe" [2011-06-27 42808]</div>
<div>"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]</div>
<div>"TOSDOCKAPP"="c:\program files\TOSHIBA\dynadock_II\TosDockApp.exe" [2010-04-28 264568]</div>
<div>"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]</div>
<div>.</div>
<div>------- 而外的掃描 -------</div>
<div>.</div>
<div>uLocal Page = c:\windows\system32\blank.htm</div>
<div>mLocal Page = c:\windows\SysWOW64\blank.htm</div>
<div>uInternet Settings,ProxyOverride = *.local</div>
<div>IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204</div>
<div>IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000</div>
<div>IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105</div>
<div>Trusted Zone: purdue.edu\webvpn</div>
<div>TCP: DhcpNameServer = 192.168.2.1</div>
<div>DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab</div>
<div>.</div>
<div>- - - - ORPHANS REMOVED - - - -</div>
<div>.</div>
<div>Wow6432Node-HKLM-Run-<NO NAME> - (no file)</div>
<div>AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe</div>
<div>AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe</div>
<div>.</div>
<div>.</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]</div>
<div>"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"</div>
<div>.</div>
<div>--------------------- LOCKED REGISTRY KEYS ---------------------</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]</div>
<div>@Denied: (A 2) (Everyone)</div>
<div>@="FlashBroker"</div>
<div>"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]</div>
<div>"Enabled"=dword:00000001</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]</div>
<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]</div>
<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]</div>
<div>@Denied: (A 2) (Everyone)</div>
<div>@="Shockwave Flash Object"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>
<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"</div>
<div>"ThreadingModel"="Apartment"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]</div>
<div>@="0"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]</div>
<div>@="ShockwaveFlash.ShockwaveFlash.11"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>
<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]</div>
<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]</div>
<div>@="1.0"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>
<div>@="ShockwaveFlash.ShockwaveFlash"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]</div>
<div>@Denied: (A 2) (Everyone)</div>
<div>@="Macromedia Flash Factory Object"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]</div>
<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"</div>
<div>"ThreadingModel"="Apartment"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]</div>
<div>@="FlashFactory.FlashFactory.1"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]</div>
<div>@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]</div>
<div>@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]</div>
<div>@="1.0"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]</div>
<div>@="FlashFactory.FlashFactory"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]</div>
<div>@Denied: (A 2) (Everyone)</div>
<div>@="IFlashBroker4"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]</div>
<div>@="{00020424-0000-0000-C000-000000000046}"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]</div>
<div>@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"</div>
<div>"Version"="1.0"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]</div>
<div>@Denied: (A) (Everyone)</div>
<div>"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]</div>
<div>@Denied: (A) (Everyone)</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]</div>
<div>"Key"="ActionsPane3"</div>
<div>"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]</div>
<div>@Denied: (A) (Users)</div>
<div>@Denied: (A) (Everyone)</div>
<div>@Allowed: (B 1 2 3 4 5) (S-1-5-20)</div>
<div>"BlindDial"=dword:00000000</div>
<div>.</div>
<div>[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]</div>
<div>@Denied: (Full) (Everyone)</div>
<div>.</div>
<div>完成時間: 2012-11-21 01:09:33</div>
<div>ComboFix-quarantined-files.txt 2012-11-21 09:09</div>
<div>.</div>
<div>Pre-Run: 407,698,370,560 bytes free</div>
<div>Post-Run: 409,177,653,248 bytes free</div>
<div>.</div>
<div>- - End Of File - - BDA63701C053F210F89F6188058255BA</div>
<div> </div>
-
Report from RogueKiller:
RogueKiller V8.3.0 [Nov 18 2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Margaret [Admin rights]
Mode : Remove -- Date : 11/19/2012 01:07:11
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 4 ¤¤¤
[RUN][sUSP PATH] HKCU\[...]\Run : EPSON Stylus CX4800 Series (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SC308.tmp" /EF "HKCU") -> DELETED
[TASK][sUSP PATH] Update Check : C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater\HPSFUpdater.exe /s /p 1 -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: SAMSUNG HM641JI +++++
--- User ---
[MBR] 9e21dc005b3d4e5ddfc5da56b0973727
[bSP] ef89f0f7f6a9b2e7e5d78d9d5091ba84 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 199 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 584766 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1198010368 | Size: 21450 Mo
3 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 1241939968 | Size: 4063 Mo
User = LL1 ... OK!
User != LL2 ... KO!
--- LL2 ---
[MBR] c29b559c3a3ce5948b296025dd215ae5
[bSP] ef89f0f7f6a9b2e7e5d78d9d5091ba84 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 409600 | Size: 77824 Mo
1 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 Mo
2 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 Mo
3 - [XXXXXX] FAT16 (0x06) [VISIBLE] Offset (sectors): 172081152 | Size: 1000 Mo
Finished : << RKreport[2]_D_11192012_02d0107.txt >>
RKreport[1]_S_11192012_02d0105.txt ; RKreport[2]_D_11192012_02d0107.txt
As of right now, I haven't been redirected yet, but it's unpredictable so I'm not sure. I'll have to use the internet a bit more to be certain whether or not it's ok.
-
From AdwCleaner:
# AdwCleaner v2.008 - Logfile created 11/19/2012 at 00:41:42
# Updated 17/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Margaret - MARGARET-HP-DM4
# Boot Mode : Normal
# Running from : C:\Users\Margaret\Desktop\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
***** [Registry] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho
Key Deleted : HKLM\SOFTWARE\Classes\bhoclass.bho.bhoclass.bho.1.0
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Google Chrome v23.0.1271.64
File : C:\Users\Margaret\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[s1].txt - [1802 octets] - [19/11/2012 00:41:42]
########## EOF - C:\AdwCleaner[s1].txt - [1862 octets] ##########
-
Thank you for helping me! I have run Security Check and am going to work on the following steps now.
From Security Check:
Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.65.1.1000
Java 6 Update 30
Java 7 Update 7
Java version out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
Google Chrome 23.0.1271.64
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
-
Hi!
I'm not quite sure what's going on, but my internet redirects to a random ad or fake award type page and doesn't load the original page, but if I hit back and try again, it sometimes works. It doesn't seem to matter what website I'm on--I've had google, blogs, and news sites redirect, but blogs seem to be the most likely, and doesn't seem to have a reason. I ran a full scan with Malware Bytes, though, and it didn't find anything.
I've pasted my DDS log files below
Thanks!
Margaret
DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.7.2
Run by Margaret at 9:45:39 on 2012-11-18
Microsoft Windows 7 Home Premium 6.1.7601.1.950.886.1033.18.6092.3472 [GMT -8:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUserAgent.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\SysWOW64\ASTSRV.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files\DisplayLink Core Software\DisplayLinkUI.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar1.exe
C:\Program Files\Hewlett-Packard\HP LaunchBox\HPTaskBar2.exe
C:\Windows\System32\spool\drivers\x64\3\E_IATIADA.EXE
C:\Windows\System32\StikyNot.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Margaret\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\wbem\WmiApSrv.exe
C:\Users\Margaret\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
mWinlogon: Userinit = userinit.exe,
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ipsbho.dll
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\coieplg.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
uRun: [Google Update] "C:\Users\Margaret\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [EPSON Stylus CX4800 Series] C:\Windows\System32\spool\DRIVERS\x64\3\E_IATIADA.EXE /FU "C:\Windows\TEMP\E_SC308.tmp" /EF "HKCU"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [HPQuickWebProxy] "C:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey
mRun: [Cisco AnyConnect Secure Mobility Agent for Windows] "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Evernote 4.0 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://webvpn.purdue.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{B3244C77-682D-4DD2-BBC7-93844B7037A6} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{B3C38AF8-870F-42E3-9BB2-1322817FC96A} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA} : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\0796E656160707C65637 : DHCPNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\145734F6175756C65647 : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\16D6977757 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\2656C6B696E6E2834323 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\45F6077457E6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{D9554035-AC4D-48AD-87A4-BB49948F24AA}\74F6C64656E645275656 : DHCPNameServer = 128.107.241.185 12.127.16.68 12.127.17.71
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: TrueSuite Website Log On: {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
x64-Run: [setDefault] C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [TOSDOCKAPP] C:\Program Files\TOSHIBA\dynadock_II\TosDockApp.exe
x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - <orphaned>
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 dlkmdldr;dlkmdldr;C:\Windows\System32\drivers\dlkmdldr.sys [2011-11-20 13936]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-7-8 55856]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1109000.00C\symds64.sys [2012-1-7 433200]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1109000.00C\symefa64.sys [2012-1-7 221304]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\BASHDefs\20121106.001\BHDrvx64.sys [2012-10-23 1384608]
R1 ccHP;Symantec Hash Provider;C:\Windows\System32\drivers\NISx64\1109000.00C\cchpx64.sys [2012-1-7 593544]
R1 ctxusbm;Citrix USB Monitor Driver;C:\Windows\System32\drivers\ctxusbm.sys [2010-4-16 87600]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.5.0.127\Definitions\IPSDefs\20121116.001\IDSviA64.sys [2012-11-16 513184]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\ironx64.sys [2012-1-7 150064]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\System32\drivers\NISx64\1109000.00C\symtdiv.sys [2012-1-7 451704]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-9-20 89600]
R2 DisplayLinkService;DisplayLinkManager;C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [2011-2-16 9520488]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-5-5 263496]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-5-21 103992]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2011-5-27 30520]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2011-4-8 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-20 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-9-20 2375168]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-23 212944]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\17.9.0.12\ccsvchst.exe [2012-1-7 126400]
R2 NitroExpressDriverReadSpool;NitroPDFExpressDriverCreatorReadSpool;C:\Program Files\Common Files\Nitro PDF\Express\2.0\NitroPDFExpressDriverServicex64.exe [2009-10-6 324912]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-20 2656280]
R2 vpnagent;Cisco AnyConnect Secure Mobility Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2011-5-23 465872]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088]
R3 dlkmd;dlkmd;C:\Windows\System32\drivers\dlkmd.sys [2011-11-20 205424]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-10-15 317440]
R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-5-17 25496]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-3-23 77936]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S3 acsock;acsock;C:\Windows\System32\drivers\acsock64.sys [2011-5-23 94864]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 DisplayLinkUsbPort;DisplayLink USB Device;C:\Windows\System32\drivers\DisplayLinkUsbPort_5.5.30661.0.sys [2011-2-16 17408]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-5-17 34200]
S3 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2012-11-17 36680]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-5-2 340240]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-9-20 337512]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-6 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-11-18 07:37:37 36680 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2012-11-15 15:22:43 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2012-11-15 15:22:42 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-11-15 15:22:42 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-11-15 15:22:42 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-11-15 15:14:29 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-11-15 15:14:29 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-11-15 15:14:28 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-11-15 15:14:28 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-11-15 15:14:28 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-11-15 15:14:28 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-11-15 15:14:28 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-11-12 01:38:01 -------- d-----w- C:\Users\Margaret\AppData\Roaming\SUPERAntiSpyware.com
2012-11-12 01:37:51 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-11-12 01:37:51 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-11-02 16:50:57 -------- d-----w- C:\Users\Margaret\AppData\Local\{5680A53D-C8CC-4065-BA26-25019DC7DB55}
2012-10-24 19:27:15 -------- d-----w- C:\Users\Margaret\AppData\Local\{E308B700-86E2-4E86-8185-C71A7D85A24B}
.
==================== Find3M ====================
.
2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-30 02:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-09-28 17:55:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 17:54:58 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-09-28 17:54:58 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
.
============= FINISH: 9:46:50.49 ===============
Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 11/5/2011 9:00:50 PM
System Uptime: 11/18/2012 9:32:47 AM (0 hours ago)
.
Motherboard: Hewlett-Packard | | 1650
Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU1 | 792/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 571 GiB total, 372.458 GiB free.
D: is FIXED (NTFS) - 21 GiB total, 2.257 GiB free.
E: is FIXED (FAT32) - 4 GiB total, 1.082 GiB free.
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
PNP Device ID: ROOT\NET\0000
Service: vpnva
.
==== System Restore Points ===================
.
RP125: 9/26/2012 7:22:59 AM - Windows Modules Installer
RP126: 9/28/2012 10:54:22 AM - Installed Java 7 Update 7
RP127: 10/11/2012 7:07:02 AM - Windows Update
RP128: 10/11/2012 10:15:57 PM - Installed StuffIt Expander 2011.
RP129: 10/26/2012 2:27:53 PM - Removed StuffIt Expander 2011.
RP131: 11/15/2012 7:12:59 AM - Windows Modules Installer
.
==== Installed Programs ======================
.
"Nero SoundTrax Help
4500_G510gm_Help
4500G510gm
4500G510gm_Software_Min
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Photoshop Elements 9
Adobe Premiere Elements 9
Adobe Reader X MUI
Adobe Shockwave Player 11.5
Advertising Center
Agatha Christie - Peril at End House
ALPS Touch Pad Driver
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
AuthenTec TrueAPI
AX88772A & AX88772 Windows 7 Drivers
Bejeweled 3
Bing Bar
BlackBerry Desktop Software 6.1
Blackhawk Striker 2
Blasterball 3
Bonjour
Bounce Symphony
BufferChm
Cake Mania
calibre
Chronicles of Albian
Chuzzle Deluxe
Cisco AnyConnect Diagnostics and Reporting Tool
Cisco AnyConnect Secure Mobility Client
Cisco AnyConnect Secure Mobility Client
Citrix online plug-in - web
Citrix online plug-in (DV)
Citrix online plug-in (HDX)
Citrix online plug-in (USB)
Citrix online plug-in (Web)
Cradle of Rome 2
CyberLink YouCam
D3DX10
DataPilot 7
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
DisplayLink Core Software
DocMgr
DocProc
DolbyFiles
dynadock Utility_II
Elements 9 Organizer
Elements STI Installer
EPSON Printer Software
EPSON Scan
ESU for Microsoft Windows 7 SP1
Evernote v. 4.2.3
Farm Frenzy
FATE
Fax
Google Chrome
Google Talk Plugin
Governor of Poker 2 Premium Edition
GPBaseService2
Hewlett-Packard ACLM.NET v1.1.1.0
HP 3D DriveGuard
HP Client Services
HP CoolSense
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Document Manager 2.0
HP Documentation
HP Games
HP Imaging Device Functions 13.0
HP Launch Box
HP Officejet 4500 G510g-m
HP On Screen Display
HP Power Manager
HP Quick Launch
HP QuickWeb
HP Setup
HP Setup Manager
HP SimplePass 2011
HP Smart Web Printing 4.5
HP Software Framework
HP Solution Center 13.0
HP Support Assistant
HP Update
HPProductAssistant
HPSSupply
IDT Audio
ImagXpress
Intel PROSet Wireless
Intel® Control Center
Intel® Identity Protection Technology 1.1.2.0
Intel® Management Engine Components
Intel® Processor Graphics
Intel® PROSet/Wireless WiFi Software
Intel® Rapid Storage Technology
Intel® WiDi
Intel® Wireless Display
iTunes
Java 7 Update 7
Java Auto Updater
Java 6 Update 30
Jewel Quest: The Sleepless Star - Collector's Edition
Junk Mail filter update
MAGIX audio cleaning lab 10
MAGIX Media Manager 2004 silver
MAGIX music maker 2005 deLuxe
MAGIX music studio 2005 deLuxe
Mah Jong Medley
Malwarebytes Anti-Malware version 1.65.1.1000
MarketResearch
MATLAB R2011a
Menu Templates - Starter Kit
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft IntelliPoint 8.2
Microsoft Office 2010
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft XML Parser
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Movie Templates - Starter Kit
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mystery of Mortlake Mansion
Namco All-Stars: PAC-MAN
Nero 9
Nero BurningROM
Nero BurnRights
Nero ControlCenter
Nero CoverDesigner
Nero CoverDesigner Help
Nero Disc Copy Gadget
Nero Disc Copy Gadget Help
Nero DiscSpeed
Nero DriveSpeed
Nero Express
Nero InfoTool
Nero Installer
Nero Live
Nero Live Help
Nero PhotoSnap
Nero PhotoSnap Help
Nero Recode
Nero Recode Help
Nero Rescue Agent
Nero ShowTime
Nero StartSmart
Nero StartSmart Help
Nero Vision
Nero WaveEditor
Nero WaveEditor Help
NeroBurningROM
NeroExpress
neroxml
Network64
Nitro PDF Express
Norton Internet Security
OCR Software by I.R.I.S. 13.0
Penguins!
PL-2303 USB-to-Serial
Plants vs. Zombies - Game of the Year
Poker Superstars III
Polar Bowler
Polar Golfer
Realtek PCIE Card Reader
Recovery Manager
Scan
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition
Shop for HP Supplies
Skype 5.10
Slingo Supreme
SmartSound Quicktracks for Premiere Elements 9.0
SmartWebPrinting
SolutionCenter
SoundTrax
Status
SUPERAntiSpyware
Toolbox
TOSHIBA dynadock
TrayApp
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
Update Installer for WildTangent Games App
Vacation Quest - The Hawaiian Islands
Validity WBF DDK
VIP Access SDK (1.0.1.2)
Virtual Villagers 5 - New Believers
VLC media player 2.0.0
WebReg
WildTangent Games App (HP Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.20 beta 1 (64-bit)
Yahoo! Toolbar
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
11/18/2012 9:30:48 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:45:57 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
11/18/2012 1:45:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
11/18/2012 1:45:56 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
11/18/2012 1:45:49 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
11/18/2012 1:45:47 AM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
11/18/2012 1:45:43 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
11/18/2012 1:45:32 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BHDrvx64 ccHP ctxusbm discache eeCtrl IDSVia64 SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv Wanarpv6
11/17/2012 9:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
11/17/2012 9:51:20 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
11/17/2012 9:50:56 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BHDrvx64 ccHP ctxusbm DfsC discache eeCtrl IDSVia64 NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr SRTSPX SymIRON SYMTDIv tdx vwififlt Wanarpv6 WfpLwf
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 9:50:52 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
11/17/2012 11:32:04 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: After starting, the service hung in a start-pending state.
11/17/2012 11:32:03 PM, Error: Service Control Manager [7022] - The Intel® Rapid Storage Technology service hung on starting.
11/17/2012 11:31:03 PM, Error: Service Control Manager [7022] - The Function Discovery Provider Host service hung on starting.
11/17/2012 11:29:28 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Support Assistant Service service to connect.
11/17/2012 11:29:28 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/17/2012 11:28:57 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting.
11/17/2012 11:21:46 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
11/15/2012 6:35:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the DisplayLinkManager service to connect.
11/15/2012 6:35:56 PM, Error: Service Control Manager [7000] - The DisplayLinkManager service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
11/15/2012 4:55:22 PM, Error: Service Control Manager [7031] - The DisplayLinkManager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
11/15/2012 11:12:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the NIS service.
11/13/2012 9:45:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IconMan_R service.
.
==== End Of File ===========================
Random Website Redirect
in Resolved Malware Removal Logs
Posted
Thank you so much for your help! I assume if the OTCleanIt didn't remove adwcleaner and HijackThis, I should remove those as well?