rysktkr
-
Posts
95 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by rysktkr
-
I reset my IE per above directions and even enabled deleting personal settings. I am still getting redirected. This does not happen in Firefox.
-
My IE is still opening other windows to random websites. All processes killed ========== OTL ========== HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully! HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\cleverreach.com\novastor\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\google-analytics.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ deleted successfully. Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\novastor.com\ not found. Registry key HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Administrator.MYPC ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 3026 bytes User: Mark ->Temp folder emptied: 219663870 bytes ->Temporary Internet Files folder emptied: 224197907 bytes ->Java cache emptied: 37045751 bytes ->FireFox cache emptied: 51339433 bytes ->Google Chrome cache emptied: 0 bytes ->Flash cache emptied: 60753811 bytes User: NeroMediaHomeUser.4 ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 560680883 bytes ->Java cache emptied: 185992 bytes ->Flash cache emptied: 68904 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 3952928 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes RecycleBin emptied: 117713595 bytes Total Files Cleaned = 1,217.00 mb OTL by OldTimer - Version 3.2.31.0 log created on 12132011_082002 Files\Folders moved on Reboot... File\Folder C:\Documents and Settings\Mark\Local Settings\Temp\Perflib_Perfdata_11c0.dat not found! C:\Documents and Settings\Mark\Local Settings\Temp\WCESLog.log moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\launch[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\topbuttons[1].xml moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\QADOZYLO\view[1].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\01[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\data_sync[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\iframe3[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\iframe3[2].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\HZLXV7XS\sponsor_livequotes;sym=NVDA;u=^^;sz=288x40;tile=1;ord=88065114[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\blank[1].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\controller[1].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\BWY54X0V\hub[1].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\aceUAC[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[2].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[3].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[4].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\like[5].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\B38I6THO\tech-stocks-hit-as-intel-warns-on-sales-2011-12-12[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\4455[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\likeCA4JPRAD.htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[10].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[11].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[2].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[3].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[4].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[5].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[6].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[7].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[8].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\like[9].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\ping[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\search[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\A2WCXKZG\st[1] moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\ext-render-secure[2].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\s-BiyweUPV0v-yRb-cjciFQlYEbsez9cZjKsNMjLOwM[1].eot moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\6LWTULWJ\yimapp[1].html moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\4FK2M1FY\st[1] moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\de[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\fc[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\index[1].php moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\login_status[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\markets_peekaboo;u=^^;sz=234x31;tile=1;ord=1111907664[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\re[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\re[2].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\st[1] moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=1;u=^^;sz=288x40;tile=10;ord=1111907664[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=2;u=^^;sz=288x40;tile=11;ord=1111907664[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=3;u=^^;sz=288x40;tile=12;ord=1111907664[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=4;u=^^;sz=288x40;tile=13;ord=1111907664[1].htm moved successfully. C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\2DSFSOEG\tech_column;pos=5;u=^^;sz=288x40;tile=14;ord=1111907664[1].htm moved successfully. Registry entries deleted on Reboot...
-
The OTL did not produce an Extra.txt file. I did a search using windows explorer and nothing was found. Here is OTL.txt file. OTL logfile created on: 12/12/2011 1:12:36 PM - Run 4 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Mark\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 3.50 Gb Total Physical Memory | 2.35 Gb Available Physical Memory | 67.28% Memory free 5.30 Gb Paging File | 4.19 Gb Available in Paging File | 79.18% Paging File free Paging file location(s): C:\pagefile.sys 2000 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 1863.01 Gb Total Space | 1204.95 Gb Free Space | 64.68% Space Free | Partition Type: NTFS Drive D: | 21.70 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF2.5 Drive F: | 465.75 Gb Total Space | 98.74 Gb Free Space | 21.20% Space Free | Partition Type: NTFS Drive G: | 298.09 Gb Total Space | 67.43 Gb Free Space | 22.62% Space Free | Partition Type: NTFS Drive I: | 698.64 Gb Total Space | 130.30 Gb Free Space | 18.65% Space Free | Partition Type: NTFS Computer Name: MYPC | User Name: Mark | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2011/12/12 13:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe PRC - [2011/12/11 15:56:18 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe PRC - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe PRC - [2011/06/24 09:41:56 | 015,900,672 | ---- | M] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe PRC - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe PRC - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe PRC - [2010/12/20 15:46:58 | 000,519,744 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe PRC - [2010/12/07 13:41:58 | 000,365,704 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe PRC - [2010/12/07 13:35:12 | 000,219,784 | ---- | M] (NovaStor) -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe PRC - [2010/11/17 20:29:22 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\Cyberlink\Shared files\brs.exe PRC - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe PRC - [2010/02/22 16:17:50 | 001,226,024 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe PRC - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Update\NASvc.exe PRC - [2010/02/02 23:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Cyberlink\PowerDVD10\PDVD10Serv.exe PRC - [2009/10/30 03:57:08 | 000,369,200 | ---- | M] (DT Soft Ltd) -- C:\util\DAEMON Tools Lite\DTLite.exe PRC - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe PRC - [2009/07/29 14:29:48 | 000,607,584 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe PRC - [2009/03/30 13:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe PRC - [2009/03/30 13:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe PRC - [2009/03/30 13:07:32 | 001,443,144 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe PRC - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe PRC - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2008/09/10 16:30:52 | 000,427,304 | ---- | M] (Nero AG) -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe PRC - [2008/05/30 06:48:12 | 001,990,656 | ---- | M] (StorageCraft Technology Corporation) -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe PRC - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2008/04/13 16:12:31 | 000,017,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ping.exe PRC - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2007/08/21 17:38:26 | 000,061,952 | ---- | M] (StorageCraft Technology Corporation) -- C:\WINDOWS\system32\vsnapvss.exe PRC - [2007/05/25 17:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\ramaint.exe PRC - [2007/04/05 12:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe PRC - [2006/07/19 09:00:00 | 000,036,961 | R--- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\V0230Mon.exe PRC - [2006/06/09 00:11:00 | 000,024,576 | ---- | M] (Creative Technology Ltd.) -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe ========== Modules (No Company Name) ========== MOD - [2011/12/11 09:01:13 | 000,114,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MOD - [2011/12/11 09:01:12 | 000,425,984 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2011/12/11 09:01:11 | 002,933,248 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2011/12/11 09:01:02 | 000,258,048 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MOD - [2011/12/11 09:01:00 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2011/12/11 09:00:58 | 000,261,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MOD - [2011/12/11 09:00:54 | 000,626,688 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2011/12/11 09:00:51 | 005,025,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2011/12/11 09:00:49 | 000,069,120 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011/09/23 14:10:48 | 000,409,960 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2011/09/23 14:10:47 | 000,476,520 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2011/09/23 14:10:45 | 000,046,952 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2011/09/23 14:10:45 | 000,023,912 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MOD - [2011/09/23 14:10:45 | 000,012,136 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MOD - [2011/09/23 14:10:44 | 000,421,224 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2011/09/23 14:10:44 | 000,269,672 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2011/09/23 14:10:44 | 000,018,792 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2011/09/23 14:10:43 | 000,121,704 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2011/09/23 14:10:43 | 000,120,168 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2011/09/23 14:10:43 | 000,070,504 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2011/05/04 23:02:44 | 000,355,432 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll MOD - [2011/05/04 23:02:42 | 001,558,120 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll MOD - [2010/12/07 13:44:24 | 002,440,328 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsAppRes409.dll MOD - [2010/12/07 13:41:28 | 000,108,168 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsSQLBackupRestore.dll MOD - [2010/12/07 13:35:28 | 000,014,336 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\WindowsEventLogWriter.dll MOD - [2010/12/07 13:32:28 | 000,172,680 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsEngineRes409.dll MOD - [2010/11/17 13:43:03 | 000,696,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\log4net\b148ea1e60af87aae04848909f5b19f2\log4net.ni.dll MOD - [2010/11/17 13:38:56 | 003,182,592 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2010/11/17 13:38:56 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/10/06 19:30:58 | 000,005,120 | ---- | M] () -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\throttle.dll MOD - [2010/08/31 18:30:10 | 000,854,016 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MOD - [2010/08/31 18:30:10 | 000,403,456 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/08/31 18:30:08 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/08/31 18:30:05 | 000,419,616 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/08/31 18:30:05 | 000,046,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/08/31 18:30:05 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/08/31 18:30:04 | 000,270,112 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/08/31 18:30:02 | 000,121,632 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/08/31 18:30:02 | 000,120,096 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/08/31 18:30:02 | 000,070,432 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/08/16 09:06:22 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b000cc703c9d95593b516bf2c2ec316\System.ServiceProcess.ni.dll MOD - [2010/08/16 09:06:16 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\bc1cf48ba7dc00f45d0e949c49ab677a\System.Management.ni.dll MOD - [2010/08/16 09:05:26 | 000,220,672 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\12ae6f3635448471fc9f7d8bfe39c67d\CustomMarshalers.ni.dll MOD - [2010/08/16 09:05:23 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\ab688d0f9f333ba117832726bfb589c1\System.Configuration.ni.dll MOD - [2010/08/16 08:07:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\a6dbe24cbfe3ab6b318ed3095cc572d8\System.Xml.ni.dll MOD - [2010/08/16 07:42:25 | 007,949,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\08ffa4d388d5f007869aa7651c458e7c\System.ni.dll MOD - [2010/08/16 07:42:17 | 011,490,816 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\7bffd7ff2009f421fe5d229927588496\mscorlib.ni.dll MOD - [2010/06/01 09:17:46 | 000,929,792 | ---- | M] () -- C:\Program Files\Yahoo!\Messenger\yui.dll MOD - [2010/02/20 09:42:49 | 001,058,304 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MOD - [2010/02/20 09:42:48 | 000,471,040 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MOD - [2010/02/20 09:42:47 | 000,047,392 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MOD - [2010/02/20 09:42:47 | 000,018,720 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MOD - [2010/02/20 09:42:46 | 000,402,208 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MOD - [2010/02/20 09:42:46 | 000,238,368 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MOD - [2010/02/20 09:42:46 | 000,120,608 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MOD - [2010/02/20 09:42:45 | 000,130,848 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MOD - [2010/02/20 09:42:45 | 000,072,992 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MOD - [2010/02/20 09:36:17 | 000,755,712 | ---- | M] () -- C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MOD - [2010/02/20 09:36:16 | 000,270,336 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MOD - [2010/02/20 09:36:15 | 000,458,752 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MOD - [2010/02/20 09:36:15 | 000,045,056 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MOD - [2010/02/20 09:36:14 | 000,073,728 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MOD - [2010/02/20 09:36:14 | 000,065,536 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MOD - [2009/08/16 17:06:02 | 000,141,312 | ---- | M] () -- C:\util\WinRAR\RarExt.dll MOD - [2009/07/29 14:28:46 | 002,854,976 | ---- | M] () -- C:\WINDOWS\system32\btwicons.dll MOD - [2009/07/29 14:26:46 | 000,069,697 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll MOD - [2009/06/17 10:40:16 | 007,745,536 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtGui4.dll MOD - [2009/06/17 10:40:16 | 002,121,728 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\QtCore4.dll MOD - [2009/06/17 10:40:16 | 000,135,168 | ---- | M] () -- C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll MOD - [2009/03/27 17:05:14 | 000,190,976 | ---- | M] () -- C:\WINDOWS\system32\WgaLogon.dll MOD - [2009/01/10 14:15:44 | 000,159,744 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mmfinfo.dll MOD - [2009/01/10 14:14:06 | 000,023,552 | ---- | M] () -- C:\Program Files\Haali\MatroskaSplitter\mkunicode.dll MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll MOD - [2008/06/20 08:02:47 | 000,245,248 | ---- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll MOD - [2006/06/09 15:48:52 | 000,253,952 | ---- | M] () -- C:\Program Files\Creative\Creative Live! Cam\VideoFX\EyeCatcherEx.dll MOD - [2001/06/29 17:38:20 | 000,712,751 | ---- | M] () -- C:\Program Files\Adobe\Photoshop 7.0\Asn.er.dll ========== Win32 Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- -- (StorageCraft Image Manager32) SRV - [2011/12/11 15:56:18 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2011/11/25 09:52:34 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2011/10/28 18:20:16 | 000,286,736 | ---- | M] (Verizon) [Auto | Running] -- C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe -- (IHA_MessageCenter) SRV - [2011/02/01 04:54:46 | 000,185,640 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\tgsrvc.exe -- (tgsrvc_verizondm) SupportSoft Repair Service (verizondm) SRV - [2011/02/01 04:54:42 | 000,206,120 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\VERIZONDM\bin\sprtsvc.exe -- (sprtsvc_verizondm) SupportSoft Sprocket Service (verizondm) SRV - [2010/12/07 13:41:58 | 000,365,704 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService) SRV - [2010/11/22 18:09:14 | 000,179,200 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\NovaStor\NovaStor NovaBACKUP\ManagementServer.Agent.Service.exe -- (Backup Client Agent Service) SRV - [2010/08/23 19:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService) SRV - [2010/02/18 14:01:06 | 000,462,632 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2009/09/25 13:16:06 | 000,093,960 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService) SRV - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccSetMgr) SRV - [2009/03/30 13:07:34 | 000,108,392 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe -- (ccEvtMgr) SRV - [2009/03/30 13:07:32 | 002,440,120 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe -- (Symantec AntiVirus) SRV - [2009/03/30 13:07:32 | 001,795,400 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe -- (SmcService) SRV - [2009/03/30 13:07:32 | 000,320,840 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\Symantec Endpoint Protection\SNAC.EXE -- (SNAC) SRV - [2008/11/09 12:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService) SRV - [2008/09/29 04:09:20 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2008/09/10 16:30:52 | 000,427,304 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe -- (NeroMediaHomeService.4) SRV - [2008/05/30 06:48:12 | 001,990,656 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe -- (ShadowProtectSvc) SRV - [2008/04/17 13:14:00 | 000,102,712 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (W3SVC) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (SMTPSVC) Simple Mail Transfer Protocol (SMTP) SRV - [2008/04/13 16:12:22 | 000,015,360 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\inetsrv\inetinfo.exe -- (IISADMIN) SRV - [2007/10/24 14:26:22 | 000,069,632 | ---- | M] (StorageCraft Technology Corporation) [Auto | Stopped] -- C:\Program Files\StorageCraft\ImageManager\ImageManager.exe -- (StorageCraft Image Manager) SRV - [2007/08/21 17:38:26 | 000,061,952 | ---- | M] (StorageCraft Technology Corporation) [Auto | Running] -- C:\WINDOWS\system32\vsnapvss.exe -- (VSNAPVSS) SRV - [2007/08/11 19:05:27 | 003,093,872 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_3.EXE -- (LiveUpdate) SRV - [2007/05/25 17:21:40 | 000,112,216 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe -- (RAMaint) SRV - [2007/04/05 12:18:34 | 000,063,064 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe -- (RemotelyAnywhere) ========== Driver Services (SafeList) ========== DRV - [2011/11/09 01:00:00 | 000,374,392 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl) DRV - [2011/11/09 01:00:00 | 000,106,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2011/08/07 15:56:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd) DRV - [2011/08/03 00:00:00 | 001,576,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVEX15.SYS -- (NAVEX15) DRV - [2011/08/03 00:00:00 | 000,086,136 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20111211.006\NAVENG.SYS -- (NAVENG) DRV - [2011/03/25 05:54:31 | 000,117,752 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2011/03/24 09:57:54 | 000,013,192 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv) DRV - [2011/03/24 09:57:54 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2010/11/17 20:29:20 | 000,087,536 | ---- | M] (CyberLink Corp.) [2011/03/24 13:54:55] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD10\NavFilter\000.fcl -- ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) DRV - [2010/09/21 08:10:32 | 000,192,504 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ArcSec.sys -- (ArcSec) DRV - [2010/07/09 13:18:56 | 000,020,328 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz134_x32.sys -- (cpuz134) DRV - [2010/05/27 05:56:03 | 000,041,728 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID) DRV - [2010/03/09 15:57:10 | 000,991,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (btkrnl) DRV - [2010/03/09 15:57:10 | 000,533,024 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio) DRV - [2010/03/09 15:57:10 | 000,156,816 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS) DRV - [2010/03/09 15:57:10 | 000,056,992 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid) DRV - [2010/03/09 15:57:10 | 000,045,984 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB) DRV - [2010/03/09 15:57:10 | 000,037,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver) DRV - [2010/03/09 15:57:10 | 000,037,032 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwmodem.sys -- (btwmodem) DRV - [2010/02/17 09:25:50 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV) DRV - [2010/02/17 09:15:58 | 000,066,632 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL) DRV - [2010/02/17 09:15:58 | 000,012,872 | R--- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM) DRV - [2009/08/12 14:11:03 | 000,015,600 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\gdrv.sys -- (gdrv) DRV - [2009/06/24 22:07:43 | 005,095,936 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2009/06/24 22:07:40 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\monfilt.sys -- (Monfilt) DRV - [2009/06/24 22:07:39 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ambfilt.sys -- (Ambfilt) DRV - [2009/04/12 10:54:54 | 000,123,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent) DRV - [2009/03/30 16:53:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2009/05/31 16:45:32] [Kernel | Auto | Running] -- C:\Program Files\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009/03/30 13:07:34 | 000,319,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\srtspl.sys -- (SRTSPL) DRV - [2009/03/30 13:07:34 | 000,279,600 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\srtsp.sys -- (SRTSP) DRV - [2009/03/30 13:07:34 | 000,043,824 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srtspx.sys -- (SRTSPX) DRV - [2009/03/30 13:07:28 | 000,420,400 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv) DRV - [2008/06/18 17:21:10 | 000,096,512 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\archlp.sys -- (archlp) DRV - [2008/04/13 10:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum) DRV - [2008/04/13 10:40:58 | 000,008,192 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\changer.sys -- (Changer) DRV - [2008/04/13 10:40:26 | 000,034,688 | ---- | M] (Toshiba Corp.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\lbrtfdc.sys -- (lbrtfdc) DRV - [2008/03/13 22:04:29 | 000,046,652 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007/11/02 13:27:24 | 000,079,616 | ---- | M] (StorageCraft Technology Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\sbmount.sys -- (sbmount) DRV - [2007/10/24 04:46:08 | 000,113,904 | ---- | M] (StorageCraft Technology Corporation) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\stcvsm.sys -- (stcvsm) DRV - [2007/05/25 17:22:30 | 000,083,568 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\WINDOWS\System32\RARfsClientNP.dll -- (RARfsClientNP) DRV - [2007/04/17 13:00:32 | 000,012,992 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files\RemotelyAnywhere\x86\rainfo.sys -- (RAInfo) DRV - [2007/04/17 13:00:30 | 000,010,168 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ramirr.sys -- (ramirr) DRV - [2007/04/05 10:55:16 | 000,046,000 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\RARfsDriver.sys -- (RARfsDriver) DRV - [2007/03/01 00:05:38 | 000,090,496 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2006/11/11 01:25:19 | 000,066,944 | ---- | M] (TOSHIBA Corporation) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\thdudf.sys -- (thdudf) DRV - [2006/08/11 13:45:40 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k) DRV - [2006/08/11 13:45:38 | 000,499,584 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM) DRV - [2006/08/11 13:45:28 | 000,180,224 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hap17v2k.sys -- (hap17v2k) DRV - [2006/08/11 13:45:26 | 000,766,976 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k) DRV - [2006/08/11 13:45:26 | 000,154,112 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hap16v2k.sys -- (hap16v2k) DRV - [2006/08/11 13:45:24 | 000,116,224 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv) DRV - [2006/08/11 13:45:18 | 000,143,872 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k) DRV - [2006/08/11 13:45:18 | 000,078,336 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia) DRV - [2006/08/11 13:45:14 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k) DRV - [2006/07/24 09:00:00 | 000,498,464 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0230VID.sys -- (V0230VID) DRV - [2006/03/23 09:00:00 | 000,006,272 | R--- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\V0230Vfx.sys -- (V0230Vfx) DRV - [2006/02/07 03:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\JGOGO.sys -- (JGOGO) DRV - [2005/11/10 16:06:04 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k) DRV - [2005/07/28 07:18:40 | 000,685,056 | ---- | M] (Aladdin Knowledge Systems Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\hardlock.sys -- (Hardlock) DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data] IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data] IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data] IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/enterprise/security_response/index.jsp IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data] IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=5 IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 93 54 D9 01 0B 8F 93 41 80 B5 4F B4 D5 7D D6 41 [binary data] IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ptec/defaults/sb/*http://www.yahoo.com/search/ie.html IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ptec/defaults/sp/*http://www.yahoo.com IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com IE - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p=" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "DAEMON Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com" FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: firefox1@myibay.com:1.1.8 FF - prefs.js..extensions.enabledItems: searchtoolbar@zugo.com:1.2 FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185 FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=ffds1&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Mark\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/02/08 17:04:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/02/08 17:04:41 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 20:36:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/22 09:49:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/10/03 17:16:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/08 20:36:42 | 000,000,000 | ---D | M] [2009/11/26 12:50:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Extensions [2011/12/12 08:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions [2010/07/15 06:23:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2011/06/01 07:42:10 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\DTToolbar@toolbarnet.com [2010/09/21 10:24:44 | 000,000,000 | ---D | M] (Search Toolbar) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\searchtoolbar@zugo.com [2011/12/12 08:41:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\staged [2009/12/26 10:08:58 | 000,002,254 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\askcom.xml [2011/08/07 15:56:33 | 000,002,055 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\searchplugins\daemon-search.xml [2011/12/11 15:56:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2011/08/23 08:29:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} [2011/12/11 15:56:31 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} () (No name found) -- C:\DOCUMENTS AND SETTINGS\MARK\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\P5OO56MT.DEFAULT\EXTENSIONS\FIREFOX1@MYIBAY.COM.XPI [2011/11/22 09:49:42 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011/12/11 15:56:18 | 000,611,224 | ---- | M] (Oracle Corporation) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011/05/26 07:43:41 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011/11/22 09:49:42 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml ========== Chrome ========== Hosts file not found O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7018.1622\swg.dll (Google Inc.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.) O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [bDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [bluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation) O4 - HKLM..\Run: [NBAgent] C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [Nero MediaHome 4] C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [RemoteControl10] C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [V0230Mon.exe] C:\WINDOWS\system32\V0230Mon.exe (Creative Technology Ltd.) O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [DAEMON Tools Lite] C:\util\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003..\Run: [Messenger (Yahoo!)] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe (NovaStor) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TotalMedia Server.lnk = C:\Program Files\ArcSoft\TotalMedia Theatre 5\TotalMedia Server\TM Server.exe (ArcSoft Inc.) O4 - Startup: C:\Documents and Settings\Mark\Start Menu\Programs\Startup\Check for TWS Updates.lnk = C:\Program Files\Jts\WiseUpdt.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149 O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff = 0 O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-1960408961-1303643608-839522115-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000028 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000030 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000031 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O10 - Protocol_Catalog9\Catalog_Entries\000000000032 - C:\Program Files\Bonjour\mdnsNSP.dll File not found O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: cleverreach.com ([novastor] http in Trusted sites) O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: google-analytics.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites) O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: novastor.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-1960408961-1303643608-839522115-1003\..Trusted Domains: turbotax.com ([]https in Trusted sites) O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab (Device Detection) O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object) O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} http://www.alternatiff.com/install-ie/alttiff.cab (AlternaTIFF ActiveX) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} http://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab (SlingHealth Class) O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} https://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab (HP Download Manager) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} http://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab (WebSlingPlayer) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab (Creative Software AutoUpdate Support Package) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} http://mypc:2000/activex/RACtrl.cab (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 68.238.64.12 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6}: DhcpNameServer = 192.168.1.1 68.238.64.12 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - AppInit_DLLs: (C:\WINDOWS\system32\acaptuser32.dll) -C:\WINDOWS\system32\acaptuser32.dll (Adobe Systems, Inc.) O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.dll) - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) O20 - Winlogon\Notify\WgaLogon: DllName - (WgaLogon.dll) - C:\WINDOWS\System32\WgaLogon.dll () O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011/12/12 10:36:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mark\Local Settings\Application Data\Sun [2011/12/12 06:52:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Sun [2011/12/11 15:56:44 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2011/12/11 15:56:29 | 000,128,000 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/11 15:56:28 | 000,214,408 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/11 15:56:28 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/11 15:56:28 | 000,173,960 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/11 09:03:11 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2011/12/10 12:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp [2011/12/10 09:57:32 | 004,334,705 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe [2011/12/08 07:14:25 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr [2011/12/08 02:27:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun [2011/12/07 23:55:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe [2011/12/07 21:10:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer [2011/12/07 20:04:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2011/11/25 11:48:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes [2011/11/25 11:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2011/11/25 11:47:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2011/11/25 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2011/11/25 10:02:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rosetta Stone [2011/11/25 09:51:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdBackup [2009/05/26 20:59:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Mark\Application Data\pcouffin.sys [2006/08/11 13:56:28 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll [2006/08/11 13:43:00 | 000,009,216 | ---- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE ========== Files - Modified Within 30 Days ========== [2011/12/28 10:41:03 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job [2011/12/12 13:11:39 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mark\Desktop\OTL.exe [2011/12/12 13:02:00 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job [2011/12/12 12:57:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011/12/12 12:55:19 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2011/12/12 10:31:08 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011/12/12 10:28:47 | 000,000,000 | ---- | M] () -- C:\WINDOWS\TempFile [2011/12/12 10:28:27 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011/12/12 10:04:40 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx [2011/12/12 10:04:40 | 000,030,120 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx [2011/12/12 10:04:40 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx [2011/12/12 10:04:40 | 000,027,408 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx [2011/12/12 10:04:40 | 000,011,564 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000000-00001102-00000004-00531102}.rfx [2011/12/12 10:04:40 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm [2011/12/12 10:04:40 | 000,001,076 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm [2011/12/12 03:02:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job [2011/12/11 15:56:17 | 000,544,656 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll [2011/12/11 15:56:17 | 000,214,408 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe [2011/12/11 15:56:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe [2011/12/11 15:56:17 | 000,173,960 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe [2011/12/11 15:56:17 | 000,128,000 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl [2011/12/11 09:02:01 | 000,481,500 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011/12/11 09:02:01 | 000,084,566 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011/12/10 20:46:30 | 000,313,176 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011/12/10 13:28:10 | 000,014,870 | ---- | M] () -- C:\ComboFix.zip [2011/12/10 09:57:37 | 004,334,705 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\ComboFix.exe [2011/12/10 09:28:44 | 000,002,228 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011/12/08 16:30:43 | 000,000,805 | ---- | M] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/12/08 16:30:43 | 000,000,787 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011/12/08 16:03:14 | 000,012,708 | -HS- | M] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo [2011/12/08 16:03:14 | 000,012,708 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo [2011/12/08 13:09:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2011/12/08 07:14:25 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Mark\Desktop\dds.scr [2011/12/08 06:55:19 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat [2011/12/08 06:55:12 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\kG5MuXD4.com.b [2011/11/25 11:48:55 | 000,001,545 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/11/25 11:17:16 | 000,000,175 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella [2011/11/24 10:45:38 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2011/11/19 20:23:38 | 000,145,003 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\Our Wii Games.gmc [2011/11/18 17:57:43 | 000,001,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2011/12/10 13:28:10 | 000,014,870 | ---- | C] () -- C:\ComboFix.zip [2011/12/08 16:30:43 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes' Anti-Malware.lnk [2011/12/08 06:55:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\kG5MuXD4.com.b [2011/12/08 06:12:30 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Qx8JA8PBv.dat [2011/12/07 17:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\f7n6beithc3553o8ae7ie4l1neo [2011/12/07 17:28:50 | 000,012,708 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\f7n6beithc3553o8ae7ie4l1neo [2011/11/25 11:48:55 | 000,001,545 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk [2011/10/10 21:31:04 | 000,000,097 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\1.12.0.lic [2011/09/07 11:45:33 | 000,000,052 | ---- | C] () -- C:\WINDOWS\ib.ini [2011/09/07 11:45:31 | 000,026,624 | ---- | C] () -- C:\WINDOWS\GetIe.dll [2011/08/09 17:12:50 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2011/08/09 17:12:50 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2011/08/09 17:12:50 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2011/08/09 17:12:50 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2011/08/09 17:12:50 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2011/07/13 08:23:25 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011/07/13 08:23:22 | 000,252,080 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011/07/13 08:23:22 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011/07/13 08:23:10 | 002,292,678 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2011/07/07 08:11:38 | 002,340,992 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe [2011/07/07 08:11:38 | 000,018,048 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll [2011/07/07 08:11:37 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe [2011/07/07 08:11:37 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys [2011/07/07 08:11:37 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys [2011/06/25 14:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\22500634ug8u87c8e64k6l3sf3v [2011/06/25 14:37:24 | 000,012,910 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\22500634ug8u87c8e64k6l3sf3v [2011/06/19 13:42:35 | 000,003,651 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate [2011/06/06 19:41:27 | 000,018,021 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Music Converter.dat [2011/06/06 19:01:21 | 000,002,985 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Multi Encoder] Codec.dat [2011/06/06 18:59:21 | 000,002,886 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [iD Tag Update] Codec.dat [2011/06/06 13:04:37 | 000,002,852 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Tag From Filename] Codec.dat [2011/06/06 13:04:20 | 000,001,195 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Dalet Codec.dat [2011/06/06 13:04:06 | 000,003,142 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp mp3 (Fraunhofer IIS) Codec.dat [2011/06/06 13:02:34 | 000,002,433 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Batch Ripper.dat [2011/05/24 10:37:25 | 000,002,854 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Audio Info] Codec.dat [2011/04/25 15:56:17 | 000,085,504 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll [2011/03/26 09:27:36 | 000,001,833 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Mp2 and BwfMp2 codec.dat [2011/03/26 09:27:31 | 000,001,213 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Wave64 Codec.dat [2011/03/26 09:27:25 | 000,002,217 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBPoweramp tooLame MP2 codec.dat [2011/03/26 09:27:21 | 000,011,462 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Real Audio (Helix) Encoder.dat [2011/03/26 09:26:56 | 000,002,997 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp WavPack Codec.dat [2011/03/26 09:26:47 | 000,003,054 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Ogg Vorbis Codec.dat [2011/03/26 09:26:29 | 000,003,096 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Monkeys Audio Codec.dat [2011/03/26 09:26:20 | 000,002,976 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp FLAC Codec.dat [2011/03/26 09:26:11 | 000,002,832 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp [Calculate Audio CRC] Codec.dat [2011/03/26 09:25:20 | 000,012,485 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpoweramp DSP Effects.dat [2011/03/26 09:25:06 | 003,835,624 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe [2011/02/11 15:13:15 | 000,081,737 | ---- | C] () -- C:\WINDOWS\hpqins13.dat [2011/02/08 20:23:24 | 000,000,053 | ---- | C] () -- C:\WINDOWS\DVDFab.INI [2011/02/08 16:58:39 | 000,239,702 | ---- | C] () -- C:\WINDOWS\hpwins05.dat [2011/02/08 16:58:39 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat [2011/01/18 10:17:21 | 000,000,165 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI [2011/01/12 23:22:01 | 000,000,035 | ---- | C] () -- C:\WINDOWS\A6W.INI [2010/09/21 08:10:32 | 000,192,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\ArcSec.sys [2010/06/24 23:43:05 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\V0230FwH.bin [2010/06/24 23:43:05 | 000,003,716 | R--- | C] () -- C:\WINDOWS\System32\drivers\V0230FwF.bin [2010/06/17 14:00:06 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010/05/24 19:55:44 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys [2010/05/24 19:26:52 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\winscp.rnd [2010/05/21 05:53:44 | 000,000,047 | ---- | C] () -- C:\WINDOWS\wininit.ini [2010/04/24 12:50:37 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini [2010/04/24 12:50:37 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini [2010/04/24 12:49:58 | 000,038,576 | ---- | C] () -- C:\WINDOWS\System32\w3ctrs.ini [2010/04/24 12:49:58 | 000,010,225 | ---- | C] () -- C:\WINDOWS\System32\axperf.ini [2010/04/24 12:49:56 | 000,011,435 | ---- | C] () -- C:\WINDOWS\System32\infoctrs.ini [2010/03/15 12:29:37 | 000,000,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc [2010/03/12 22:35:50 | 000,696,832 | ---- | C] () -- C:\WINDOWS\is-77VKD.exe [2010/03/12 13:44:17 | 000,012,508 | -HS- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\e47O [2010/03/09 21:26:31 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\LocalService\Application Data\$_hpcst$.hpc [2010/03/09 20:42:48 | 000,000,385 | ---- | C] () -- C:\WINDOWS\{2158ED55-19D1-4C0C-B213-5EFF748248AC}_WiseFW.ini [2009/11/26 12:50:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009/09/17 05:46:09 | 000,000,137 | -H-- | C] () -- C:\Documents and Settings\Mark\Application Data\lakerda1967.sys [2009/09/17 05:45:50 | 000,010,584 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\docXConverter (3).ini [2009/08/19 14:42:12 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\SfwIFmt.dll [2009/08/19 14:39:53 | 000,001,132 | ---- | C] () -- C:\WINDOWS\PODW.INI [2009/08/06 15:23:06 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\$_hpcst$.hpc [2009/07/29 14:28:46 | 002,854,976 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2009/07/23 10:56:37 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009/07/02 12:33:58 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\default.rss [2009/07/02 12:33:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini [2009/06/27 08:53:13 | 000,096,512 | ---- | C] () -- C:\WINDOWS\System32\drivers\archlp.sys [2009/05/28 17:35:54 | 000,190,976 | ---- | C] () -- C:\WINDOWS\System32\WgaLogon.dll [2009/05/28 12:07:34 | 000,000,352 | ---- | C] () -- C:\WINDOWS\lgfwup.ini [2009/05/26 20:59:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.cat [2009/05/26 20:59:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Mark\Application Data\pcouffin.inf [2009/05/19 07:03:16 | 000,116,842 | ---- | C] () -- C:\WINDOWS\hpqins00.dat [2009/05/08 11:13:52 | 000,239,774 | ---- | C] () -- C:\WINDOWS\hpwins05.dat.temp [2009/05/08 11:13:52 | 000,003,111 | ---- | C] () -- C:\WINDOWS\hpwmdl05.dat.temp [2009/05/03 13:10:50 | 000,071,376 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2009/04/20 18:57:35 | 000,054,941 | ---- | C] () -- C:\WINDOWS\War3Unin.dat [2009/04/18 18:51:11 | 000,033,792 | ---- | C] () -- C:\Documents and Settings\Mark\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/04/17 13:57:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2009/04/16 12:02:19 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS78.DLL [2009/04/15 18:26:10 | 000,016,050 | ---- | C] () -- C:\WINDOWS\hpwscr05.dat [2009/04/15 18:11:24 | 000,000,133 | ---- | C] () -- C:\WINDOWS\System32\AddPort.ini [2009/04/15 18:10:33 | 000,000,756 | ---- | C] () -- C:\WINDOWS\hpntwksetup.ini [2009/04/14 22:26:18 | 000,000,441 | ---- | C] () -- C:\WINDOWS\IfoEdit.INI [2009/04/12 16:15:11 | 000,000,510 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009/04/12 08:05:40 | 000,086,446 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini [2009/04/12 08:05:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL [2009/04/12 08:05:40 | 000,000,191 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini [2009/04/11 16:28:57 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2009/04/11 16:25:24 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2009/04/11 09:03:51 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2009/04/11 09:03:02 | 000,313,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008/01/14 15:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll [2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2007/05/22 18:14:58 | 000,008,784 | ---- | C] () -- C:\WINDOWS\System32\ractrlkeyhook.dll [2006/08/11 13:57:18 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL [2006/08/11 13:56:04 | 000,034,304 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE [2006/08/11 13:49:24 | 000,323,640 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat [2006/08/11 13:49:24 | 000,044,567 | ---- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat [2006/08/11 13:45:18 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE [2006/08/11 13:45:08 | 000,140,643 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat [2006/08/11 13:43:26 | 000,265,042 | ---- | C] () -- C:\WINDOWS\System32\ctsbas2w.dat [2006/08/11 13:43:20 | 000,113,221 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT [2006/08/11 13:43:18 | 000,231,281 | ---- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT [2006/08/11 13:43:04 | 000,313,207 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat [2006/08/11 13:43:04 | 000,053,932 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat [2006/08/11 13:43:02 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE [2006/05/23 11:40:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI [2005/08/26 13:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe [2005/08/26 13:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe [2005/08/26 13:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe [2005/06/16 17:17:16 | 000,071,680 | ---- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL [2004/08/04 04:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004/08/04 04:00:00 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2004/08/04 04:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004/08/04 04:00:00 | 000,481,500 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004/08/04 04:00:00 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2004/08/04 04:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004/08/04 04:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004/08/04 04:00:00 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2004/08/04 04:00:00 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2004/08/04 04:00:00 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2004/08/04 04:00:00 | 000,084,566 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004/08/04 04:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004/08/04 04:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004/08/04 04:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004/08/04 04:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004/08/04 04:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004/08/04 04:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [2001/07/07 02:00:00 | 000,003,399 | ---- | C] () -- C:\WINDOWS\System32\hptcpmon.ini ========== Alternate Data Streams ========== @Alternate Data Stream - 368 bytes -> C:\Documents and Settings\Mark\Local Settings\Application Data\desktop.ini:722b2b1c349a06abf0e866180e5a7e63 < End of report >
-
Here it is. mbr.zip
-
When I open IE it opens another browser to some random advertising site. Additionally, looking at "network connections" in XP it is stuck axquiring network address, yet I have no problem accessing the internet. Here is my mbam log: Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8354 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 12/11/2011 6:11:32 PM mbam-log-2011-12-11 (18-11-32).txt Scan type: Full scan (C:\|) Objects scanned: 500272 Time elapsed: 2 hour(s), 12 minute(s), 36 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
-
Yikes! That's scary. I had to run combofix twice. The first time it stalled at trying to produce log file. I rebooted into safe mode and reran it successfully. Enclosed is the combofix log file. ComboFix.zip
-
I keeping getting malware that is acting like windows security. . DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_27 Run by Mark at 16:02:19 on 2011-12-08 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.3196 [GMT -8:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe C:\WINDOWS\system32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\System32\ping.exe C:\Documents and Settings\Mark\Local Settings\Application Data\jwu.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?ilc=5 mStart Page = hxxp://www.yahoo.com uInternet Settings,ProxyOverride = *.local uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7018.1622\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" StartupFolder: c:\docume~1\mark\startm~1\programs\startup\checkf~1.lnk - c:\program files\jts\WiseUpdt.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\novaba~1.lnk - c:\program files\novastor\novastor novabackup\nsCtrl.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\totalm~1.lnk - c:\program files\arcsoft\totalmedia theatre 5\totalmedia server\TM Server.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll LSP: mswsock.dll Trusted Zone: cleverreach.com\novastor Trusted Zone: google-analytics.com Trusted Zone: intuit.com\ttlc Trusted Zone: novastor.com Trusted Zone: turbotax.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {3528A58B-595D-4AFD-A5F6-B914BD306DC3} - hxxp://dishconnectivity.sling.com/dpit/downloads/pc/SlingHealth.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] S1 ArcSec;archlp;c:\windows\system32\drivers\ArcSec.sys [2010-9-21 192504] S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] S1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?] S2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] S2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 286736] S2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] S2 nsService;NovaStor NovaBACKUP Backup/Copy Engine;c:\program files\novastor\novastor novabackup\nsService.exe [2010-12-7 365704] S2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] S2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] S2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] S2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] S2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] S2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 Backup Client Agent Service;Backup Client Agent Service;c:\program files\novastor\novastor novabackup\ManagementServer.Agent.Service.exe [2010-11-22 179200] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-11-23 106104] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20111207.021\NAVENG.SYS [2011-12-7 86136] S3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20111207.021\NAVEX15.SYS [2011-12-7 1576312] S3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-24 6272] S3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-24 498464] S4 RARfsClientNP;RARfsClientNP; [x] . =============== File Associations =============== . .exe=ah . =============== Created Last 30 ================ . 2011-12-08 14:12:29 79872 ----a-w- c:\windows\system32\kG5MuXD4.com_ 2011-12-08 04:04:48 -------- d-----w- c:\program files\ESET 2011-12-08 01:28:48 325632 ----a-w- c:\documents and settings\mark\local settings\application data\jwu.exe 2011-11-25 19:47:51 -------- d-----w- c:\program files\iPod 2011-11-25 19:47:48 -------- d-----w- c:\program files\iTunes 2011-11-25 19:43:10 -------- d-----w- c:\program files\Bonjour 2011-11-25 17:51:28 -------- d-----w- c:\documents and settings\all users\application data\RosettaStoneLtdBackup 2011-11-10 01:01:51 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll 2011-11-10 01:01:51 8192 ----a-w- c:\windows\system32\wshirda.dll 2011-11-10 01:01:51 28160 -c--a-w- c:\windows\system32\dllcache\irmon.dll 2011-11-10 01:01:51 28160 ----a-w- c:\windows\system32\irmon.dll 2011-11-10 01:01:47 151552 -c--a-w- c:\windows\system32\dllcache\irftp.exe 2011-11-10 01:01:47 151552 ----a-w- c:\windows\system32\irftp.exe . ==================== Find3M ==================== . 2011-11-24 18:45:38 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-11 15:03:41 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-10-11 15:03:41 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-10-11 14:53:11 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin . ============= FINISH: 16:03:12.53 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/11/2009 5:28:54 PM System Uptime: 12/8/2011 3:36:41 PM (1 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | P35C-DS3R Processor: Intel® Core2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2400/266mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 1863 GiB total, 1202.986 GiB free. E: is CDROM () F: is FIXED (NTFS) - 466 GiB total, 98.739 GiB free. G: is FIXED (NTFS) - 298 GiB total, 67.431 GiB free. H: is CDROM () I: is FIXED (NTFS) - 699 GiB total, 131.774 GiB free. . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318} Description: Officejet Pro L7500 Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Officejet Pro L7500 PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP55: 10/26/2011 11:14:49 PM - System Checkpoint RP56: 10/27/2011 11:15:55 PM - System Checkpoint RP57: 10/29/2011 12:24:15 AM - System Checkpoint RP58: 10/30/2011 1:14:49 AM - System Checkpoint RP59: 10/31/2011 2:14:48 AM - System Checkpoint RP60: 11/1/2011 2:34:18 AM - System Checkpoint RP61: 11/2/2011 2:47:25 AM - System Checkpoint RP62: 11/2/2011 3:12:34 PM - Software Distribution Service 3.0 RP63: 11/3/2011 3:36:30 PM - System Checkpoint RP64: 11/4/2011 4:36:30 PM - System Checkpoint RP65: 11/5/2011 6:17:02 PM - System Checkpoint RP66: 11/6/2011 5:36:30 PM - System Checkpoint RP67: 11/7/2011 6:09:08 PM - System Checkpoint RP68: 11/8/2011 8:29:35 PM - System Checkpoint RP69: 11/9/2011 9:04:04 PM - System Checkpoint RP70: 11/10/2011 10:04:03 PM - System Checkpoint RP71: 11/11/2011 11:04:03 PM - System Checkpoint RP72: 11/13/2011 12:04:02 AM - System Checkpoint RP73: 11/14/2011 1:04:03 AM - System Checkpoint RP74: 11/15/2011 5:35:11 PM - System Checkpoint RP75: 11/16/2011 6:04:08 PM - System Checkpoint RP76: 11/17/2011 7:04:07 PM - System Checkpoint RP77: 11/18/2011 7:08:31 PM - System Checkpoint RP78: 11/19/2011 8:42:01 PM - System Checkpoint RP79: 11/20/2011 9:04:07 PM - System Checkpoint RP80: 11/21/2011 9:05:11 PM - System Checkpoint RP81: 11/22/2011 10:04:07 PM - System Checkpoint RP82: 11/23/2011 10:04:21 PM - System Checkpoint RP83: 11/24/2011 10:48:18 PM - System Checkpoint RP84: 11/25/2011 9:51:34 AM - Installed Rosetta Stone Version 3 RP85: 11/25/2011 9:58:42 AM - Removed Rosetta Stone Version 3 RP86: 11/25/2011 10:01:58 AM - Installed Rosetta Stone Version 3 RP87: 11/25/2011 11:44:58 AM - Installed iTunes RP88: 11/26/2011 11:47:15 AM - System Checkpoint RP89: 11/27/2011 11:50:30 AM - System Checkpoint RP90: 11/28/2011 4:22:47 PM - System Checkpoint RP91: 11/29/2011 8:59:28 PM - System Checkpoint RP92: 11/30/2011 9:34:28 PM - System Checkpoint RP93: 12/1/2011 10:31:19 PM - System Checkpoint RP94: 12/2/2011 11:25:21 PM - System Checkpoint RP95: 12/4/2011 12:21:56 AM - System Checkpoint RP96: 12/5/2011 1:17:37 AM - System Checkpoint RP97: 12/6/2011 2:13:17 AM - System Checkpoint RP98: 12/7/2011 3:08:46 AM - System Checkpoint RP99: 12/8/2011 3:56:45 AM - System Checkpoint . ==== Installed Programs ====================== . . "Nero SoundTrax Help 32 Bit HP CIO Components Installer 3D Home Architect Design Suite Deluxe 8 7500_7600_7700_Help1 ACDSee 10 Photo Manager ACDSee Pro 3 Activation (Blu-ray Disc Authoring Plug-in) Activation (Blu-ray Video Plug-in) Activation (Gracenote Plug-in) Activation (Nero 9 HD) Activation (Nero BackItUp 4) Activation (Nero MediaHome 4) Activation (Nero Move it) Ad Notifier - For Craigslist.org Adobe Acrobat 9 Pro Extended - English, Français, Deutsch Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Photoshop 7.0 Adobe SVG Viewer 3.0 Advanced Video FX Engine Advertising Center AnswerWorks 4.0 Runtime - English AnswerWorks 5.0 English Runtime Ant Movie Catalog AnyDVD Registration Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft TotalMedia Theatre ArcSoft TotalMedia Theatre 5 Audacity 1.2.6 AviSynth 2.5 Bing Bar Bing Bar Platform Blu-ray Disc Authoring Plug-in Blu-ray Video Plug-in Blu-ray/HD DVD Video Plug-in Bonjour bpd_scan_Carrier BPDSoftware BPDSoftware_Ini BufferChm Calorie GPS Canon iP4200 Canon Utilities Easy-PhotoPrint CCleaner CD-LabelPrint Cinema Craft Encoder SP Cisco Connect Classifieds Searcher Free - version 7.30 Collectorz.com Game Collector Collectorz.com Movie Collector Compatibility Pack for the 2007 Office system CPUID CPU-Z 1.56 Creative Audio Console Creative Live! Cam Center Creative Live! Cam Manager Creative Live! Cam Video IM Pro Driver (1.00.07.0725) Creative Live! Cam Video IM Pro User's Guide (English) Creative Photo Calendar Creative Photo Manager Creative Software AutoUpdate Creative System Information CyberLink BD_3D Advisor 2.0 CyberLink PowerDVD 10 CyberLink PowerDVD 9 DAEMON Tools Toolbar Database Conversion Wizard dBpoweramp [Audio Info] Codec dBpoweramp [Calculate Audio CRC] Codec dBpoweramp [iD Tag Update] Codec dBpoweramp [Multi Encoder] Codec dBpoweramp [Tag From Filename] Codec dBpoweramp Batch Ripper dBpoweramp Dalet Codec dBpoweramp DSP Effects dBpoweramp FLAC Codec dBpoweramp Monkeys Audio Codec dBpoweramp Mp2 and BwfMp2 codec dBpoweramp mp3 (Fraunhofer IIS) Codec dBpoweramp Music Converter dBpoweramp Ogg Vorbis Codec dBpoweramp Real Audio (Helix) Encoder dBPoweramp tooLame MP2 codec dBpoweramp Wave64 Codec dBpoweramp WavPack Codec Destinations DeviceDiscovery DocProc DolbyFiles DriverAgent by eSupport.com DTS Plug-in DVD Decrypter (Remove Only) DVD Rebuilder DVDFab 8.1.2.0 (15/09/2011) Qt DVDInfoPro 6.5.1.0 EASEUS Partition Master 8.0.1 Home Edition ESET Online Scanner v3 eXtreme Movie Manager 7.0.3.1 - Full Install! Fax ffdshow v1.1.3326 [2010-03-19] FLAC 1.2.1b (remove only) foobar2000 v1.0.3 Get Yahoo! Messenger Gigabyte Raid Configurer Google Chrome Google Earth Google Earth Plug-in Google Toolbar for Internet Explorer Google Update Helper GoToMeeting 4.5.0.457 GPBaseService2 Gracenote Plug-in Greetings Workshop Haali Media Splitter Hallmark Card Studio 2008 Deluxe Hallmark Card Studio 2009 High-Definition Video Playback 10 High Definition Audio Driver Package - KB835221 Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) HP Customer Participation Program 14.0 HP Imaging Device Functions 14.0 HP OfficeJet L7300/L7500/7600/7700 HP Photosmart Essential 3.5 HP Smart Web Printing 4.60 HP Solution Center 14.0 HP Update HP_Network_UserGuide HPDiagnosticAlert HPPhotoSmartDiscLabelContent1 HPPhotosmartEssential HPProductAssistant HPSSupply IHA_MessageCenter ImagXpress ImgBurn iPhoneBrowser iTunes Java Auto Updater Java 6 Update 27 KODAK Gallery Upload Software L7500 LAME v3.98.2 for Audacity LG ODD Auto Firmware Update LightScribe System Software LiveUpdate 3.3 (Symantec Corporation) Logitech Harmony Remote Software 7 MadOnion.com/PCMark2002 Magic ISO Maker v5.4 (build 0251) Malwarebytes' Anti-Malware version 1.51.1.1800 MarketResearch Menu Templates - Starter Kit Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft ActiveSync Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Default Manager Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Visio MUI (English) 2007 Microsoft Office Visio Professional 2007 Microsoft Office XP Professional with FrontPage Microsoft Primary Interoperability Assemblies 2005 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Movie Templates - Starter Kit Mozilla Firefox 8.0 (x86 en-US) mp3PRO Plug-in Mp3tag v2.49 MPM MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Myibay Auction bid sniper for eBay 1.0.43 Nero 10 Menu TemplatePack 1 Nero 10 Menu TemplatePack 2 Nero 10 Menu TemplatePack 3 Nero 10 Menu TemplatePack Basic Nero 10 Movie ThemePack 1 Nero 10 Movie ThemePack 2 Nero 10 Movie ThemePack Basic Nero 10 Sample ImagePack Nero 10 Sample Videos Nero 9 Nero 9 HD Nero BackItUp 10 Nero BackItUp 10 Help (CHM) Nero BackItUp 4 Nero Burning ROM 10 Nero BurningROM Nero BurningROM 10 Help (CHM) Nero BurnRights Nero BurnRights 10 Nero BurnRights 10 Help (CHM) Nero Control Center 10 Nero ControlCenter Nero Core Components 10 Nero CoverDesigner Nero CoverDesigner 10 Nero CoverDesigner 10 Help (CHM) Nero CoverDesigner Help Nero Disc Copy Gadget Nero Disc Copy Gadget Help Nero DiscSpeed Nero DiscSpeed 10 Nero DiscSpeed 10 Help (CHM) Nero Dolby Files 10 Nero DriveSpeed Nero Express Nero Express 10 Nero Express 10 Help (CHM) Nero InCD-Reader Nero InfoTool Nero InfoTool 10 Nero InfoTool 10 Help (CHM) Nero Installer Nero MediaHome 4 Nero MediaHome 4 Help Nero MediaHome 4 Trial Nero MediaHub 10 Nero MediaHub 10 Help (CHM) Nero Move it Nero Multimedia Suite 10 Nero PhotoSnap Nero PhotoSnap Help Nero Recode Nero Recode 10 Nero Recode 10 Help (CHM) Nero Recode Help Nero Rescue Agent Nero RescueAgent 10 Nero RescueAgent 10 Help (CHM) Nero RescueAgent Help Nero ShowTime Nero SoundTrax 10 Nero SoundTrax 10 Help (CHM) Nero StartSmart Nero StartSmart 10 Nero StartSmart 10 Help (CHM) Nero StartSmart Help Nero Update Nero Vision Nero Vision 10 Nero Vision 10 Help (CHM) Nero WaveEditor Nero WaveEditor 10 Nero WaveEditor 10 Help (CHM) Nero WaveEditor Help NeroBurningROM NeroExpress neroxml Network NovaBACKUP NVIDIA Control Panel 266.58 NVIDIA Graphics Driver 266.58 NVIDIA Install Application NVIDIA nView 135.85 NVIDIA nView Desktop Manager OCR Software by I.R.I.S. 14.0 Octoshape add-in for Adobe Flash Player Opti Drive Control 1.51 PFPortChecker 1.0.32 PowerISO ProductContext Quicken 2010 QuickTime RackTools 3.5 REALTEK GbE & FE Ethernet PCI-E NIC Driver Realtek High Definition Audio Driver Remote Control USB Driver Rosetta Stone Version 3 Salling Clicker Scan SecurDisc Viewer Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Windows Internet Explorer 7 (KB938127-v2) Security Update for Windows Internet Explorer 7 (KB956390) Security Update for Windows Internet Explorer 7 (KB961260) Security Update for Windows Internet Explorer 7 (KB963027) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB976325) Security Update for Windows Internet Explorer 8 (KB978207) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2124261) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2290570) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB938464-v2) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB953155) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB954600) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB957097) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958687) Security Update for Windows XP (KB958690) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960715) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961373) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB970483) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB976323) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) ShadowProtect Desktop ShadowProtect ImageManager Shop for HP Supplies SightSpeed Skype Toolbars Skype™ 4.2 SlingHealth ActiveX SlingPlayer SmartWebPrinting SolutionCenter SoundTrax Sprite Backup Status SUPERAntiSpyware Free Edition Symantec Endpoint Protection System Requirements Lab Toolbox Trader Workstation Trader Workstation 4.0 TrayApp TurboTax 2008 TurboTax 2008 wcaiper TurboTax 2008 WinPerFedFormset TurboTax 2008 WinPerProgramHelp TurboTax 2008 WinPerReleaseEngine TurboTax 2008 WinPerTaxSupport TurboTax 2008 WinPerUserEducation TurboTax 2008 wrapper TurboTax 2009 TurboTax 2009 wcaiper TurboTax 2009 WinPerFedFormset TurboTax 2009 WinPerReleaseEngine TurboTax 2009 WinPerTaxSupport TurboTax 2009 wrapper TurboTax 2010 TurboTax 2010 wcaiper TurboTax 2010 WinPerFedFormset TurboTax 2010 WinPerReleaseEngine TurboTax 2010 WinPerTaxSupport TurboTax 2010 wrapper TurboTax Home & Business 2007 UnloadSupport Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB978506) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB955839) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Verizon Download Manager Vz In Home Agent Warcraft III: All Products WebFldrs XP WebReg WebSlingPlayer ActiveX WIDCOMM Bluetooth Software Winamp Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format 11 runtime Windows Media Player 11 Windows XP Service Pack 3 WinRAR archiver WinSCP 4.2.7 WinZip XML Paper Specification Shared Components Pack 1.0 Yahoo! BrowserPlus 2.9.8 Yahoo! Detect Yahoo! Messenger Yahoo! Software Update Yahoo! Toolbar . ==== End Of File ===========================
-
Not sure how to determine the redirect but here is the log: ComboFix 11-08-15.08 - Mark 08/15/2011 15:30:06.3.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2929 [GMT -7:00] Running from: c:\documents and settings\Mark\Desktop\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2011-07-15 to 2011-08-15 ))))))))))))))))))))))))))))))) . . 2011-08-11 20:47 . 2011-08-11 20:47 -------- d-----w- c:\documents and settings\Mark\Local Settings\Application Data\uTorrent 2011-08-10 22:36 . 2011-08-10 22:36 -------- d-----w- C:\MainMovie 2011-08-10 01:33 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-08 14:10 . 2011-08-08 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2011-08-08 01:48 . 2011-08-10 01:02 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4 2011-08-08 00:27 . 2011-08-08 00:27 -------- d-----w- c:\program files\Common Files\LightScribe 2011-07-28 14:38 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38 . 2011-07-28 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-28 14:38 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 15:35 . 2011-07-19 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-07 23:56 . 2009-04-16 19:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36 . 2011-05-20 18:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27 . 2011-06-15 04:57 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36 . 2011-06-15 04:36 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36 . 2011-06-15 04:36 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41 . 2011-03-26 17:25 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40 . 2011-05-31 16:40 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40 . 2011-05-31 16:40 256 ----a-w- c:\windows\system32\MSIevent.bat 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe 2011-06-26 15:01 . 2011-05-26 15:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-08-10_01.37.16 ))))))))))))))))))))))))))))))))))))))))) . + 2010-06-19 21:21 . 2011-08-11 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2010-06-19 21:21 . 2011-07-29 21:44 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2009-04-12 00:30 . 2011-08-11 20:16 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2009-04-12 00:30 . 2011-07-29 21:44 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2011-08-11 20:16 . 2011-08-11 20:16 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat - 2009-04-12 00:30 . 2011-07-29 21:44 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat + 2010-04-24 20:50 . 2011-08-11 02:42 224716 c:\windows\system32\inetsrv\MetaBase.bin . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-05-06 4980344] "DAEMON Tools Lite"="c:\util\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-08-11 639864] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-23 1226024] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360] "Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-11 3622184] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-24 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] WinZip Quick Pick.lnk - c:\util\WinZip\WZQKPICK.EXE [2009-8-23 106560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\util\\mIRC\\mirc.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\HPZnui01.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\hponicifs01.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD9.exe"= "c:\\Program Files\\Salling Software AB\\Salling Clicker\\WinClicker.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\drivers\\hpl7590\\basic\\OJProL7X00_Basic_14\\setup\\hpznui01.exe"= "c:\\drivers\\hpl7590\\full\\OJProL7X00_Full_14\\setup\\hpznui01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD10\\PowerDVD10.exe"= "c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9100:TCP"= 9100:TCP:192.168.1.67 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "<NO NAME>"= "5353:UDP"= 5353:UDP:Salling Clicker mDNS "50000:UDP"= 50000:UDP:IHA_MessageCenter . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [4/11/2009 5:49 PM 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [6/27/2009 9:53 AM 96512] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [4/11/2009 5:49 PM 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54];c:\program files\Cyberlink\PowerDVD10\NavFilter\000.fcl [11/17/2010 9:29 PM 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45];c:\program files\Cyberlink\PowerDVD9\000.fcl [3/30/2009 5:53 PM 87536] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/18/2010 3:58 PM 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [5/24/2011 4:02 PM 151552] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 3:01 PM 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\x86\rainfo.sys [4/17/2007 2:00 PM 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [4/4/2010 8:20 AM 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4/11/2009 5:49 PM 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [5/29/2009 10:02 AM 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [4/11/2009 5:49 PM 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 8:50 PM 105592] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [4/17/2007 2:00 PM 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/25/2010 12:43 AM 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/25/2010 12:43 AM 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl --> c:\program files\PowerDVD8\PowerDVD8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [10/24/2007 3:26 PM 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [8/11/2009 8:45 AM 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/7/2011 9:11 AM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/7/2011 9:11 AM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872] S4 RARfsClientNP;RARfsClientNP; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-13 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-08-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-15 15:40 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'lsass.exe'(980) c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'explorer.exe'(932) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-15 15:42:25 ComboFix-quarantined-files.txt 2011-08-15 22:42 ComboFix2.txt 2011-08-11 00:31 ComboFix3.txt 2011-08-10 01:40 . Pre-Run: 1,223,673,495,552 bytes free Post-Run: 1,223,906,947,072 bytes free . - - End Of File - - 62A8E262EEC4F517E961CDF9FD57CD8B
-
ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=969bac7198f7684e978de94160e578dc # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-07-30 02:17:26 # local_time=2011-07-29 07:17:26 (-0800, Pacific Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 1829656 1829656 0 0 # scanned=602885 # found=3 # cleaned=3 # scan_time=18896 C:\Documents and Settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{4b83ff0d-d82a-4edd-b1d2-7481804d5064}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Mark\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\oklpbfkhbalnkdkfpclpcokiofojebgi\contentscript.js Win32/TrojanDownloader.Tracur.F trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Documents and Settings\Mark\Local Settings\Temporary Internet Files\Content.IE5\MAQ4L619\index[1].htm JS/Fraud.NAN.Gen trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6528 # api_version=3.0.2 # EOSSerial=969bac7198f7684e978de94160e578dc # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-08-12 01:11:09 # local_time=2011-08-11 06:11:09 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=8192 67108863 100 0 2951225 2951225 0 0 # scanned=584000 # found=0 # cleaned=0 # scan_time=16550 Results of screen317's Security Check version 0.99.18 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Security Center service is not running! This report may not be accurate! Windows Firewall Enabled! ESET Online Scanner v3 Symantec Endpoint Protection Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Out of date HijackThis installed! Malwarebytes' Anti-Malware HijackThis 1.99.1 CCleaner Java 6 Update 15 Out of date Java installed! Flash Player Out of Date! Adobe Flash Player 10.2.153.1 Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log````````````
-
ComboFix 11-08-10.03 - Mark 08/10/2011 17:20:15.2.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2705 [GMT -7:00] Running from: c:\dwld\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 ))))))))))))))))))))))))))))))) . . 2011-08-10 22:36 . 2011-08-10 22:36 -------- d-----w- C:\MainMovie 2011-08-10 01:33 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-08 14:10 . 2011-08-08 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2011-08-08 01:48 . 2011-08-10 01:02 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4 2011-08-08 00:27 . 2011-08-08 00:27 -------- d-----w- c:\program files\Common Files\LightScribe 2011-07-28 14:38 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38 . 2011-07-28 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-28 14:38 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 15:35 . 2011-07-19 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2011-07-13 16:24 . 2011-07-13 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2011-07-13 16:23 . 2011-07-13 16:23 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23 . 2011-07-13 16:23 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23 . 2011-07-13 16:23 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22 . 2011-07-13 16:22 -------- d-----w- c:\windows\nview 2011-07-13 16:14 . 2011-07-13 16:24 -------- d-----w- c:\program files\NVIDIA Corporation . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-07 23:56 . 2009-04-16 19:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36 . 2011-05-20 18:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27 . 2011-06-15 04:57 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36 . 2011-06-15 04:36 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36 . 2011-06-15 04:36 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41 . 2011-03-26 17:25 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40 . 2011-05-31 16:40 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40 . 2011-05-31 16:40 256 ----a-w- c:\windows\system32\MSIevent.bat 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe 2011-06-26 15:01 . 2011-05-26 15:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-05-06 4980344] "DAEMON Tools Lite"="c:\util\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-23 1226024] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360] "Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-11 3622184] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-24 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] WinZip Quick Pick.lnk - c:\util\WinZip\WZQKPICK.EXE [2009-8-23 106560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\util\\mIRC\\mirc.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\HPZnui01.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\hponicifs01.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD9.exe"= "c:\\Program Files\\Salling Software AB\\Salling Clicker\\WinClicker.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\drivers\\hpl7590\\basic\\OJProL7X00_Basic_14\\setup\\hpznui01.exe"= "c:\\drivers\\hpl7590\\full\\OJProL7X00_Full_14\\setup\\hpznui01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD10\\PowerDVD10.exe"= "c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9100:TCP"= 9100:TCP:192.168.1.67 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "<NO NAME>"= "5353:UDP"= 5353:UDP:Salling Clicker mDNS "50000:UDP"= 50000:UDP:IHA_MessageCenter . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [4/11/2009 5:49 PM 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [6/27/2009 9:53 AM 96512] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [4/11/2009 5:49 PM 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54];c:\program files\Cyberlink\PowerDVD10\NavFilter\000.fcl [11/17/2010 9:29 PM 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45];c:\program files\Cyberlink\PowerDVD9\000.fcl [3/30/2009 5:53 PM 87536] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/18/2010 3:58 PM 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [5/24/2011 4:02 PM 151552] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 3:01 PM 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\x86\rainfo.sys [4/17/2007 2:00 PM 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [4/4/2010 8:20 AM 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4/11/2009 5:49 PM 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [5/29/2009 10:02 AM 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [4/11/2009 5:49 PM 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 8:50 PM 105592] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [4/17/2007 2:00 PM 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/25/2010 12:43 AM 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/25/2010 12:43 AM 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl --> c:\program files\PowerDVD8\PowerDVD8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [10/24/2007 3:26 PM 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [8/11/2009 8:45 AM 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/7/2011 9:11 AM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/7/2011 9:11 AM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872] S4 RARfsClientNP;RARfsClientNP; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-10 17:30 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'lsass.exe'(980) c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'explorer.exe'(1660) c:\windows\system32\WININET.dll c:\windows\system32\btmmhook.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2011-08-10 17:31:18 ComboFix-quarantined-files.txt 2011-08-11 00:31 ComboFix2.txt 2011-08-10 01:40 . Pre-Run: 1,222,994,866,176 bytes free Post-Run: 1,230,898,135,040 bytes free . - - End Of File - - 7A65AD6BD8B252FC19584CB3BFCFF0A0 . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mark at 17:33:07 on 2011-08-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2604 [GMT -7:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe C:\util\DAEMON Tools Lite\DTLite.exe C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\util\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\vsnapvss.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 151552] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVENG.SYS [2011-8-9 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVEX15.SYS [2011-8-9 1576312] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-25 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-25 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S4 RARfsClientNP;RARfsClientNP; [x] . =============== Created Last 30 ================ . 2011-08-10 22:36:42 -------- d-----w- C:\MainMovie 2011-08-10 01:33:44 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33:44 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-10 01:14:39 -------- d-sha-r- C:\cmdcons 2011-08-10 01:12:50 98816 ----a-w- c:\windows\sed.exe 2011-08-10 01:12:50 518144 ----a-w- c:\windows\SWREG.exe 2011-08-10 01:12:50 256000 ----a-w- c:\windows\PEV.exe 2011-08-10 01:12:50 208896 ----a-w- c:\windows\MBR.exe 2011-08-08 14:10:14 -------- d-----w- c:\documents and settings\all users\application data\LightScribe 2011-07-28 14:38:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 14:38:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-19 15:35:58 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-07-13 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-07-13 16:23:25 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23:22 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23:22 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23:11 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23:10 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23:10 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23:10 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23:10 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23:10 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23:10 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23:09 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22:18 -------- d-----w- c:\windows\nview 2011-07-13 16:14:31 -------- d-----w- c:\program files\NVIDIA Corporation . ==================== Find3M ==================== . 2011-08-07 23:56:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27:32 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36:27 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36:26 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41:28 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40:19 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40:19 256 ----a-w- c:\windows\system32\MSIevent.bat . ============= FINISH: 17:33:19.78 =============== attach.rar
-
I uninstalled uTorrent. Here are the updated dds logs: . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mark at 15:57:37 on 2011-08-10 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1567 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe C:\util\DAEMON Tools Lite\DTLite.exe C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\util\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\vsnapvss.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\explorer.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\Office10\WINWORD.EXE C:\WINDOWS\msagent\AgentSvr.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Movie Collector\MovieCollector.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\DVDFab 8 Qt\DVDFab.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 151552] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVENG.SYS [2011-8-9 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110809.009\NAVEX15.SYS [2011-8-9 1576312] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-25 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-25 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S4 RARfsClientNP;RARfsClientNP; [x] . =============== Created Last 30 ================ . 2011-08-10 22:36:42 -------- d-----w- C:\MainMovie 2011-08-10 01:33:44 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33:44 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-10 01:14:39 -------- d-sha-r- C:\cmdcons 2011-08-10 01:12:50 98816 ----a-w- c:\windows\sed.exe 2011-08-10 01:12:50 518144 ----a-w- c:\windows\SWREG.exe 2011-08-10 01:12:50 256000 ----a-w- c:\windows\PEV.exe 2011-08-10 01:12:50 208896 ----a-w- c:\windows\MBR.exe 2011-08-08 14:10:14 -------- d-----w- c:\documents and settings\all users\application data\LightScribe 2011-07-28 14:38:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 14:38:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-19 15:35:58 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-07-13 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-07-13 16:23:25 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23:22 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23:22 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23:11 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23:10 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23:10 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23:10 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23:10 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23:10 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23:10 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23:09 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22:18 -------- d-----w- c:\windows\nview 2011-07-13 16:14:31 -------- d-----w- c:\program files\NVIDIA Corporation . ==================== Find3M ==================== . 2011-08-07 23:56:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27:32 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36:27 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36:26 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41:28 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40:19 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40:19 256 ----a-w- c:\windows\system32\MSIevent.bat . ============= FINISH: 15:59:32.60 =============== attach.rar
-
Attached dds attach file. attach.rar
-
ComboFix 11-08-09.02 - Mark 08/09/2011 18:18:45.1.4 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2754 [GMT -7:00] Running from: c:\dwld\ComboFix.exe AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Mark\abaoltabgm.tmp c:\documents and settings\Mark\Application Data\inst.exe c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{4b83ff0d-d82a-4edd-b1d2-7481804d5064} c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{4b83ff0d-d82a-4edd-b1d2-7481804d5064}\chrome\xulcache.jar c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{4b83ff0d-d82a-4edd-b1d2-7481804d5064}\defaults\preferences\xulcache.js c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\extensions\{4b83ff0d-d82a-4edd-b1d2-7481804d5064}\install.rdf c:\documents and settings\Mark\g2mdlhlpx.exe c:\documents and settings\Mark\My Documents\~WRL0150.tmp c:\documents and settings\Mark\My Documents\~WRL0780.tmp c:\documents and settings\Mark\My Documents\~WRL0803.tmp c:\documents and settings\Mark\My Documents\~WRL1806.tmp c:\documents and settings\Mark\My Documents\~WRL4051.tmp c:\documents and settings\Mark\WINDOWS c:\program files\Search Toolbar c:\program files\Search Toolbar\icon.ico c:\program files\Search Toolbar\SearchToolbarUninstall.exe c:\program files\Search Toolbar\SearchToolbarUpdater.exe c:\recycler\k-1-3542-4232123213-7676767-8888886 c:\windows\OPTIONS\CABS\_desktop.ini c:\windows\system32\Cache . c:\windows\system32\grpconv.exe was missing Restored copy from - c:\windows\system32\dllcache\grpconv.exe . . ((((((((((((((((((((((((( Files Created from 2011-07-10 to 2011-08-10 ))))))))))))))))))))))))))))))) . . 2011-08-10 01:33 . 2008-04-14 00:12 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33 . 2008-04-14 00:12 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-08 14:10 . 2011-08-08 14:10 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe 2011-08-08 01:48 . 2011-08-10 01:02 -------- d-----w- c:\documents and settings\NeroMediaHomeUser.4 2011-08-08 00:27 . 2011-08-08 00:27 -------- d-----w- c:\program files\Common Files\LightScribe 2011-07-28 14:38 . 2011-07-07 02:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38 . 2011-07-28 14:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-28 14:38 . 2011-07-07 02:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-19 15:35 . 2011-07-19 15:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller 2011-07-13 16:24 . 2011-07-13 16:24 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation 2011-07-13 16:23 . 2011-07-13 16:23 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23 . 2011-07-13 16:23 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23 . 2011-07-13 16:23 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23 . 2011-01-08 03:27 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23 . 2011-01-08 03:27 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23 . 2011-01-08 03:27 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23 . 2011-01-08 03:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23 . 2011-01-08 03:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23 . 2011-01-08 03:27 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23 . 2011-01-08 03:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23 . 2011-01-08 03:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22 . 2011-07-13 16:22 -------- d-----w- c:\windows\nview 2011-07-13 16:14 . 2011-07-13 16:24 -------- d-----w- c:\program files\NVIDIA Corporation . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-08-07 23:56 . 2009-04-16 19:12 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36 . 2011-05-20 18:21 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27 . 2011-06-15 04:57 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36 . 2011-06-15 04:36 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36 . 2011-06-15 04:36 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41 . 2011-03-26 17:25 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40 . 2011-05-31 16:40 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40 . 2011-05-31 16:40 256 ----a-w- c:\windows\system32\MSIevent.bat 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_9E64A938C044442B9C8C104AA62BD820.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\NewShortcut1_011BB310849E4442B8017718F2C57FE0.exe 2011-05-31 16:39 . 2011-05-31 16:39 65536 ----a-r- c:\documents and settings\Mark\Application Data\Microsoft\Installer\{730EF0E8-8B8E-4054-B2CE-5D4BA3BCE510}\ARPPRODUCTICON.exe 2011-06-26 15:01 . 2011-05-26 15:43 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-17 39408] "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408] "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000] "AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVDtray.exe" [2011-05-06 4980344] "DAEMON Tools Lite"="c:\util\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200] "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "V0230Mon.exe"="c:\windows\system32\V0230Mon.exe" [2006-07-19 36961] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888] "NBAgent"="c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2010-02-23 1226024] "AVFX Engine"="c:\program files\Creative\Creative Live! Cam\VideoFX\StartFX.exe" [2006-06-09 24576] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528] "RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336] "BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-18 75048] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-08 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-08 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360] "Nero MediaHome 4"="c:\program files\Nero\Nero MediaHome 4\NeroMediaHome.exe" [2008-09-11 3622184] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2011-6-24 113664] Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-29 607584] HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] WinZip Quick Pick.lnk - c:\util\WinZip\WZQKPICK.EXE [2009-8-23 106560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLinkedConnections"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 21:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\system32\acaptuser32.dll . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\Smc.exe"= "c:\\Program Files\\Symantec\\Symantec Endpoint Protection\\SNAC.EXE"= "c:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\util\\mIRC\\mirc.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\HPZnui01.exe"= "c:\\drivers\\hpl7590\\OJProL7X00_Full_8_3\\setup\\hponicifs01.exe"= "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application "c:\\Program Files\\Sling Media\\SlingPlayer\\SlingPlayer.exe"= "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\RosettaStoneVersion3.exe"= "c:\\Program Files\\Rosetta Stone\\Rosetta Stone V3\\support\\bin\\RosettaStoneLtdServices.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD9\\PowerDVD9.exe"= "c:\\Program Files\\Salling Software AB\\Salling Clicker\\WinClicker.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\SightSpeed\\SightSpeed.exe"= "c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\drivers\\hpl7590\\basic\\OJProL7X00_Basic_14\\setup\\hpznui01.exe"= "c:\\drivers\\hpl7590\\full\\OJProL7X00_Full_14\\setup\\hpznui01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"= "c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"= "c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"= "c:\\Program Files\\Cyberlink\\PowerDVD10\\PowerDVD10.exe"= "c:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "9100:TCP"= 9100:TCP:192.168.1.67 "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "<NO NAME>"= "5353:UDP"= 5353:UDP:Salling Clicker mDNS "50000:UDP"= 50000:UDP:IHA_MessageCenter . R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?] R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [4/11/2009 5:49 PM 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [6/27/2009 9:53 AM 96512] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 10:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/17/2010 10:15 AM 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [4/11/2009 5:49 PM 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54];c:\program files\Cyberlink\PowerDVD10\NavFilter\000.fcl [11/17/2010 9:29 PM 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45];c:\program files\Cyberlink\PowerDVD9\000.fcl [3/30/2009 5:53 PM 87536] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [11/18/2010 3:58 PM 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [5/24/2011 4:02 PM 151552] R2 NAUpdate;@c:\program files\Nero\Update\NASvc.exe,-200;c:\program files\Nero\Update\NASvc.exe [2/18/2010 3:01 PM 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\RemotelyAnywhere\x86\rainfo.sys [4/17/2007 2:00 PM 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [4/4/2010 8:20 AM 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe [4/11/2009 5:49 PM 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\Sling Media\SlingAgent\SlingAgentService.exe [9/25/2009 2:16 PM 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\VERIZONDM\bin\sprtsvc.exe [2/1/2011 5:54 AM 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\VERIZONDM\bin\tgsrvc.exe [2/1/2011 5:54 AM 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [5/29/2009 10:02 AM 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [4/11/2009 5:49 PM 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [7/27/2011 8:50 PM 105592] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [4/17/2007 2:00 PM 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [6/25/2010 12:43 AM 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [6/25/2010 12:43 AM 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl --> c:\program files\PowerDVD8\PowerDVD8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\StorageCraft\ImageManager\ImageManager.exe [10/24/2007 3:26 PM 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [8/11/2009 8:45 AM 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [7/7/2011 9:11 AM 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [7/7/2011 9:11 AM 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/23/2009 11:52 AM 133104] S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 10:15 AM 12872] S4 RARfsClientNP;RARfsClientNP; [x] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2009-03-08 12:32 128512 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-08-06 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-23 18:52] . 2011-08-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003Core.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-08-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1303643608-839522115-1003UA.job - c:\documents and settings\Mark\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-06-29 18:37] . 2011-12-28 c:\windows\Tasks\User_Feed_Synchronization-{A7972C66-43AF-4964-A40E-32D2946479FE}.job - c:\windows\system32\msfeedssync.exe [2007-08-14 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 FF - ProfilePath - c:\documents and settings\Mark\Application Data\Mozilla\Firefox\Profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= . - - - - ORPHANS REMOVED - - - - . BHO-{01D95493-8F0B-4193-80B5-4FB4D57DD641} - c:\windows\system32\ati2dvaa32.dll Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll SafeBoot-klmdb.sys AddRemove-Adobe Flash Player ActiveX - c:\windows\system32\Macromed\Flash\FlashUtil10s_ActiveX.exe AddRemove-DVDInfoPro - c:\program files\DVDInfoPro\uninstall.exe AddRemove-PhotoWorks - c:\documents and settings\mark\pictures\photowks\Free\Uninst.isu AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe AddRemove-Xvid_is1 - c:\program files\Xvid\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-08-09 18:37 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . [HKEY_LOCAL_MACHINE\System\ControlSet003\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}] "ImagePath"="\??\c:\program files\PowerDVD8\PowerDVD8\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1960408961-1303643608-839522115-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(920) c:\program files\SUPERAntiSpyware\SASWINLO.dll c:\windows\system32\WININET.dll c:\windows\system32\RARfsClientNP.dll . - - - - - - - > 'lsass.exe'(980) c:\windows\system32\RARfsClientNP.dll . Completion time: 2011-08-09 18:40:47 ComboFix-quarantined-files.txt 2011-08-10 01:40 . Pre-Run: 1,221,950,922,752 bytes free Post-Run: 1,255,097,098,240 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect . - - End Of File - - 1EE5618C14B0044C66E70F33780BD5DE . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mark at 18:41:27 on 2011-08-09 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.2855 [GMT -7:00] . AV: Symantec Endpoint Protection *Disabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe C:\util\DAEMON Tools Lite\DTLite.exe C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\util\WinZip\WZQKPICK.EXE C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\vsnapvss.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\notepad.exe C:\WINDOWS\explorer.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ mStart Page = hxxp://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [Nero MediaHome 4] "c:\program files\nero\nero mediahome 4\NeroMediaHome.exe" /AUTORUN StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: c:\windows\system32\acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe" mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 151552] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110808.024\NAVENG.SYS [2011-8-8 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110808.024\NAVEX15.SYS [2011-8-8 1576312] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-25 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-25 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S4 RARfsClientNP;RARfsClientNP; [x] . =============== Created Last 30 ================ . 2011-08-10 01:33:44 39424 -c--a-w- c:\windows\system32\dllcache\grpconv.exe 2011-08-10 01:33:44 39424 ----a-w- c:\windows\system32\grpconv.exe 2011-08-10 01:14:39 -------- d-sha-r- C:\cmdcons 2011-08-10 01:12:50 98816 ----a-w- c:\windows\sed.exe 2011-08-10 01:12:50 518144 ----a-w- c:\windows\SWREG.exe 2011-08-10 01:12:50 256000 ----a-w- c:\windows\PEV.exe 2011-08-10 01:12:50 208896 ----a-w- c:\windows\MBR.exe 2011-08-08 14:10:14 -------- d-----w- c:\documents and settings\all users\application data\LightScribe 2011-07-28 14:38:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 14:38:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-19 15:35:58 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-07-13 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-07-13 16:23:25 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23:22 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23:22 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23:11 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23:10 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23:10 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23:10 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23:10 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23:10 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23:10 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23:09 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22:18 -------- d-----w- c:\windows\nview 2011-07-13 16:14:31 -------- d-----w- c:\program files\NVIDIA Corporation . ==================== Find3M ==================== . 2011-08-07 23:56:30 691696 ----a-w- c:\windows\system32\drivers\sptd.sys 2011-07-07 16:36:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27:32 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36:27 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36:26 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41:28 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40:19 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40:19 256 ----a-w- c:\windows\system32\MSIevent.bat . ============= FINISH: 18:41:40.51 ===============
-
Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7395 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 8/6/2011 1:30:57 PM mbam-log-2011-08-06 (13-30-57).txt Scan type: Quick scan Objects scanned: 217721 Time elapsed: 18 minute(s), 43 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) . DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 Run by Mark at 13:31:35 on 2011-08-06 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3582.1080 [GMT -7:00] . AV: Symantec Endpoint Protection *Enabled/Updated* {FB06448E-52B8-493A-90F3-E43226D3305C} . ============== Running Processes =============== . C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe svchost.exe svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k HPService C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Nero\Update\NASvc.exe C:\WINDOWS\system32\V0230Mon.exe C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\Program Files\RemotelyAnywhere\x86\RaMaint.exe C:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files\Cyberlink\Shared files\brs.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\RemotelyAnywhere\x86\RemotelyAnywhere.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\StorageCraft\ShadowProtect\ShadowProtectSvc.exe C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Sling Media\SlingAgent\SlingAgentService.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\VERIZONDM\bin\sprtsvc.exe C:\util\WinZip\WZQKPICK.EXE C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Office\Office10\msoffice.exe C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Program Files\VERIZONDM\bin\tgsrvc.exe C:\WINDOWS\System32\vssvc.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\WINDOWS\system32\vsnapvss.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Quicken\qw.exe C:\Program Files\Movie Collector\MovieCollector.exe C:\Program Files\CD-LabelPrint\CDLabelPrint.exe C:\util\PrintKey2000\Printkey2000.exe C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\BD_Rebuilder\BD_Rebuilder.exe C:\Program Files\BD_Rebuilder\tools\x264.exe C:\WINDOWS\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/ uWindow Title = Windows Internet Explorer provided by Yahoo! uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 mDefault_Page_URL = hxxp://www.yahoo.com mStart Page = hxxp://www.yahoo.com uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: {01d95493-8f0b-4193-80b5-4fb4d57dd641} - c:\windows\system32\ati2dvaa32.dll BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll TB: @c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [Google Update] "c:\documents and settings\mark\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVDtray.exe uRun: [DAEMON Tools Lite] "c:\util\daemon tools lite\DTLite.exe" -autorun mRun: [V0230Mon.exe] c:\windows\system32\V0230Mon.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NBAgent] "c:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart mRun: [AVFX Engine] c:\program files\creative\creative live! cam\videofx\StartFX.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [RemoteControl10] "c:\program files\cyberlink\powerdvd10\PDVD10Serv.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\util\winzip\WZQKPICK.EXE uPolicies-explorer: DisallowRun = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll/cmsidewiki.html IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\micros~3\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {106E49CF-797A-11D2-81A2-00E02C015623} - hxxp://www.alternatiff.com/install-ie/alttiff.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxp://h20364.www2.hp.com/CSMWeb/Customer/cabs/HPISDataManager.CAB DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.115/WebSlingPlayer.cab DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxp://mypc:2000/activex/RACtrl.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{7E1FF7CE-12D4-48A4-B40B-360FD23B51A6} : DhcpNameServer = 192.168.1.1 68.238.64.12 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll AppInit_DLLs: acaptuser32.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 mASetup: {Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E555} - c:\dwld\anydvd hd 6.4.5.7 beta\crack\Leftover killer.exe -M . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p= FF - prefs.js: browser.search.selectedEngine - DAEMON Search FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=ffds1&p= FF - component: c:\documents and settings\mark\application data\mozilla\firefox\profiles\p5oo56mt.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll FF - plugin: c:\documents and settings\mark\local settings\application data\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\documents and settings\mark\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60129.0\npctrlui.dll FF - plugin: c:\program files\msn toolbar\platform\5.0.1449.0\npwinext.dll . ============= SERVICES / DRIVERS =============== . R0 stcvsm;stcvsm;c:\windows\system32\drivers\stcvsm.sys [2009-4-11 113904] R1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2009-6-27 96512] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632] R1 sbmount;StorageCraft Image Mount Driver;c:\windows\system32\drivers\sbmount.sys [2009-4-11 79616] R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/03/24 13:54:55];c:\program files\cyberlink\powerdvd10\navfilter\000.fcl [2010-11-17 87536] R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/05/31 16:45:32];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-3-30 108392] R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-11-18 20328] R2 IHA_MessageCenter;IHA_MessageCenter;c:\program files\verizon\iha_messagecenter\bin\Verizon_IHAMessageCenter.exe [2011-5-24 151552] R2 NAUpdate;@c:\program files\nero\update\nasvc.exe,-200;c:\program files\nero\update\NASvc.exe [2010-2-18 462632] R2 RAInfo;RemotelyAnywhere Kernel Information Provider;c:\program files\remotelyanywhere\x86\rainfo.sys [2007-4-17 12992] R2 RARfsDriver;RemotelyAnywhere Remote File System Driver;c:\windows\system32\drivers\RARfsDriver.sys [2010-4-4 46000] R2 ShadowProtectSvc;ShadowProtect Service;c:\program files\storagecraft\shadowprotect\ShadowProtectSvc.exe [2009-4-11 1990656] R2 SlingAgentService;SlingAgentService;c:\program files\sling media\slingagent\SlingAgentService.exe [2009-9-25 93960] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files\verizondm\bin\sprtsvc.exe [2011-2-1 206120] R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2009-3-30 2440120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files\verizondm\bin\tgsrvc.exe [2011-2-1 185640] R2 thdudf;TOSHIBA UDF2.5 Reader File System Driver;c:\windows\system32\drivers\thdudf.sys [2009-5-29 66944] R2 VSNAPVSS;StorageCraft Shadow Copy Provider;c:\windows\system32\vsnapvss.exe [2009-4-11 61952] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-7-27 105592] R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20110805.040\NAVENG.SYS [2011-8-5 86136] R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20110805.040\NAVEX15.SYS [2011-8-5 1576312] R3 ramirr;ramirr;c:\windows\system32\drivers\ramirr.sys [2007-4-17 10168] R3 V0230Vfx;V0230Vfx;c:\windows\system32\drivers\V0230Vfx.sys [2010-6-25 6272] R3 V0230VID;Live! Cam Video IM Pro;c:\windows\system32\drivers\V0230VID.sys [2010-6-25 498464] S2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};\??\c:\program files\powerdvd8\powerdvd8\000.fcl --> c:\program files\powerdvd8\powerdvd8\000.fcl [?] S2 gupdate1ca0bc6b51516ae;Google Update Service (gupdate1ca0bc6b51516ae);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S2 StorageCraft Image Manager;StorageCraft Image Manager;c:\program files\storagecraft\imagemanager\ImageManager.exe [2007-10-24 69632] S2 StorageCraft Image Manager32;StorageCraft Image Manager ;c:\windows\system32\ntsdexts32.exe --> c:\windows\system32\ntsdexts32.exe [?] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\ambfilt.sys [2009-8-11 1684736] S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-7-7 13192] S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-7-7 8456] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-23 133104] S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872] S4 RARfsClientNP;RARfsClientNP; [x] . =============== File Associations =============== . scrfile="%1" %* . =============== Created Last 30 ================ . 2011-07-28 14:38:12 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-07-28 14:38:08 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-07-28 14:38:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-07-19 22:07:13 0 ---ha-w- c:\documents and settings\mark\abaoltabgm.tmp 2011-07-19 15:35:58 -------- d-----w- c:\documents and settings\all users\application data\NortonInstaller 2011-07-13 16:24:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-07-13 16:23:25 252080 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-07-13 16:23:22 252080 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-07-13 16:23:22 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-07-13 16:23:11 61440 ----a-w- c:\windows\system32\OpenCL.dll 2011-07-13 16:23:10 941160 ----a-w- c:\windows\system32\nvdispco322090.dll 2011-07-13 16:23:10 837736 ----a-w- c:\windows\system32\nvgenco322040.dll 2011-07-13 16:23:10 4980736 ----a-w- c:\windows\system32\nvcuda.dll 2011-07-13 16:23:10 2916968 ----a-w- c:\windows\system32\nvcuvid.dll 2011-07-13 16:23:10 2292678 ----a-w- c:\windows\system32\nvdata.bin 2011-07-13 16:23:10 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll 2011-07-13 16:23:09 13004800 ----a-w- c:\windows\system32\nvcompiler.dll 2011-07-13 16:22:18 -------- d-----w- c:\windows\nview 2011-07-13 16:14:31 -------- d-----w- c:\program files\NVIDIA Corporation . ==================== Find3M ==================== . 2011-07-07 16:36:04 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-20 20:27:32 2468632 ----a-w- c:\windows\system32\AutoPartNt.exe 2011-06-15 04:36:27 902432 ----a-w- c:\windows\system32\drivers\tdrpm251.sys 2011-06-15 04:36:26 570016 ----a-w- c:\windows\system32\drivers\timntr.sys 2011-06-07 03:41:28 3835624 ----a-w- c:\windows\system32\SpoonUninstall.exe 2011-05-31 16:40:19 260 ----a-w- c:\windows\system32\cmdVBS.vbs 2011-05-31 16:40:19 256 ----a-w- c:\windows\system32\MSIevent.bat . ============= FINISH: 13:32:48.06 =============== attach.zip
-
Here are my logs: Malwarebytes' Anti-Malware 1.51.1.1800 www.malwarebytes.org Database version: 7309 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 7/28/2011 8:02:34 AM mbam-log-2011-07-28 (08-02-34).txt Scan type: Quick scan Objects scanned: 225708 Time elapsed: 23 minute(s), 18 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 1 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully. Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) attach.zip
-
Thanks for all your help!!!
-
Looks clean? ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK QuickScan Beta 32-bit v0.9.9.93 ------------------------------- Scan date: Thu Jun 30 17:42:42 2011 Machine ID: D84B8B3B No infection found. ------------------- Processes --------- (unsigned) Acer Empowering Techonology Framework L 4144 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (unsigned) Acer eNet Management 1672 C:\Acer\Empowering Technology\eNet\eNMTray.exe (unsigned) Acer ePower Management 4136 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (unsigned) Acer eRecovery Management 5000 C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (unsigned) Cyberlink PowerCinema 3360 C:\Program Files\Acer\Acer Arcade\PCMService.exe (unsigned) eDataSecurity 2504 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (verified) Alps Pointing-device Driver 3936 C:\Program Files\Apoint2K\Apoint.exe (verified) Alps Pointing-device Driver for Windows 5676 C:\Program Files\Apoint2K\ApntEx.exe (verified) cyberlink brs 3624 C:\Program Files\CyberLink\Shared Files\brs.exe (verified) Firefox 4960 C:\Program Files\Mozilla Firefox\firefox.exe (verified) Firefox 5208 C:\Program Files\Mozilla Firefox\plugin-container.exe (verified) HD Audio Control Panel 1532 C:\Windows\RtHDVCpl.exe (verified) Intel® Common User Interface 3872 C:\Windows\System32\hkcmd.exe (verified) Intel® Common User Interface 2108 C:\Windows\System32\igfxpers.exe (verified) Intel® Common User Interface 3896 C:\Windows\System32\igfxsrvc.exe (verified) Intel® Common User Interface 3620 C:\Windows\System32\igfxtray.exe (verified) iTunes 3680 C:\Program Files\iTunes\iTunesHelper.exe (verified) Microsoft® Windows® Operating System 948 C:\Program Files\Windows Media Player\wmpnscfg.exe (verified) Microsoft® Windows® Operating System 2120 C:\Program Files\Windows Sidebar\sidebar.exe (verified) Microsoft® Windows® Operating System 4936 C:\Windows\explorer.exe (verified) Microsoft® Windows® Operating System 1224 C:\Windows\System32\dwm.exe (verified) Microsoft® Windows® Operating System 3332 C:\Windows\System32\taskeng.exe (verified) Microsoft® Windows® Operating System 3700 C:\Windows\WindowsMobile\wmdSync.exe (verified) PC Tool Smart Alert 2880 C:\Program Files\Registry Mechanic\Alert.exe (verified) PowerDVD RC Service 3692 C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (verified) SSDMonit Application 3304 C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (verified) Symantec Security Technologies 2916 C:\Program Files\Common Files\Symantec Shared\ccApp.exe (verified) Windows 3376 C:\Windows\System32\wpcumi.exe Network activity ---------------- Process firefox.exe (4960) connected on port 80 (HTTP) --> 74.125.224.171 Process firefox.exe (4960) connected on port 80 (HTTP) --> 69.171.224.12 Process firefox.exe (4960) connected on port 80 (HTTP) --> 74.125.224.171 Process plugin-container.exe (5208) connected on port 80 (HTTP) --> 199.7.52.190 Autoruns and critical files --------------------------- (unsigned) acer eNetManagement c:\windows\system32\enethook.dll (unsigned) Acer Tour Reminder C:\Acer\AcerTour\Reminder.exe (unsigned) Acer.scr C:\Windows\system32\Acer.scr (unsigned) Cyberlink PowerCinema C:\Program Files\Acer\Acer Arcade\PCMService.exe (unsigned) eDataSecurity C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (unsigned) launcher.exe C:\Program Files\Acer Assist\launcher.exe (unsigned) PowerReg C:\Program Files\Acer Registration\ACE1.exe (unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (verified) Alps Pointing-device Driver C:\Program Files\Apoint2K\Apoint.exe (verified) cyberlink brs C:\Program Files\CyberLink\Shared Files\brs.exe (verified) HD Audio Control Panel C:\Windows\RtHDVCpl.exe (verified) Intel® Common User Interface C:\Windows\System32\hkcmd.exe (verified) Intel® Common User Interface C:\Windows\System32\igfxdev.dll (verified) Intel® Common User Interface C:\Windows\System32\igfxpers.exe (verified) Intel® Common User Interface C:\Windows\System32\igfxtray.exe (verified) iTunes C:\Program Files\iTunes\iTunesHelper.exe (verified) Launch Manager C:\Program Files\Launch Manager\LManager.exe (verified) Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE (verified) Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe (verified) Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll (verified) Microsoft® Windows® Operating System C:\Windows\system32\oobefldr.dll (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe (verified) Microsoft® Windows® Operating System C:\Windows\WindowsMobile\wmdSync.exe (verified) MobileMe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (verified) PowerDVD Language Application C:\Program Files\CyberLink\PowerDVD9\Language\Language.exe (verified) PowerDVD RC Service C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe (verified) Realtek Voice Manager C:\Windows\Skytel.exe (verified) SSDMonit Application C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe (verified) Symantec Security Technologies C:\Program Files\Common Files\Symantec Shared\ccApp.exe (verified) Windows C:\Windows\System32\wpcumi.exe (verified) Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe (verified) Windows® Internet Explorer c:\windows\system32\webcheck.dll Browser plugins --------------- (unsigned) ActiveToolBand Module C:\Windows\System32\ActiveToolBand.dll (unsigned) eDStoolbar Module C:\Windows\System32\eDStoolbar.dll (unsigned) Panda3D Game Engine Plug-in 1.0.1 C:\Windows\Downloaded Program Files\p3dactivex.ocx (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (unsigned) QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll (verified) AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (verified) BitDefender QuickScan C:\Users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll (verified) BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll (verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll (verified) Family Feud C:\Windows\Downloaded Program Files\familyfeud.ocx (verified) Games C:\Windows\Downloaded Program Files\wwlaunch.ocx (verified) Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll (verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll (verified) Windows C:\Windows\System32\wpclsp.dll (verified) Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (verified) Windows® Internet Explorer C:\Windows\System32\ieframe.dll Scan ---- (unsigned) MD5: 1ecd388c55b7bd4468395cdfd4488f3d C:\Acer\AcerTour\Reminder.exe (unsigned) MD5: 3845b6555de995f6c0c07ae2abcc0532 C:\Acer\ALaunch\ALaunchSvc.exe (unsigned) MD5: 4cd3dca5f48d7dce9a3ee90df83a1223 C:\Acer\Empowering Technology\Acer.Empowering.Framework.DialogManager.dll (unsigned) MD5: 1b05cfdbf6e769028703b6368e91ba8d C:\Acer\Empowering Technology\Acer.Empowering.Framework.Host.dll (unsigned) MD5: 363ec83893477e492c2ea52fa95253dc C:\Acer\Empowering Technology\Acer.Empowering.Framework.Interface.dll (unsigned) MD5: 8092bc19097a8d5b07a44e49d3aa239d C:\Acer\Empowering Technology\Acer.Empowering.Framework.LaunchBarView.dll (unsigned) MD5: 50413b53240d067eadf1e7bd6a38d0f2 C:\Acer\Empowering Technology\Acer.Empowering.Framework.PasswordSetting.dll (unsigned) MD5: 13a8cec1d544c448f974912690277b7e C:\Acer\Empowering Technology\Acer.Empowering.Framework.Presenter.dll (unsigned) MD5: b044d50a56fe16fc9f3d5445e9bf106f C:\Acer\Empowering Technology\acer.empowering.framework.shared.dll (unsigned) MD5: 39cbe2e778299f468bbd5b45cfb90a70 C:\Acer\Empowering Technology\Acer.Empowering.Framework.Supervisor.exe (unsigned) MD5: 6d0db7b8895bbbd610a8d6af9672431a C:\Acer\Empowering Technology\Acer.Empowering.Shared.UI.dll (unsigned) MD5: 72a2a89cfe8eceebe84efbe5cbbc1dd7 C:\Acer\Empowering Technology\acer.empowering.windows.forms.dll (unsigned) MD5: e090ee780714e376062198c6625d5b51 C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe (unsigned) MD5: 320d3528de1771c8c7e9b53db0ebef74 C:\Acer\Empowering Technology\eDataSecurity\eDSplugin.dll (unsigned) MD5: 503a72d3b29427a80c610c92163830e7 C:\Acer\Empowering Technology\eLock.Serv.Interface.dll (unsigned) MD5: 490001cc1c1a5b2e120199480ba6adff C:\Acer\Empowering Technology\eLock\eLock.Client.dll (unsigned) MD5: 59870aba7eab51ebd56f21d90fbd456b C:\Acer\Empowering Technology\eLock\eLockCTL.dll (unsigned) MD5: fb5383bfd4dec6792aaef76c9343ecff C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe (unsigned) MD5: 72a2a89cfe8eceebe84efbe5cbbc1dd7 C:\Acer\Empowering Technology\eNet\Acer.Empowering.Windows.Forms.dll (unsigned) MD5: 76605bbac5e28ab48ec0face46ee743e C:\Acer\Empowering Technology\eNet\Diagnosis.dll (unsigned) MD5: 9316c26f089cf2cea2bd1496ac9f38a4 C:\Acer\Empowering Technology\eNet\eNet Service.exe (unsigned) MD5: 282abebf70112d79cd92dfd3046cdeea C:\Acer\Empowering Technology\eNet\eNet.dll (unsigned) MD5: 2bb5b239a4501c0a846a2e43d3a98986 C:\Acer\Empowering Technology\eNet\eNetHook.dll (unsigned) MD5: 72ee63ff69a73ba13dbb8fc9fb69acbb C:\Acer\Empowering Technology\eNet\eNetPlugin.dll (unsigned) MD5: 84e951281677788db8fd9d0a669a8e0f C:\Acer\Empowering Technology\eNet\eNetServiceInterface.dll (unsigned) MD5: 90e857889d71c3d46d60bd352c8dab99 C:\Acer\Empowering Technology\eNet\eNMIPCmm.dll (unsigned) MD5: 5b1a52a2f4573a1ca947a3af859cf6f7 C:\Acer\Empowering Technology\eNet\eNMTray.exe (unsigned) MD5: 44db6dff9cf3902b120bf846f1ae96d6 C:\Acer\Empowering Technology\eNet\ICmdDispatcher.dll (unsigned) MD5: a36a62960d9da21fb5fdd7276c5beacd C:\Acer\Empowering Technology\eNet\MultiLang.dll (unsigned) MD5: e6ae8a882646891c35af11300bf9a7ea C:\Acer\Empowering Technology\eNet\Network.dll (unsigned) MD5: 0dd9a112f0fa435d354eb4bdf3298b7d C:\Acer\Empowering Technology\eNet\NetworkCardMgr.dll (unsigned) MD5: ca4da3278410ff88a6b56fd4213963c2 C:\Acer\Empowering Technology\eNet\PfMgr.dll (unsigned) MD5: f9bd37444b07018d5bf56d49ec12dc03 C:\Acer\Empowering Technology\eNet\ProfileSwitch.dll (unsigned) MD5: 152dbb3dbbb3b7110fecebdb34cc7248 C:\Acer\Empowering Technology\eNet\Wlan.dll (unsigned) MD5: add5e336a86eb9e6bcd590cc8b17ac6c C:\Acer\Empowering Technology\ePower\en\ePower_UI.resources.dll (unsigned) MD5: 0f0e9ebe47a7b2bd7444424473fa3962 C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (unsigned) MD5: e75999892cec703b3e1b5221b5bac92a C:\Acer\Empowering Technology\ePower\ePower_UI.dll (unsigned) MD5: ee80ac462a171dbf06eeb2058b5d3bc6 C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (unsigned) MD5: dbebe0c451f1ee6ed9028d116e77495b C:\Acer\Empowering Technology\ePower\SysHook.dll (unsigned) MD5: 442e9fbbeebd916519d8381bc2f71ea9 C:\Acer\Empowering Technology\ePower\WMIInterface.dll (unsigned) MD5: e09f72b19d45906ceb2115e55005bfc5 C:\Acer\Empowering Technology\ePresentation\ePresentationCTL.dll (unsigned) MD5: 4f779ad993a2975d945ee6985cac0fea C:\Acer\Empowering Technology\eRecovery\eRAgent.exe (unsigned) MD5: 3d184410ef5ee017e186ac96181b3ff8 C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe (unsigned) MD5: 4f0d42339259d4ab955b565845bbe583 C:\Acer\Empowering Technology\eRecovery\eRecoveryUI.dll (unsigned) MD5: 6b46e837ec3ff448a0665dc86c5208dc C:\Acer\Empowering Technology\eRecovery\ServiceInterface.dll (unsigned) MD5: c5333e9a6992eb4bd5d2592efc0dcc03 C:\Acer\Empowering Technology\eSettings.Model.ComputerInterfaces.dll (unsigned) MD5: b7c242b0251d658cabf5f3fd91eef3eb C:\Acer\Empowering Technology\eSettings\eSettings.Plugin.dll (unsigned) MD5: 5086dc931f7c15bcf12e29d5eaa78b2d C:\Acer\Empowering Technology\eSettings\eSettings.Presenter.dll (unsigned) MD5: 6a7b3889caccc5ce4f5e8e9fd8c921ff C:\Acer\Empowering Technology\eSettings\eSettings.View.dll (unsigned) MD5: dca768724878d1177034691517ef9b91 C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe (unsigned) MD5: 5f3bd963f02108c36592b5728fa725c5 C:\Acer\Empowering Technology\log4net.dll (unsigned) MD5: 842684e0df20a59e293da1c6f0dfe261 C:\Acer\Mobility Center\MobilityService.exe (unsigned) MD5: f9e2c7373c92b6cd9c398b30e85d126e C:\Program Files\Acer Assist\launcher.exe (unsigned) MD5: dd75c4fde2026b84d85737cd4458e0ff C:\Program Files\Acer Registration\ACE1.exe (unsigned) MD5: 48f25fc1b2796cda2aeeffe560666055 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe (unsigned) MD5: e704d274715e0b1fb5b558951ff95f16 C:\Program Files\Acer\Acer Arcade\Kernel\common\CLRCEngine3.dll (unsigned) MD5: 9f75dfcaffaccd99f9854fab0aa1bc7f C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapEngine.dll (unsigned) MD5: 2a85d608a484dfe7eac7b9cae089bf73 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe (unsigned) MD5: 28b3d45b0cb49f24157e92d90bf343c1 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvcps.dll (unsigned) MD5: 9dd3fcfd2eb348514ac6ac11616672eb C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapX.dll (unsigned) MD5: 746724540bd4b618b89f8a614a02f50d C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe (unsigned) MD5: 237c6256b2e4d3015e4f42f4a6539784 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSchMgr.dll (unsigned) MD5: d86f329c63bde78751b2f7ef352eb222 C:\Program Files\Acer\Acer Arcade\Kernel\TV\PCMRRec4.dll (unsigned) MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Acer\Acer Arcade\MFC71.dll (unsigned) MD5: 97eafd36a7e6b61319abfbceda328f63 C:\Program Files\Acer\Acer Arcade\PCMService.exe (unsigned) MD5: 793ff718477345cd5d232c50bed1e452 C:\Program Files\Common Files\LightScribe\LSSrvc.exe (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll (unsigned) MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll (unsigned) MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll (unsigned) MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts (unsigned) MD5: dddbd3d825e9846b6adb78578aa7a699 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll (unsigned) MD5: 103976a97e25724e0a3ed50e48921cd2 C:\Program Files\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll (unsigned) MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\QTTask.exe (unsigned) MD5: 0c9fffc25f797f8c7c3f99bc12cfa411 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\f6deb187f24bb3185841092b89fbfdbb\mscorlib.ni.dll (unsigned) MD5: 1a5e278dedf15c328aaeec5dcb18b808 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\af6f706cdcf02a312a9a339c20a8dbfb\System.Configuration.ni.dll (unsigned) MD5: 11ff68ddfe3e90de4401ec43d7acbbca C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\daf35d9703895998bae9efd6d23be282\System.Drawing.ni.dll (unsigned) MD5: e5cac0211584e4a8e50e5ca30e961602 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99ebbe6c25ebbd2ebd6e0f842ae84617\System.Management.ni.dll (unsigned) MD5: 08ca595ad1f7a889aac47e4b8bf10878 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\3e1c184b683c96ec23c1cf22aec704d9\System.Runtime.Remoting.ni.dll (unsigned) MD5: ed95dc7692e4bfaa3e219b6fcbe1c0f1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7d35e4a8583c5dc077a1d43d12ad8855\System.ServiceProcess.ni.dll (unsigned) MD5: 08489cfbc16f770f093befc76bff8d1f C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\9e5583324c4659b40b4b440fb1a9e639\System.Web.ni.dll (unsigned) MD5: 752c6a33b87bc81c8481906e6c6e79bf C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\4d5fc62cbae71aae3cf1fa90446920ef\System.Windows.Forms.ni.dll (unsigned) MD5: fdeebd2a0a0ba6000c904dc4fae674a5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\eb5ed48265c5035b75b76a847213c0bc\System.Xml.ni.dll (unsigned) MD5: e43a888be303497084f56b52770390e1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\f5fa811725cbc26754b26fb9cb2bda63\System.ni.dll (unsigned) MD5: 03ca457cae11969e40b3840ad9432045 C:\Windows\Downloaded Program Files\p3dactivex.ocx (unsigned) MD5: a356c37d72ac22bdfbe421e7a96b51d6 C:\Windows\System32\ActiveToolBand.dll (unsigned) MD5: b9876a758b370ff98e21b95a855bfe9b C:\Windows\System32\ADMIN_CLASS_LIB.dll (unsigned) MD5: 5cb2c74f632f47f39071ad7487b0f825 C:\Windows\system32\Adobe\Director\np32dsw.dll (unsigned) MD5: 9f97089fa244b38321464f0aa40e186f C:\Windows\System32\BatchCrypto.dll (unsigned) MD5: df53b8bd2c2d86e8cfeb4bb488b5ea37 C:\Windows\System32\CryptoAPI.dll (unsigned) MD5: 7f1c1f78d709c4a54cbb46ede7e0b48d C:\Windows\system32\DRIVERS\NTIDrvr.sys (unsigned) MD5: 5c142ec504f37c5ff36ac1ab73f20c1b C:\Windows\System32\eDStoolbar.dll (unsigned) MD5: 2bb5b239a4501c0a846a2e43d3a98986 c:\windows\system32\enethook.dll (unsigned) MD5: 69a6f66e921ae6a6814f021f7e9fa1d0 C:\Windows\System32\keyManager.dll (unsigned) MD5: 81adb60c39decb86676d1c6f9578e68b C:\Windows\System32\MSNChatHook.dll (unsigned) MD5: 36b091cb0b6fdbe01df37425014b2bb2 C:\Windows\System32\PSDUtil.dll (unsigned) MD5: ff265743d5fa487d5721b4e94d17842a C:\Windows\System32\ShowErrMsg.dll (unsigned) MD5: 2fb1494c450fb7b0c350492acc24607d C:\Windows\System32\sysenv.dll (unsigned) MD5: 75f2a9b695ef3ef22d731f059920f636 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll (unsigned) MD5: ccc2e312486ae6b80970211da472268b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.762_none_0c178a139ee2a7ed\mfc80u.dll No file uploaded. Scan finished - communication took 3 sec Total traffic - 0.06 MB sent, 1.16 KB recvd Scanned 1294 files and modules - 87 seconds ==============================================================================
-
It's still running faster . ComboFix 11-06-30.03 - Linda 06/30/2011 11:31:31.2.1 - x86 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.267 [GMT -7:00] Running from: c:\users\Linda\Desktop\ComboFix.exe Command switches used :: c:\users\Linda\Desktop\CFScript.txt SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\system32\drivers\80540847.sys" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_80540847 . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-30 18:43 . 2011-06-30 18:49 -------- d-----w- c:\users\Linda\AppData\Local\temp 2011-06-30 18:43 . 2011-06-30 18:43 -------- d-----w- c:\users\Fallon\AppData\Local\temp 2011-06-29 23:47 . 2011-06-29 23:47 -------- d-----w- c:\users\Linda\AppData\Roaming\PeerNetworking 2011-06-29 23:28 . 2011-06-29 23:28 -------- d-----w- c:\users\Linda\AppData\Local\Apps 2011-06-29 23:28 . 2011-06-29 23:30 -------- d-----w- c:\users\Linda\AppData\Local\Deployment 2011-06-28 15:37 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9247C8AE-45DE-4CE9-909F-90A189CF660B}\mpengine.dll 2011-06-28 02:49 . 2011-06-28 02:49 -------- d-----w- c:\program files\Apple Software Update 2011-06-28 02:42 . 2011-06-28 02:42 -------- d-----w- c:\program files\iPod 2011-06-28 02:02 . 2011-06-28 02:02 -------- d-----w- c:\program files\Bonjour 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-06-23 23:01 . 2011-06-23 23:01 -------- d-----w- c:\users\Fallon\AppData\Roaming\Malwarebytes 2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\programdata\Malwarebytes 2011-06-21 22:17 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-16 08:39 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 08:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 08:39 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 08:39 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 08:39 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 08:38 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 08:37 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 08:37 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 08:37 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-16 08:37 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-27 22:08 . 2011-06-27 22:08 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-27 22:08 . 2011-06-27 22:08 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-27 22:08 . 2011-06-27 22:08 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-27 22:08 . 2011-06-27 22:08 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-06-27 22:07 . 2011-06-27 22:07 152064 ----a-w- c:\windows\system32\wextract.exe 2011-06-27 22:07 . 2011-06-27 22:07 420864 ----a-w- c:\windows\system32\vbscript.dll 2011-04-29 15:59 . 2011-06-29 11:44 276992 ----a-w- c:\windows\system32\schannel.dll 2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-06-16 04:17 . 2011-06-27 21:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-06-30_14.34.14 ))))))))))))))))))))))))))))))))))))))))) . + 2006-11-02 13:02 . 2011-06-30 18:49 79234 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin + 2011-06-30 15:07 . 2006-09-20 00:47 80744 c:\windows\System32\drivers\WSVD.sys + 2008-08-09 21:25 . 2011-06-30 18:49 6804 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1998233532-487228089-2655391932-1001_UserData.bin - 2011-06-30 13:58 . 2011-06-30 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat + 2011-06-30 18:46 . 2011-06-30 18:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2011-06-30 13:58 . 2011-06-30 13:58 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-06-30 18:46 . 2011-06-30 18:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2011-03-19 10:18 . 2011-06-30 18:44 308328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-03-19 10:18 . 2011-06-30 04:49 308328 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-06-29 22:44 . 2011-06-30 14:02 1070100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-4096.dat + 2011-06-29 22:44 . 2011-06-30 18:45 1070100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-4096.dat + 2011-06-30 18:45 . 2011-06-30 18:45 1457744 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1998233532-487228089-2655391932-1001-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] "Acer Tour Reminder"="" [bU] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "Skytel"="Skytel.exe" [2007-06-15 1826816] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-31 75048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-30 115560] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] R3 WSVD;WSVD;c:\windows\system32\drivers\WSVD.sys [2006-09-20 80744] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-31 00:53 87536] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-06-30 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2010-11-25 16:46] . 2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2ECAE152-400F-4AEE-B685-F140C8E3661A}.job - c:\windows\system32\msfeedssync.exe [2011-06-27 22:07] . 2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{307C4116-25B9-4330-930D-E68F9CA585BB}.job - c:\windows\system32\msfeedssync.exe [2011-06-27 22:07] . . ------- Supplementary Scan ------- . mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\ . . ************************************************************************** scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5868) c:\windows\system32\MsnChatHook.dll c:\windows\system32\ShowErrMsg.dll c:\windows\system32\sysenv.dll c:\windows\system32\BatchCrypto.dll c:\windows\system32\CryptoAPI.dll c:\windows\system32\keyManager.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe c:\program files\Common Files\Symantec Shared\ccSvcHst.exe c:\windows\system32\agrsmsvc.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe c:\acer\Empowering Technology\eDataSecurity\eDSService.exe c:\acer\Empowering Technology\eLock\Service\eLockServ.exe c:\acer\Empowering Technology\eNet\eNet Service.exe c:\program files\Common Files\LightScribe\LSSrvc.exe c:\acer\Mobility Center\MobilityService.exe c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe c:\windows\system32\DRIVERS\xaudio.exe c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe c:\acer\Empowering Technology\eRecovery\eRecoveryService.exe c:\acer\Empowering Technology\eSettings\Service\capuserv.exe c:\acer\Empowering Technology\ePower\ePowerSvc.exe c:\windows\system32\wbem\unsecapp.exe c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe c:\windows\RtHDVCpl.exe c:\program files\Windows Media Player\wmpnscfg.exe c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\Launch Manager\LManager.exe c:\windows\system32\igfxsrvc.exe c:\windows\system32\igfxext.exe c:\windows\system32\igfxsrvc.exe c:\acer\Empowering Technology\ENET\ENMTRAY.EXE c:\acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE c:\acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE c:\users\Linda\AppData\Local\Temp\RtkBtMnt.exe c:\acer\Empowering Technology\eRecovery\ERAGENT.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Apoint2K\ApMsgFwd.exe c:\program files\Apoint2K\Apntex.exe . ************************************************************************** . Completion time: 2011-06-30 12:10:04 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-30 19:09 ComboFix2.txt 2011-06-30 14:49 . Pre-Run: 26,802,065,408 bytes free Post-Run: 26,488,426,496 bytes free . - - End Of File - - 0DEBAC69A226D1AD7C0514377357ABA0
-
It's running a lot faster now! Here are the logs you requested. ComboFix 11-06-30.01 - Linda 06/30/2011 7:19.1.1 - x86 Running from: c:\users\Linda\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf . . ((((((((((((((((((((((((( Files Created from 2011-05-28 to 2011-06-30 ))))))))))))))))))))))))))))))) . . 2011-06-30 14:32 . 2011-06-30 14:32 -------- d-----w- c:\users\Fallon\AppData\Local\temp 2011-06-30 14:32 . 2011-06-30 14:34 -------- d-----w- c:\users\Linda\AppData\Local\temp 2011-06-30 14:32 . 2011-06-30 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2011-06-29 23:47 . 2011-06-29 23:47 -------- d-----w- c:\users\Linda\AppData\Roaming\PeerNetworking 2011-06-29 23:28 . 2011-06-29 23:28 -------- d-----w- c:\users\Linda\AppData\Local\Apps 2011-06-29 23:28 . 2011-06-29 23:30 -------- d-----w- c:\users\Linda\AppData\Local\Deployment 2011-06-29 11:44 . 2011-04-29 15:59 276992 ----a-w- c:\windows\system32\schannel.dll 2011-06-28 15:37 . 2011-06-20 15:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9247C8AE-45DE-4CE9-909F-90A189CF660B}\mpengine.dll 2011-06-28 02:49 . 2011-06-28 02:49 -------- d-----w- c:\program files\Apple Software Update 2011-06-28 02:42 . 2011-06-28 02:42 -------- d-----w- c:\program files\iPod 2011-06-28 02:02 . 2011-06-28 02:02 -------- d-----w- c:\program files\Bonjour 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll 2011-06-28 00:42 . 2011-06-28 00:42 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll 2011-06-23 23:01 . 2011-06-23 23:01 -------- d-----w- c:\users\Fallon\AppData\Roaming\Malwarebytes 2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\users\Linda\AppData\Roaming\Malwarebytes 2011-06-23 19:34 . 2011-06-23 19:34 -------- d-----w- c:\programdata\Malwarebytes 2011-06-21 22:17 . 2011-05-25 02:14 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-16 08:39 . 2011-04-14 14:59 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 08:39 . 2011-04-21 13:58 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 08:39 . 2011-04-29 13:25 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 08:39 . 2011-04-29 13:25 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 08:39 . 2010-12-20 16:35 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 08:38 . 2011-05-02 17:16 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 08:37 . 2011-04-29 13:24 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 08:37 . 2011-04-29 13:24 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 08:37 . 2011-04-29 13:24 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-16 08:37 . 2011-05-02 12:02 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2011-06-16 04:17 . 2011-06-27 21:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920] "WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="RtHDVCpl.exe" [2007-07-06 4669440] "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216] "PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2007-06-22 155648] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-03-08 40048] "LManager"="c:\progra~1\LAUNCH~1\LManager.exe" [2007-07-16 768520] "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-06-06 159744] "Acer Product Registration"="c:\program files\Acer Registration\ACE1.exe" [2007-02-02 3383296] "Acer Assist Launcher"="c:\program files\Acer Assist\launcher.exe" [2007-02-02 1261568] "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-05-22 151552] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-03 141848] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-03 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-03 133656] "WPCUMI"="c:\windows\system32\WpcUmi.exe" [2006-11-02 176128] "Skytel"="Skytel.exe" [2007-06-15 1826816] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552] "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-13 47392] "RemoteControl9"="c:\program files\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-02-16 87336] "PDVD9LanguageShortcut"="c:\program files\CyberLink\PowerDVD9\Language\Language.exe" [2008-10-14 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-03-31 75048] "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2009-03-30 115560] "SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-08-05 104408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-08 421160] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-7-31 535336] Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-12 83360] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows] "AppInit_DLLs"=c:\windows\System32\eNetHook.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc] "AntiVirusOverride"=dword:00000001 . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x] R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504] S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11];c:\program files\CyberLink\PowerDVD9\000.fcl [2009-03-31 00:53 87536] S2 ALaunchService;ALaunch Service;c:\acer\ALaunch\ALaunchSvc.exe [2007-01-26 50688] S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-08-05 583640] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2007-06-05 179712] S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-05-09 105592] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - 80540847 *Deregistered* - 80540847 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache . Contents of the 'Scheduled Tasks' folder . 2011-06-30 c:\windows\Tasks\RMSchedule.job - c:\program files\Registry Mechanic\RegMech.exe [2010-11-25 16:46] . 2010-12-21 c:\windows\Tasks\User_Feed_Synchronization-{2ECAE152-400F-4AEE-B685-F140C8E3661A}.job - c:\windows\system32\msfeedssync.exe [2011-06-27 22:07] . 2011-04-03 c:\windows\Tasks\User_Feed_Synchronization-{307C4116-25B9-4330-930D-E68F9CA585BB}.job - c:\windows\system32\msfeedssync.exe [2011-06-27 22:07] . . ------- Supplementary Scan ------- . mStart Page = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 FF - ProfilePath - c:\users\Linda\AppData\Roaming\Mozilla\Firefox\Profiles\j983f3bc.default\ . - - - - ORPHANS REMOVED - - - - . HKCU-Run-Acer Tour Reminder - (no file) HKLM-Run-ALaunch - c:\acer\ALaunch\AlaunchClient.exe HKLM-Run-Acer Tour - (no file) HKLM-Run-eRecoveryService - (no file) HKLM-Run-SetPanel - c:\acer\APanel\APanel.cmd HKLM-Run-Malwarebytes' Anti-Malware (reboot) - c:\program files\Malwarebytes' Anti-Malware\mbam.exe HKU-Default-Run-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\1.bin\mwsoemon.exe SafeBoot-Symantec Antvirus . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-30 07:33 Windows 6.0.6002 Service Pack 2 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{B154377D-700F-42cc-9474-23858FBDF4BD}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(588) c:\windows\system32\eNetHook.dll . - - - - - - - > 'lsass.exe'(640) c:\windows\system32\eNetHook.dll . Completion time: 2011-06-30 07:49:26 ComboFix-quarantined-files.txt 2011-06-30 14:49 . Pre-Run: 24,199,213,056 bytes free Post-Run: 26,892,472,320 bytes free . - - End Of File - - 54BDD44E5C977329082977FC9D495DBD 2011/06/30 07:05:01.0380 4816 TDSS rootkit removing tool 2.5.8.0 Jun 28 2011 19:12:16 2011/06/30 07:05:02.0815 4816 ================================================================================ 2011/06/30 07:05:02.0815 4816 SystemInfo: 2011/06/30 07:05:02.0815 4816 2011/06/30 07:05:02.0815 4816 OS Version: 6.0.6002 ServicePack: 2.0 2011/06/30 07:05:02.0815 4816 Product type: Workstation 2011/06/30 07:05:02.0815 4816 ComputerName: FALLON-LAPTOP 2011/06/30 07:05:02.0815 4816 UserName: Linda 2011/06/30 07:05:02.0815 4816 Windows directory: C:\Windows 2011/06/30 07:05:02.0815 4816 System windows directory: C:\Windows 2011/06/30 07:05:02.0815 4816 Processor architecture: Intel x86 2011/06/30 07:05:02.0815 4816 Number of processors: 1 2011/06/30 07:05:02.0815 4816 Page size: 0x1000 2011/06/30 07:05:02.0815 4816 Boot type: Normal boot 2011/06/30 07:05:02.0815 4816 ================================================================================ 2011/06/30 07:05:09.0102 4816 Initialize success 2011/06/30 07:05:17.0417 3768 ================================================================================ 2011/06/30 07:05:17.0417 3768 Scan started 2011/06/30 07:05:17.0417 3768 Mode: Manual; 2011/06/30 07:05:17.0417 3768 ================================================================================ 2011/06/30 07:05:39.0693 3768 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys 2011/06/30 07:05:40.0271 3768 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys 2011/06/30 07:05:41.0238 3768 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys 2011/06/30 07:05:41.0565 3768 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys 2011/06/30 07:05:41.0940 3768 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys 2011/06/30 07:05:42.0439 3768 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys 2011/06/30 07:05:42.0845 3768 AgereSoftModem (d31d1a92479bd8c0d050a6ffbdd410d9) C:\Windows\system32\DRIVERS\AGRSM.sys 2011/06/30 07:05:43.0250 3768 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys 2011/06/30 07:05:43.0765 3768 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys 2011/06/30 07:05:44.0015 3768 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys 2011/06/30 07:05:44.0264 3768 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys 2011/06/30 07:05:44.0529 3768 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys 2011/06/30 07:05:45.0138 3768 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys 2011/06/30 07:05:45.0419 3768 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys 2011/06/30 07:05:45.0777 3768 ApfiltrService (db8ea68e5864adf61b73516788659e71) C:\Windows\system32\DRIVERS\Apfiltr.sys 2011/06/30 07:05:46.0027 3768 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys 2011/06/30 07:05:46.0448 3768 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys 2011/06/30 07:05:46.0791 3768 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys 2011/06/30 07:05:46.0885 3768 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys 2011/06/30 07:05:47.0244 3768 athr (b0c272def210b149c0bfa0d85600ce4b) C:\Windows\system32\DRIVERS\athr.sys 2011/06/30 07:05:47.0883 3768 b57nd60x (c7ea0e3e37ff1cd2bb65636448322572) C:\Windows\system32\DRIVERS\b57nd60x.sys 2011/06/30 07:05:48.0195 3768 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys 2011/06/30 07:05:48.0492 3768 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys 2011/06/30 07:05:48.0710 3768 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys 2011/06/30 07:05:48.0788 3768 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys 2011/06/30 07:05:48.0960 3768 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys 2011/06/30 07:05:49.0053 3768 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys 2011/06/30 07:05:49.0225 3768 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys 2011/06/30 07:05:49.0365 3768 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys 2011/06/30 07:05:49.0537 3768 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys 2011/06/30 07:05:49.0818 3768 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys 2011/06/30 07:05:49.0958 3768 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys 2011/06/30 07:05:50.0255 3768 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys 2011/06/30 07:05:50.0551 3768 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys 2011/06/30 07:05:50.0832 3768 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys 2011/06/30 07:05:51.0019 3768 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys 2011/06/30 07:05:51.0440 3768 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys 2011/06/30 07:05:51.0549 3768 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys 2011/06/30 07:05:51.0690 3768 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys 2011/06/30 07:05:52.0111 3768 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys 2011/06/30 07:05:52.0392 3768 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys 2011/06/30 07:05:52.0517 3768 DKbFltr (73baf270d24fe726b9cd7f80bb17a23d) C:\Windows\system32\DRIVERS\DKbFltr.sys 2011/06/30 07:05:52.0719 3768 DritekPortIO (5c918d413f5837e67a85775c9873775e) C:\PROGRA~1\LAUNCH~1\DPortIO.sys 2011/06/30 07:05:52.0907 3768 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys 2011/06/30 07:05:52.0985 3768 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys 2011/06/30 07:05:53.0187 3768 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys 2011/06/30 07:05:53.0375 3768 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys 2011/06/30 07:05:53.0609 3768 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/06/30 07:05:53.0765 3768 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys 2011/06/30 07:05:54.0155 3768 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/06/30 07:05:54.0623 3768 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys 2011/06/30 07:05:54.0857 3768 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys 2011/06/30 07:05:54.0981 3768 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys 2011/06/30 07:05:55.0356 3768 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys 2011/06/30 07:05:55.0652 3768 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys 2011/06/30 07:05:55.0886 3768 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys 2011/06/30 07:05:56.0151 3768 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys 2011/06/30 07:05:56.0385 3768 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys 2011/06/30 07:05:56.0666 3768 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys 2011/06/30 07:05:56.0900 3768 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\Drivers\GEARAspiWDM.sys 2011/06/30 07:05:57.0290 3768 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys 2011/06/30 07:05:57.0649 3768 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys 2011/06/30 07:05:58.0023 3768 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys 2011/06/30 07:05:58.0304 3768 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys 2011/06/30 07:05:58.0413 3768 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys 2011/06/30 07:05:58.0803 3768 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys 2011/06/30 07:05:59.0381 3768 HSFHWAZL (46d67209550973257601a533e2ac5785) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2011/06/30 07:05:59.0989 3768 HSF_DPV (3f53b4af98f8fd83b7f0b8b65d2d90a7) C:\Windows\system32\DRIVERS\HSX_DPV.sys 2011/06/30 07:06:01.0097 3768 HSXHWAZL (194bc52fc0f53e540faf9de8a9c05255) C:\Windows\system32\DRIVERS\HSXHWAZL.sys 2011/06/30 07:06:01.0736 3768 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys 2011/06/30 07:06:02.0828 3768 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys 2011/06/30 07:06:06.0135 3768 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys 2011/06/30 07:06:06.0978 3768 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys 2011/06/30 07:06:08.0460 3768 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys 2011/06/30 07:06:09.0224 3768 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys 2011/06/30 07:06:09.0739 3768 int15 (9d64201c9e5ac8d1f088762ba00ff3ab) C:\Acer\Empowering Technology\eRecovery\int15.sys 2011/06/30 07:06:10.0238 3768 IntcAzAudAddService (90a10b39896040b3154613c11c932aeb) C:\Windows\system32\drivers\RTKVHDA.sys 2011/06/30 07:06:11.0096 3768 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\DRIVERS\intelide.sys 2011/06/30 07:06:11.0174 3768 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys 2011/06/30 07:06:11.0408 3768 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2011/06/30 07:06:11.0985 3768 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys 2011/06/30 07:06:12.0453 3768 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys 2011/06/30 07:06:12.0719 3768 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys 2011/06/30 07:06:12.0812 3768 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys 2011/06/30 07:06:13.0467 3768 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys 2011/06/30 07:06:13.0701 3768 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys 2011/06/30 07:06:14.0310 3768 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys 2011/06/30 07:06:14.0825 3768 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys 2011/06/30 07:06:15.0371 3768 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys 2011/06/30 07:06:15.0542 3768 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys 2011/06/30 07:06:16.0166 3768 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys 2011/06/30 07:06:16.0509 3768 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys 2011/06/30 07:06:17.0461 3768 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys 2011/06/30 07:06:17.0882 3768 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys 2011/06/30 07:06:18.0350 3768 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys 2011/06/30 07:06:18.0818 3768 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys 2011/06/30 07:06:19.0302 3768 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys 2011/06/30 07:06:19.0895 3768 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys 2011/06/30 07:06:20.0565 3768 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys 2011/06/30 07:06:21.0033 3768 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys 2011/06/30 07:06:21.0501 3768 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys 2011/06/30 07:06:22.0032 3768 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys 2011/06/30 07:06:22.0157 3768 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys 2011/06/30 07:06:22.0562 3768 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys 2011/06/30 07:06:22.0671 3768 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys 2011/06/30 07:06:22.0952 3768 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys 2011/06/30 07:06:23.0015 3768 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys 2011/06/30 07:06:23.0373 3768 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2011/06/30 07:06:23.0639 3768 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2011/06/30 07:06:23.0748 3768 msahci (5457dcfa7c0da43522f4d9d4049c1472) C:\Windows\system32\drivers\msahci.sys 2011/06/30 07:06:23.0951 3768 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys 2011/06/30 07:06:24.0762 3768 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys 2011/06/30 07:06:25.0136 3768 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys 2011/06/30 07:06:25.0511 3768 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys 2011/06/30 07:06:26.0072 3768 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys 2011/06/30 07:06:26.0462 3768 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys 2011/06/30 07:06:26.0821 3768 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys 2011/06/30 07:06:27.0227 3768 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys 2011/06/30 07:06:27.0663 3768 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys 2011/06/30 07:06:28.0116 3768 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys 2011/06/30 07:06:28.0319 3768 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys 2011/06/30 07:06:28.0787 3768 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVENG.SYS 2011/06/30 07:06:29.0301 3768 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20110629.019\NAVEX15.SYS 2011/06/30 07:06:30.0128 3768 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys 2011/06/30 07:06:30.0627 3768 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys 2011/06/30 07:06:30.0986 3768 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys 2011/06/30 07:06:31.0548 3768 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys 2011/06/30 07:06:33.0857 3768 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys 2011/06/30 07:06:34.0652 3768 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys 2011/06/30 07:06:35.0463 3768 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys 2011/06/30 07:06:36.0961 3768 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys 2011/06/30 07:06:38.0162 3768 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys 2011/06/30 07:06:38.0693 3768 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys 2011/06/30 07:06:39.0239 3768 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys 2011/06/30 07:06:39.0707 3768 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\Windows\system32\DRIVERS\NTIDrvr.sys 2011/06/30 07:06:40.0627 3768 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys 2011/06/30 07:06:41.0204 3768 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys 2011/06/30 07:06:41.0891 3768 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys 2011/06/30 07:06:43.0170 3768 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys 2011/06/30 07:06:43.0575 3768 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys 2011/06/30 07:06:44.0324 3768 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys 2011/06/30 07:06:44.0667 3768 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys 2011/06/30 07:06:45.0245 3768 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys 2011/06/30 07:06:45.0557 3768 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys 2011/06/30 07:06:46.0071 3768 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys 2011/06/30 07:06:46.0586 3768 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\DRIVERS\pciide.sys 2011/06/30 07:06:47.0195 3768 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys 2011/06/30 07:06:48.0505 3768 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys 2011/06/30 07:06:49.0051 3768 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys 2011/06/30 07:06:49.0550 3768 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys 2011/06/30 07:06:50.0112 3768 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys 2011/06/30 07:06:50.0268 3768 PSDFilter (e801d5cc24e1cf18fa87d24d7074b876) C:\Windows\system32\DRIVERS\psdfilter.sys 2011/06/30 07:06:50.0611 3768 PSDNServ (24b5e3429f7f0e779fc2e6e36a0a5f73) C:\Windows\system32\drivers\PSDNServ.sys 2011/06/30 07:06:51.0313 3768 psdvdisk (01cbfd08c0e8a6106bb26fcda297154e) C:\Windows\system32\drivers\psdvdisk.sys 2011/06/30 07:06:51.0968 3768 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys 2011/06/30 07:06:52.0577 3768 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys 2011/06/30 07:06:53.0247 3768 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys 2011/06/30 07:06:53.0669 3768 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys 2011/06/30 07:06:54.0059 3768 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys 2011/06/30 07:06:54.0870 3768 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys 2011/06/30 07:06:55.0353 3768 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys 2011/06/30 07:06:55.0712 3768 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys 2011/06/30 07:06:56.0243 3768 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys 2011/06/30 07:06:57.0007 3768 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys 2011/06/30 07:06:57.0662 3768 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys 2011/06/30 07:06:58.0208 3768 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys 2011/06/30 07:06:58.0879 3768 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys 2011/06/30 07:06:59.0425 3768 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys 2011/06/30 07:07:00.0767 3768 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2011/06/30 07:07:01.0812 3768 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys 2011/06/30 07:07:02.0810 3768 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys 2011/06/30 07:07:03.0809 3768 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys 2011/06/30 07:07:04.0573 3768 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys 2011/06/30 07:07:05.0150 3768 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys 2011/06/30 07:07:05.0618 3768 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys 2011/06/30 07:07:06.0149 3768 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys 2011/06/30 07:07:06.0492 3768 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys 2011/06/30 07:07:06.0897 3768 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys 2011/06/30 07:07:07.0485 3768 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys 2011/06/30 07:07:07.0985 3768 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys 2011/06/30 07:07:08.0635 3768 SPBBCDrv (77780509a16a1df7f2d8531d21ddb9b9) C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys 2011/06/30 07:07:08.0985 3768 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys 2011/06/30 07:07:09.0520 3768 SRTSP (e217480cc878061d7603a8cdca06c188) C:\Windows\system32\Drivers\SRTSP.SYS 2011/06/30 07:07:10.0240 3768 SRTSPL (cae71704badde6b0d5818acce20673ca) C:\Windows\system32\Drivers\SRTSPL.SYS 2011/06/30 07:07:11.0060 3768 SRTSPX (be6f1ddde2ddab75225d83e6b03a2348) C:\Windows\system32\Drivers\SRTSPX.SYS 2011/06/30 07:07:11.0835 3768 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys 2011/06/30 07:07:12.0385 3768 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys 2011/06/30 07:07:13.0495 3768 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys 2011/06/30 07:07:14.0500 3768 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys 2011/06/30 07:07:16.0290 3768 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys 2011/06/30 07:07:17.0175 3768 SymEvent (e03ee3ef1037099554d17bed99545a5e) C:\Windows\system32\Drivers\SYMEVENT.SYS 2011/06/30 07:07:17.0540 3768 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys 2011/06/30 07:07:18.0265 3768 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys 2011/06/30 07:07:18.0750 3768 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys 2011/06/30 07:07:19.0450 3768 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys 2011/06/30 07:07:20.0290 3768 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys 2011/06/30 07:07:21.0065 3768 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys 2011/06/30 07:07:21.0410 3768 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys 2011/06/30 07:07:21.0635 3768 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys 2011/06/30 07:07:21.0715 3768 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys 2011/06/30 07:07:22.0384 3768 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys 2011/06/30 07:07:22.0883 3768 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys 2011/06/30 07:07:23.0226 3768 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys 2011/06/30 07:07:23.0679 3768 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys 2011/06/30 07:07:25.0457 3768 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys 2011/06/30 07:07:26.0596 3768 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys 2011/06/30 07:07:27.0532 3768 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys 2011/06/30 07:07:28.0452 3768 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys 2011/06/30 07:07:29.0326 3768 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys 2011/06/30 07:07:30.0309 3768 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys 2011/06/30 07:07:31.0666 3768 USBAAPL (e8c1b9ebac65288e1b51e8a987d98af6) C:\Windows\system32\Drivers\usbaapl.sys 2011/06/30 07:07:32.0368 3768 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys 2011/06/30 07:07:33.0132 3768 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys 2011/06/30 07:07:33.0398 3768 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys 2011/06/30 07:07:33.0476 3768 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys 2011/06/30 07:07:34.0037 3768 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys 2011/06/30 07:07:34.0490 3768 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys 2011/06/30 07:07:36.0549 3768 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2011/06/30 07:07:37.0235 3768 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys 2011/06/30 07:07:38.0514 3768 usb_rndisx (35c9095fa7076466afbfc5b9ec4b779e) C:\Windows\system32\DRIVERS\usb8023x.sys 2011/06/30 07:07:39.0326 3768 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys 2011/06/30 07:07:39.0825 3768 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys 2011/06/30 07:07:40.0293 3768 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys 2011/06/30 07:07:40.0776 3768 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys 2011/06/30 07:07:41.0291 3768 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys 2011/06/30 07:07:42.0290 3768 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys 2011/06/30 07:07:42.0882 3768 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys 2011/06/30 07:07:43.0522 3768 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys 2011/06/30 07:07:43.0974 3768 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys 2011/06/30 07:07:44.0598 3768 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys 2011/06/30 07:07:45.0690 3768 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 07:07:45.0815 3768 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys 2011/06/30 07:07:46.0283 3768 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys 2011/06/30 07:07:47.0063 3768 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys 2011/06/30 07:07:47.0672 3768 winachsf (c9c63410d8cf98f621b9cc62243fb877) C:\Windows\system32\DRIVERS\HSX_CNXT.sys 2011/06/30 07:07:48.0202 3768 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2011/06/30 07:07:48.0701 3768 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys 2011/06/30 07:07:49.0154 3768 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys 2011/06/30 07:07:49.0294 3768 XAudio (2e579520e114a9ca309f13bf40ad8292) C:\Windows\system32\DRIVERS\xaudio.sys 2011/06/30 07:07:49.0700 3768 {B154377D-700F-42cc-9474-23858FBDF4BD} (556b5cfe8d21b256add7f87d7f4b4123) C:\Program Files\CyberLink\PowerDVD9\000.fcl 2011/06/30 07:07:49.0778 3768 MBR (0x1B8) (a863475757cc50891aa8458c415e4b25) \Device\Harddisk0\DR0 2011/06/30 07:07:50.0511 3768 Boot (0x1200) (8891c83c018a88cc195004edb4fedbfa) \Device\Harddisk0\DR0\Partition0 2011/06/30 07:07:50.0542 3768 Boot (0x1200) (31720aec8301ffb60987ef933c75460f) \Device\Harddisk0\DR0\Partition1 2011/06/30 07:07:50.0573 3768 ================================================================================ 2011/06/30 07:07:50.0573 3768 Scan finished 2011/06/30 07:07:50.0573 3768 ================================================================================ 2011/06/30 07:07:50.0589 4740 Detected object count: 0 2011/06/30 07:07:50.0589 4740 Actual detected object count: 0 Results of screen317's Security Check version 0.99.17 Windows Vista Service Pack 2 (UAC is enabled) Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! Symantec Endpoint Protection WMI entry may not exist for antivirus; attempting automatic update. ``````````````````````````````` Anti-malware/Other Utilities Check: Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe Windows Defender MSASCui.exe Empowering Technology eSettings Service capuserv.exe Windows Defender MSASCui.exe ``````````End of Log````````````
-
Couldn't attach files for some reason "internal server error". I'll paste them here. . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-06-23.01) . Microsoft® Windows Vista™ Home Basic Boot Device: \Device\HarddiskVolume2 Install Date: 11/27/2007 10:38:47 PM System Uptime: 6/28/2011 3:21:20 AM (31 hours ago) . Motherboard: Acer | | Acadia Processor: Intel® Celeron® CPU 540 @ 1.86GHz | uPGA-478 | 1862/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 70 GiB total, 19.798 GiB free. D: is FIXED (NTFS) - 70 GiB total, 69.426 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft ISATAP Adapter Device ID: ROOT\*ISATAP\0001 Manufacturer: Microsoft Name: Microsoft ISATAP Adapter #2 PNP Device ID: ROOT\*ISATAP\0001 Service: tunnel . Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318} Description: Microsoft Tun Miniport Adapter Device ID: ROOT\*TUNMP\0001 Manufacturer: Microsoft Name: Microsoft Tun Miniport Adapter #2 PNP Device ID: ROOT\*TUNMP\0001 Service: tunmp . ==== System Restore Points =================== . RP700: 6/21/2011 3:04:28 PM - Scheduled Checkpoint RP701: 6/21/2011 3:16:37 PM - Windows Update RP702: 6/22/2011 10:15:35 PM - Scheduled Checkpoint RP704: 6/24/2011 1:55:26 PM - Windows Update RP705: 6/25/2011 4:23:15 PM - Scheduled Checkpoint RP706: 6/26/2011 4:07:54 PM - Scheduled Checkpoint RP707: 6/27/2011 10:17:18 AM - Scheduled Checkpoint RP708: 6/27/2011 2:57:22 PM - Windows Update RP709: 6/27/2011 7:08:40 PM - Device Driver Package Install: Apple, Inc. Universal Serial Bus controllers RP710: 6/27/2011 7:12:49 PM - Device Driver Package Install: Apple Network adapters RP711: 6/28/2011 8:35:36 AM - Windows Update . ==== Installed Programs ====================== . Acer Arcade Acer Assist Acer eDataSecurity Management Acer eLock Management Acer Empowering Technology Acer eNet Management Acer ePower Management Acer ePresentation Management Acer eSettings Management Acer GridVista Acer Mobility Center Plug-In Acer Registration Acer ScreenSaver Acer Tour Activation Assistant for the 2007 Microsoft Office suites Adobe Reader 8.1.0 Adobe Shockwave Player 11.5 Agere Systems HDA Modem ALPS Touch Pad Driver Apple Application Support Apple Mobile Device Support Apple Software Update Big Kahuna Reef 2 Bonjour Bricks of Egypt CyberLink PowerDVD 9 Disney Toontown Online Dynasty Galapago Google Toolbar for Internet Explorer Google Updater Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) I SPY Spooky Mansion Intel® Graphics Media Accelerator Driver iTunes Jewel Quest Solitaire Launch Manager LightScribe 1.4.142.1 LiveUpdate 3.3 (Symantec Corporation) Luxor 2 MAGIX Ringtone Maker 2 e-version (US) Malwarebytes' Anti-Malware version 1.51.0.1200 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office XP Professional with FrontPage Microsoft Visual C++ 2005 Redistributable Microsoft Works Microsoft XML Parser MobileMe Control Panel Mozilla Firefox 5.0 (x86 en-US) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Music Rescue Mystery Case Files - Prime Suspects Mystery Case Files Ravenhearst NTI Backup NOW! 4.7 NTI CD & DVD-Maker PowerProducer 3.72 QuickTime Realtek High Definition Audio Driver Registry Mechanic 10.0 Safari Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) SlingPlayer Symantec Endpoint Protection Treasures of the Deep Update for Microsoft .NET Framework 3.5 SP1 (KB963707) VoiceOver Kit Warcraft III WebSlingPlayer ActiveX WinRAR archiver Yahoo! Toolbar Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 6/28/2011 11:59:35 AM, Error: Microsoft-Windows-DistributedCOM [10000] - Unable to start a DCOM Server: {19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}. The error: "2" Happened while starting this command: C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe -Embedding 6/28/2011 10:27:04 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.69 for the Network Card with network address 001E4C653AB2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 6/27/2011 7:18:05 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/27/2011 7:04:59 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 6/26/2011 9:45:41 AM, Error: EventLog [6008] - The previous system shutdown at 9:44:06 AM on 6/26/2011 was unexpected. 6/26/2011 12:58:04 PM, Error: Service Control Manager [7022] - The Windows Font Cache Service service hung on starting. 6/26/2011 12:52:56 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 6/26/2011 1:06:13 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting. 6/25/2011 12:11:42 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetbiosSmb because another computer on the network has the same name. The server could not start. 6/24/2011 11:29:29 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly. 6/24/2011 1:31:01 PM, Error: Service Control Manager [7000] - The LiveUpdate service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 6/24/2011 1:30:58 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the LiveUpdate service to connect. 6/24/2011 1:30:46 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435} 6/23/2011 8:56:10 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.72 for the Network Card with network address 001E4C653AB2 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 6/23/2011 12:25:15 PM, Error: EventLog [6008] - The previous system shutdown at 12:23:06 PM on 6/23/2011 was unexpected. 6/22/2011 9:17:12 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2. 6/22/2011 8:48:59 PM, Error: EventLog [6008] - The previous system shutdown at 8:45:54 PM on 6/22/2011 was unexpected. 6/22/2011 4:36:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service. . ==== End Of File =========================== GMER 1.0.15.15640 - http://www.gmer.net Rootkit scan 2011-06-29 11:36:04 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 Hitachi_HTS542516K9SA00 rev.BBCOC31P Running: s30n7pj0.exe; Driver: C:\Users\Linda\AppData\Local\Temp\fgrirkob.sys ---- System - GMER 1.0.15 ---- SSDT 859A6708 ZwAlertResumeThread SSDT 859A67E8 ZwAlertThread SSDT 85923B80 ZwAllocateVirtualMemory SSDT 859A6458 ZwCreateMutant SSDT 858FD920 ZwCreateThread SSDT 859239A0 ZwFreeVirtualMemory SSDT 859A6548 ZwImpersonateAnonymousToken SSDT 859A6628 ZwImpersonateThread SSDT 859238A0 ZwMapViewOfSection SSDT 859A6378 ZwOpenEvent SSDT 858FD840 ZwOpenProcessToken SSDT 859A6CC0 ZwOpenThreadToken SSDT 8599DB98 ZwResumeThread SSDT 859A6BE0 ZwSetContextThread SSDT 859A6DB0 ZwSetInformationProcess SSDT 859A6AF0 ZwSetInformationThread SSDT 859A6298 ZwSuspendProcess SSDT 859A6930 ZwSuspendThread SSDT 858FD5A8 ZwTerminateProcess SSDT 859A6A10 ZwTerminateThread SSDT 859A6EA0 ZwUnmapViewOfSection SSDT 85923A90 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.15 ---- .text ntoskrnl.exe!KeInsertQueue + 30D 81CB3904 8 Bytes [08, 67, 9A, 85, E8, 67, 9A, ...] .text ntoskrnl.exe!KeInsertQueue + 321 81CB3918 4 Bytes [80, 3B, 92, 85] .text ntoskrnl.exe!KeInsertQueue + 3E5 81CB39DC 4 Bytes [58, 64, 9A, 85] .text ntoskrnl.exe!KeInsertQueue + 411 81CB3A08 4 Bytes [20, D9, 8F, 85] .text ntoskrnl.exe!KeInsertQueue + 525 81CB3B1C 4 Bytes [A0, 39, 92, 85] .text ... .text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0xB5008000, 0x2892, 0xE8000020] .vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0xB502B050] ? C:\Users\Linda\AppData\Local\Temp\mbr.sys The system cannot find the file specified. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[2044] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5} .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2044] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[2044] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[2044] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5} .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3364] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[3364] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3364] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5} .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3908] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[3908] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3908] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[4896] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5924] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5} .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[6724] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[6724] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[6724] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] kernel32.dll!CreateThread 75F8C90E 5 Bytes JMP 696371CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogParamW 75EA72A2 5 Bytes JMP 697C61F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!GetAsyncKeyState 75EA863C 5 Bytes JMP 6961DC69 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetWindowsHookExW 75EA87AD 5 Bytes JMP 6967204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CallNextHookEx 75EA8E3B 1 Byte [E9] .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CallNextHookEx 75EA8E3B 5 Bytes JMP 69697A3F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!UnhookWindowsHookEx 75EA98DB 5 Bytes JMP 696BE9F8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!EnableWindow 75EACD8B 5 Bytes JMP 696798BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DefWindowProcA 75EADB88 7 Bytes JMP 696393F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExA 75EADC2A 2 Bytes JMP 69643223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExA + 3 75EADC2D 2 Bytes [79, F3] {JNS 0xfffffffffffffff5} .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateWindowExW 75EB1305 5 Bytes JMP 6969FE1F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!GetKeyState 75EB8CB1 5 Bytes JMP 6961DB43 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DefWindowProcW 75EC03B4 7 Bytes JMP 69697AA2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!IsDialogMessageW 75EC0745 5 Bytes JMP 697C6964 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogParamA 75EC17AA 5 Bytes JMP 697C61B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!IsDialogMessage 75EC1847 5 Bytes JMP 697C693C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogIndirectParamA 75EC26F1 5 Bytes JMP 697C6228 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!CreateDialogIndirectParamW 75EC9A62 5 Bytes JMP 697C6260 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetKeyboardState 75ED0987 5 Bytes JMP 697C722D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxParamW 75ED10B0 5 Bytes JMP 695D15E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxIndirectParamW 75ED2EF5 5 Bytes JMP 697C5E86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SendInput 75ED2F75 5 Bytes JMP 697C71D5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!EndDialog 75ED326E 5 Bytes JMP 697C6C10 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!SetCursorPos 75EE6FB2 5 Bytes JMP 697C72AE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxParamA 75EE8152 5 Bytes JMP 697C5E21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!DialogBoxIndirectParamA 75EE847D 5 Bytes JMP 697C5EEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxIndirectA 75EFD4D9 5 Bytes JMP 697C5DA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxIndirectW 75EFD5D3 5 Bytes JMP 697C5D2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxExA 75EFD639 5 Bytes JMP 697C5CCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!MessageBoxExW 75EFD65D 5 Bytes JMP 697C5C67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] USER32.dll!keybd_event 75EFD972 5 Bytes JMP 697C7192 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[8028] SHELL32.dll!SHRestricted + D95 760B89A8 4 Bytes [37, 01, 9D, 6B] .text C:\Program Files\Internet Explorer\iexplore.exe[8028] SHELL32.dll!SHRestricted + D9D 760B89B0 8 Bytes [60, 61, 9C, 6B, E1, F6, 9C, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[8028] ole32.dll!OleLoadFromStream 759F1E80 5 Bytes JMP 697C666E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- EOF - GMER 1.0.15 ----
-
. DDS (Ver_2011-06-23.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 Run by Linda at 10:28:33 on 2011-06-29 Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1013.137 [GMT -7:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\agrsmsvc.exe C:\Acer\ALaunch\ALaunchSvc.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe C:\Acer\Empowering Technology\eNet\eNet Service.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Acer\Mobility Center\MobilityService.exe C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe C:\Acer\Empowering Technology\ePower\ePowerSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k WindowsMobile C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\wpcumi.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Users\Linda\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\LogonUI.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe C:\Windows\RtHDVCpl.exe C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe C:\Program Files\Acer\Acer Arcade\PCMService.exe C:\Program Files\Launch Manager\LManager.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Windows\system32\igfxext.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Windows\system32\igfxsrvc.exe C:\Windows\WindowsMobile\wmdSync.exe C:\Program Files\CyberLink\PowerDVD9\PDVD9Serv.exe C:\Program Files\CyberLink\Shared Files\brs.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\System32\wpcumi.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Program Files\Apoint2K\Apntex.exe C:\Users\Fallon\AppData\Local\Temp\RtkBtMnt.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Registry Mechanic\Alert.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Registry Mechanic\RegMech.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\NOTEPAD.EXE . ============== Pseudo HJT Report =============== . mStart Page = hxxp://en.us.acer.yahoo.com mDefault_Page_URL = hxxp://en.us.acer.yahoo.com uInternet Settings,ProxyOverride = *.local mURLSearchHooks: H - No File BHO: Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: ShowBarObj Class: {83a2f9b1-01a2-4aa5-87d1-45b6b8505e96} - c:\windows\system32\ActiveToolBand.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5825.1100\swg.dll TB: Acer eDataSecurity Management: {5cbe3b7c-1e47-477e-a7dd-396db0476e29} - c:\windows\system32\eDStoolbar.dll TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Acer Tour Reminder] mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [ALaunch] c:\acer\alaunch\AlaunchClient.exe mRun: [RtHDVCpl] RtHDVCpl.exe mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe" mRun: [Acer Tour] mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [LManager] c:\progra~1\launch~1\LManager.exe mRun: [Apoint] c:\program files\apoint2k\Apoint.exe mRun: [eRecoveryService] mRun: [Acer Product Registration] "c:\program files\acer registration\ACE1.exe" /startup mRun: [Acer Assist Launcher] c:\program files\acer assist\launcher.exe mRun: [Acer Tour Reminder] c:\acer\acertour\Reminder.exe mRun: [setPanel] c:\acer\apanel\APanel.cmd mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [WPCUMI] c:\windows\system32\WpcUmi.exe mRun: [skytel] Skytel.exe mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe mRun: [RemoteControl9] "c:\program files\cyberlink\powerdvd9\PDVD9Serv.exe" mRun: [PDVD9LanguageShortcut] "c:\program files\cyberlink\powerdvd9\language\Language.exe" mRun: [bDRegion] c:\program files\cyberlink\shared files\brs.exe mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe" mRun: [sSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [MyWebSearch Email Plugin] c:\progra~1\mywebs~1\bar\1.bin\mwsoemon.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\empowe~1.lnk - c:\acer\empowering technology\eAPLauncher.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office10\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html LSP: c:\windows\system32\wpclsp.dll DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab DPF: {B80CD4E6-5B02-4B6C-99BE-68F1511E9549} - hxxp://plugin.slingbox.com/downloads/pc/1.4.0.85/WebSlingPlayer.cab DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} - hxxp://www.worldwinner.com/games/v47/familyfeud/familyfeud.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{AE3C0EED-CF5E-481E-BFF7-0EEEDCC9A3BE} : DhcpNameServer = 192.168.1.1 68.238.64.12 TCP: Interfaces\{B5A6F3AD-88CD-452C-B0E8-E6FFCC8CE4B6} : DhcpNameServer = 192.168.0.1 Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL Notify: igfxcui - igfxdev.dll AppInit_DLLs: eNetHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\users\linda\appdata\roaming\mozilla\firefox\profiles\j983f3bc.default\ . ============= SERVICES / DRIVERS =============== . R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2009/07/10 11:11:27];c:\program files\cyberlink\powerdvd9\000.fcl [2009-3-30 87536] R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-31 179712] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-9 105592] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-23 39984] . =============== Created Last 30 ================ . 2011-06-28 15:37:16 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{9247c8ae-45de-4ce9-909f-90a189cf660b}\mpengine.dll 2011-06-28 02:42:06 -------- d-----w- c:\program files\iPod 2011-06-28 02:02:32 -------- d-----w- c:\program files\Bonjour 2011-06-28 00:42:51 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll 2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll 2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll 2011-06-28 00:42:50 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll 2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll 2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll 2011-06-28 00:42:49 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll 2011-06-27 22:07:59 367104 ----a-w- c:\windows\system32\html.iec 2011-06-27 21:56:20 -------- d-----w- c:\program files\ESET 2011-06-23 19:34:13 -------- d-----w- c:\users\linda\appdata\roaming\Malwarebytes 2011-06-23 19:34:03 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-06-23 19:34:01 -------- d-----w- c:\programdata\Malwarebytes 2011-06-23 19:33:58 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-06-23 19:33:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-06-21 22:17:35 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-06-16 08:39:47 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys 2011-06-16 08:39:18 273408 ----a-w- c:\windows\system32\drivers\afd.sys 2011-06-16 08:39:13 146432 ----a-w- c:\windows\system32\drivers\srv2.sys 2011-06-16 08:39:13 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys 2011-06-16 08:39:07 563712 ----a-w- c:\windows\system32\oleaut32.dll 2011-06-16 08:38:22 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-06-16 08:37:57 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys 2011-06-16 08:37:56 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys 2011-06-16 08:37:56 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-06-16 08:37:49 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat . ==================== Find3M ==================== . 2011-06-27 22:08:11 161792 ----a-w- c:\windows\system32\msls31.dll 2011-06-27 22:08:10 1126912 ----a-w- c:\windows\system32\wininet.dll 2011-06-27 22:08:07 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2011-06-27 22:08:06 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-06-27 22:08:06 48640 ----a-w- c:\windows\system32\mshtmler.dll 2011-06-27 22:08:05 86528 ----a-w- c:\windows\system32\iesysprep.dll 2011-06-27 22:08:02 63488 ----a-w- c:\windows\system32\tdc.ocx 2011-04-06 23:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll 2011-04-06 23:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe . ============= FINISH: 10:31:06.80 =============== Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6931 Windows 6.0.6002 Service Pack 2 Internet Explorer 9.0.8112.16421 6/29/2011 10:21:00 AM mbam-log-2011-06-29 (10-21-00).txt Scan type: Quick scan Objects scanned: 127464 Time elapsed: 11 minute(s), 7 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 11 Registry Values Infected: 1 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF6-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\exqonczctruceg (Malware.Trace) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\MyWebSearch (Adware.MyWebSearch) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\Software\SolutionAV (Rogue.AntivirSolutionPro) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\bjbnketh (Rogue.AntivirusSuite.Gen) -> Value: bjbnketh -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)