Spoke too soon.. Click.GiftLoad was just found by Search & Destroy.. Looks like ComboFix was not able to get rid of it?
Spoke too soon.. Click.GiftLoad was just found by Search & Destroy.. Looks like ComboFix was not able to get rid of it?
Good. A few more things to do.
Open notepad and copy/paste the text in the quotebox below into it:
Code:DDS:: TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "OwelyQt"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.
* Go here to run an online scanner from ESET.
- Note: You will need to use Internet explorer for this scan
- Tick the box next to YES, I accept the Terms of Use.
- Click Start
- When asked, allow the activex control to install
- Click Start
- Make sure that the option Remove found threats is not checkmarked.
- Click Scan
- Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
Ok I scanned with ESET but there was no report at the end.. After two hours of scanning it completed it's scan and noted "no threats found"
Below is the ComboFix log after I dragged the .txt file you had me made into it's icon on my desktop... And below it I've pasted the fresh DDS log...
ComboFix 11-03-30.03 - John 04/01/2011 12:05:18.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2331 [GMT -4:00]
Running from: c:\users\John\Downloads\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
2011-03-28 18:41 . 2011-03-29 20:44 -------- d-----w- c:\users\John\AppData\Local\Adobe
2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-03-14 04:20 . 2011-04-01 16:02 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\users\John\AppData\Local\Sunbelt Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 04:00 . 2011-02-09 16:34 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_18.46.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-15 09:17 . 2011-03-31 21:19 54924 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-31 21:20 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-10 19:21 . 2011-03-31 21:20 16850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413551326-45703177-197955308-1000_UserData.bin
- 2009-11-02 08:28 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-02 08:28 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-02 08:28 . 2011-03-25 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-02 08:28 . 2011-03-31 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-14 01:16 . 2011-04-01 14:03 355622 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-03-31 20:51 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-31 18:44 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-04-01 14:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-03-31 15:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-12-12 01:55 . 2011-03-31 18:44 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
+ 2009-12-12 01:55 . 2011-03-31 20:51 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 12:14:49
ComboFix-quarantined-files.txt 2011-04-01 16:14
ComboFix2.txt 2011-03-31 19:01
.
Pre-Run: 168,438,026,240 bytes free
Post-Run: 168,221,753,344 bytes free
.
- - End Of File - - 4F2A897B73DC9BB124AEF23FC0BD0F89
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by John at 15:15:32.18 on Fri 04/01/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1554 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcqcoms.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehRecvr.exe
C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBEI1C0P\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-04-01 19:12:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-01 16:45:01 -------- d-----w- C:\Program Files (x86)\ESET
2011-04-01 16:36:46 32592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
2011-03-31 18:24:22 98816 ----a-w- C:\Windows\sed.exe
2011-03-31 18:24:22 89088 ----a-w- C:\Windows\MBR.exe
2011-03-31 18:24:22 256512 ----a-w- C:\Windows\PEV.exe
2011-03-31 18:24:22 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17:12 -------- d-----w- C:\Prey
2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
.
==================== Find3M ====================
.
2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:16:55.56 ===============
Hi,
1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OK I scanned with TDSSKiller but no threats were found. Below is the log file info..
2011/04/02 14:28:30.0019 4272 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 14:28:30.0191 4272 ================================================================================
2011/04/02 14:28:30.0191 4272 SystemInfo:
2011/04/02 14:28:30.0191 4272
2011/04/02 14:28:30.0191 4272 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/02 14:28:30.0191 4272 Product type: Workstation
2011/04/02 14:28:30.0194 4272 ComputerName: HPDV8T
2011/04/02 14:28:30.0194 4272 UserName: John
2011/04/02 14:28:30.0194 4272 Windows directory: C:\Windows
2011/04/02 14:28:30.0194 4272 System windows directory: C:\Windows
2011/04/02 14:28:30.0194 4272 Running under WOW64
2011/04/02 14:28:30.0194 4272 Processor architecture: Intel x64
2011/04/02 14:28:30.0194 4272 Number of processors: 8
2011/04/02 14:28:30.0194 4272 Page size: 0x1000
2011/04/02 14:28:30.0194 4272 Boot type: Normal boot
2011/04/02 14:28:30.0194 4272 ================================================================================
2011/04/02 14:28:30.0576 4272 Initialize success
2011/04/02 14:28:36.0279 5068 ================================================================================
2011/04/02 14:28:36.0279 5068 Scan started
2011/04/02 14:28:36.0279 5068 Mode: Manual;
2011/04/02 14:28:36.0279 5068 ================================================================================
2011/04/02 14:28:36.0679 5068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/02 14:28:36.0746 5068 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/04/02 14:28:36.0799 5068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/02 14:28:36.0856 5068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/02 14:28:36.0934 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/02 14:28:37.0021 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/02 14:28:37.0079 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/02 14:28:37.0176 5068 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/02 14:28:37.0299 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/02 14:28:37.0371 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/02 14:28:37.0409 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/02 14:28:37.0456 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/02 14:28:37.0504 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/02 14:28:37.0584 5068 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/02 14:28:37.0664 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/02 14:28:37.0714 5068 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/02 14:28:37.0779 5068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/02 14:28:37.0911 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/02 14:28:37.0989 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/02 14:28:38.0046 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/02 14:28:38.0081 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/02 14:28:38.0166 5068 AVerBDA6x_x64 (c416791c85ed2998d458db434a61e766) C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
2011/04/02 14:28:38.0304 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/02 14:28:38.0369 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/02 14:28:38.0436 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/02 14:28:38.0556 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/02 14:28:38.0629 5068 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/02 14:28:38.0711 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/02 14:28:38.0746 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/02 14:28:38.0776 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/02 14:28:38.0799 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/02 14:28:38.0861 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/02 14:28:38.0894 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/02 14:28:38.0919 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/02 14:28:39.0086 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/02 14:28:39.0176 5068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/02 14:28:39.0241 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/02 14:28:39.0316 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/02 14:28:39.0434 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/02 14:28:39.0506 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/02 14:28:39.0566 5068 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/02 14:28:39.0666 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/02 14:28:39.0776 5068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/02 14:28:39.0996 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/02 14:28:40.0146 5068 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/02 14:28:40.0204 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/02 14:28:40.0281 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/02 14:28:40.0356 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/02 14:28:40.0406 5068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/02 14:28:40.0496 5068 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
2011/04/02 14:28:40.0599 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/02 14:28:40.0744 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/02 14:28:40.0809 5068 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2011/04/02 14:28:40.0879 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/02 14:28:40.0991 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/02 14:28:41.0031 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/02 14:28:41.0094 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/02 14:28:41.0126 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/02 14:28:41.0149 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/02 14:28:41.0194 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/02 14:28:41.0244 5068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/02 14:28:41.0324 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/02 14:28:41.0349 5068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/02 14:28:41.0406 5068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/02 14:28:41.0461 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/02 14:28:41.0536 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/02 14:28:41.0601 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/02 14:28:41.0674 5068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/02 14:28:41.0746 5068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/02 14:28:41.0786 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/02 14:28:41.0821 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/02 14:28:41.0899 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/02 14:28:41.0959 5068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/02 14:28:42.0034 5068 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/04/02 14:28:42.0086 5068 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/04/02 14:28:42.0169 5068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/02 14:28:42.0259 5068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/02 14:28:42.0336 5068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/02 14:28:42.0404 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/02 14:28:42.0446 5068 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/02 14:28:42.0501 5068 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/02 14:28:42.0679 5068 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/02 14:28:42.0841 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/02 14:28:42.0904 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/02 14:28:42.0974 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/02 14:28:43.0029 5068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/02 14:28:43.0066 5068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/02 14:28:43.0094 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/02 14:28:43.0176 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/02 14:28:43.0244 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/02 14:28:43.0279 5068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/02 14:28:43.0316 5068 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/02 14:28:43.0379 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/02 14:28:43.0409 5068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/02 14:28:43.0506 5068 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/02 14:28:43.0549 5068 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/02 14:28:43.0581 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/02 14:28:43.0666 5068 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/02 14:28:43.0809 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/02 14:28:43.0896 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/02 14:28:43.0914 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/02 14:28:43.0934 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/02 14:28:43.0969 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/02 14:28:44.0044 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/02 14:28:44.0121 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/02 14:28:44.0161 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/02 14:28:44.0229 5068 MfeAVFK (e4b0f496c8e790343439149e53e82ff7) C:\Windows\system32\drivers\MfeAVFK.sys
2011/04/02 14:28:44.0294 5068 mfehidk (93284867c712ad4cc4e3dadaf3269059) C:\Windows\system32\drivers\mfehidk.sys
2011/04/02 14:28:44.0349 5068 MfeRKDk (d089618d9bb95cb5e3b8432e4b54674b) C:\Windows\system32\drivers\MfeRKDk.sys
2011/04/02 14:28:44.0379 5068 mfetdik (acc9399ca33fa3fb937ecbc64bf06dde) C:\Windows\system32\drivers\mfetdik.sys
2011/04/02 14:28:44.0441 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/02 14:28:44.0476 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/02 14:28:44.0509 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/02 14:28:44.0584 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/02 14:28:44.0616 5068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/02 14:28:44.0656 5068 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/04/02 14:28:44.0701 5068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/02 14:28:44.0741 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/02 14:28:44.0784 5068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/02 14:28:44.0841 5068 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/02 14:28:44.0886 5068 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/02 14:28:44.0911 5068 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/02 14:28:44.0941 5068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/02 14:28:44.0986 5068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/02 14:28:45.0069 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/02 14:28:45.0126 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/02 14:28:45.0169 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/02 14:28:45.0244 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/02 14:28:45.0276 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/02 14:28:45.0289 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/02 14:28:45.0319 5068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/02 14:28:45.0351 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/02 14:28:45.0386 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/02 14:28:45.0414 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/02 14:28:45.0459 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/02 14:28:45.0549 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/02 14:28:45.0589 5068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/02 14:28:45.0646 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/02 14:28:45.0696 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/02 14:28:45.0729 5068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/02 14:28:45.0764 5068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/02 14:28:45.0819 5068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/02 14:28:45.0839 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/02 14:28:45.0861 5068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/02 14:28:46.0099 5068 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/04/02 14:28:46.0319 5068 netw5v64 (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/04/02 14:28:46.0436 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/02 14:28:46.0504 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/02 14:28:46.0541 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/02 14:28:46.0594 5068 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/02 14:28:46.0691 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/02 14:28:46.0756 5068 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/04/02 14:28:46.0966 5068 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/02 14:28:47.0099 5068 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/02 14:28:47.0131 5068 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/02 14:28:47.0219 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/02 14:28:47.0279 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/02 14:28:47.0449 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/02 14:28:47.0494 5068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/02 14:28:47.0524 5068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/02 14:28:47.0576 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/02 14:28:47.0604 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/02 14:28:47.0629 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/02 14:28:47.0669 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/02 14:28:47.0799 5068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/02 14:28:47.0844 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/02 14:28:47.0899 5068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/02 14:28:47.0964 5068 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/02 14:28:48.0081 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/02 14:28:48.0129 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/02 14:28:48.0176 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/02 14:28:48.0259 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/02 14:28:48.0319 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/02 14:28:48.0374 5068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/02 14:28:48.0404 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/02 14:28:48.0426 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/02 14:28:48.0464 5068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/02 14:28:48.0511 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/02 14:28:48.0556 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/02 14:28:48.0591 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/02 14:28:48.0614 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/02 14:28:48.0649 5068 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/02 14:28:48.0716 5068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/02 14:28:48.0836 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/02 14:28:48.0904 5068 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/02 14:28:48.0964 5068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/02 14:28:49.0021 5068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/02 14:28:49.0086 5068 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/02 14:28:49.0149 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/02 14:28:49.0231 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/02 14:28:49.0264 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/02 14:28:49.0314 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/02 14:28:49.0379 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/02 14:28:49.0394 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/02 14:28:49.0406 5068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/02 14:28:49.0431 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/02 14:28:49.0499 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/02 14:28:49.0524 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/02 14:28:49.0564 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/02 14:28:49.0636 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/02 14:28:49.0694 5068 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/02 14:28:49.0736 5068 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/02 14:28:49.0789 5068 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/04/02 14:28:49.0854 5068 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/04/02 14:28:49.0921 5068 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/04/02 14:28:49.0999 5068 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/02 14:28:50.0094 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/02 14:28:50.0166 5068 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/02 14:28:50.0296 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/02 14:28:50.0384 5068 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/02 14:28:50.0496 5068 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/02 14:28:50.0591 5068 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/02 14:28:50.0641 5068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/02 14:28:50.0669 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/02 14:28:50.0684 5068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/02 14:28:50.0729 5068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/02 14:28:50.0764 5068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/02 14:28:50.0886 5068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/02 14:28:50.0941 5068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/02 14:28:51.0001 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/02 14:28:51.0036 5068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/02 14:28:51.0119 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/02 14:28:51.0191 5068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/02 14:28:51.0219 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/02 14:28:51.0294 5068 USB28xxBGA (f140578471200f788fb5440e6e7cf36d) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/04/02 14:28:51.0356 5068 USB28xxOEM (983ff2fd729bfe699cfceddc6e61ebbf) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/04/02 14:28:51.0454 5068 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/04/02 14:28:51.0494 5068 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/02 14:28:51.0549 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/02 14:28:51.0574 5068 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/02 14:28:51.0614 5068 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/02 14:28:51.0639 5068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/02 14:28:51.0691 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/02 14:28:51.0759 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/02 14:28:51.0789 5068 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/02 14:28:51.0829 5068 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/02 14:28:51.0901 5068 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/02 14:28:51.0971 5068 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/04/02 14:28:52.0084 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/02 14:28:52.0159 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/02 14:28:52.0194 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/02 14:28:52.0224 5068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/02 14:28:52.0264 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/02 14:28:52.0311 5068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/02 14:28:52.0336 5068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/02 14:28:52.0409 5068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/02 14:28:52.0484 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/02 14:28:52.0524 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/02 14:28:52.0596 5068 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/02 14:28:52.0626 5068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/02 14:28:52.0724 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/02 14:28:52.0761 5068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 14:28:52.0786 5068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 14:28:52.0871 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/02 14:28:52.0899 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/02 14:28:53.0009 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/02 14:28:53.0041 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/02 14:28:53.0134 5068 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/02 14:28:53.0172 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/02 14:28:53.0229 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/02 14:28:53.0269 5068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/02 14:28:53.0377 5068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/02 14:28:53.0462 5068 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/04/02 14:28:53.0567 5068 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/04/02 14:28:53.0654 5068 ================================================================================
2011/04/02 14:28:53.0654 5068 Scan finished
2011/04/02 14:28:53.0654 5068 ================================================================================
Hi,
Please re-run Spybot and see if it's able to fix its findings. Post back the report of remaining bad items.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
OK I ran Spybot
It found the following...
BurstMedia
CasaleMedia
Click.GiftLoad
DoubleClick
FastClick
MediaPlex
Right Media
Statcountry
Zedo
In case you need it I'll paste the Spybot log below....
--- Search result list ---
Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1
MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, DpAgent
command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
Located: HK_LM:Run, HPCam_Menu
command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: CD1E74BC24CB1D1544406741F46F4D61
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, MVS Splash
command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
Located: HK_LM:Run, QlbCtrl.exe
command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 11:45:14 AM
Date (last access): 4/1/2011 12:40:04 PM
Date (last write): 1/30/2011 11:45:14 AM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: DigitalPersona Personal Extension
CLSID name: DigitalPersona Personal Extension
Path: C:\Program Files (x86)\DigitalPersona\Bin\
Long name: DpOtsPluginIe8.dll
Short name: DPOTSP~1.DLL
Date (created): 12/1/2009 1:37:48 PM
Date (last access): 10/12/2010 9:47:12 PM
Date (last write): 12/1/2009 1:37:48 PM
Filesize: 1256512
Attributes: archive
MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
CRC32: 8E02630C
Version: 5.0.0.3790
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/21/2009 11:09:06 PM
Date (last access): 12/21/2009 11:09:06 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
Long name: ScriptSn.20100802144004.dll
Short name: SCRIPT~1.DLL
Date (created): 8/2/2010 2:40:06 PM
Date (last access): 8/2/2010 2:40:06 PM
Date (last write): 12/15/2009 3:25:50 PM
Filesize: 62784
Attributes: archive
MD5: 9421AB13002A83C0629B96BE06139241
CRC32: E417E975
Version: 14.0.0.438
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 6:41:30 PM
Date (last access): 8/15/2009 5:20:04 AM
Date (last write): 1/22/2009 6:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
Long name: McIEPlg.dll
Short name:
Date (created): 12/16/2009 8:31:00 PM
Date (last access): 4/12/2010 10:10:44 AM
Date (last write): 12/16/2009 8:31:00 PM
Filesize: 116032
Attributes: archive
MD5: 62A9C0FF5A7231E9A7D6490C31411515
CRC32: 6A52AE99
Version: 3.0.0.539
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NitroPDFBHO Class
CLSID name:
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Microsoft Live Search Toolbar Helper
Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 4/7/2009 8:15:54 PM
Date (last access): 8/15/2009 8:12:22 AM
Date (last write): 4/7/2009 8:15:54 PM
Filesize: 82784
Attributes: archive
MD5: F24D277095D2B74FC97BA9BD35268EE8
CRC32: B62D4AAB
Version: 3.0.560.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/9/2011 4:31:20 PM
Date (last access): 3/25/2011 1:13:46 AM
Date (last write): 2/9/2011 4:31:20 PM
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~2.DLL
Date (created): 11/16/2009 2:54:18 PM
Date (last access): 11/16/2009 2:54:18 PM
Date (last write): 11/16/2009 2:54:18 PM
Filesize: 459480
Attributes: archive
MD5: D814967E656216F251E3F2C6070BCD63
CRC32: 68C70C16
Version: 1.0.0.211
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 4/1/2011 12:45:04 PM
Date (last access): 4/1/2011 12:45:04 PM
Date (last write): 1/25/2011 4:09:22 PM
Filesize: 3381024
Attributes: archive
MD5: B51BB6A174641FBDA164396FEF152151
CRC32: 1B979B83
Version: 1.0.0.6425
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
DPF name:
CLSID name: diskhealth Class
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...iskMD3Ctrl.dll
Path: C:\Windows\Downloaded Program Files\
Long name: DiskMD3Ctrl.dll
Short name: DISKMD~1.DLL
Date (created): 10/28/2010 12:14:32 PM
Date (last access): 10/28/2010 12:14:32 PM
Date (last write): 10/28/2010 12:14:32 PM
Filesize: 344216
Attributes: archive
MD5: A79B4C5306E5E5E98400232DCCEE4D34
CRC32: 76B448AC
Version: 1.0.0.23
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
DPF name:
CLSID name: PCMaticVer Class
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PCMaticCtrl.dll
Short name: PCMATI~1.DLL
Date (created): 3/18/2010 1:21:20 PM
Date (last access): 3/18/2010 1:21:20 PM
Date (last write): 3/18/2010 1:21:20 PM
Filesize: 91320
Attributes: archive
MD5: 038C8B41A21A9ACF0930F2B5978559EE
CRC32: 1DF117B7
Version: 1.0.0.8
{A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
DPF name:
CLSID name: PCPitstop AntiVirus
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...pAntiVirus.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstopAntiVirus.dll
Short name: PCPITS~4.DLL
Date (created): 1/19/2010 8:40:20 PM
Date (last access): 1/19/2010 8:40:20 PM
Date (last write): 1/19/2010 8:40:22 PM
Filesize: 197304
Attributes: archive
MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
CRC32: 39CAE85A
Version: 1.0.0.12
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab
Path: C:\Windows\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 2/4/2010 12:55:38 PM
Date (last access): 2/4/2010 12:55:38 PM
Date (last write): 2/4/2010 12:55:38 PM
Filesize: 3171608
Attributes: archive
MD5: C7103946ED86FAC01E23C457EDD7F719
CRC32: 65FF7081
Version: 1.0.31.0
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 2/2/2011 7:19:42 PM
Date (last access): 2/2/2011 9:42:34 PM
Date (last write): 2/2/2011 9:40:34 PM
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7
{D27CDB6E-AE6D-11CF-96B8-444553635000} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...pcpitstop2.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~3.DLL
Date (created): 6/9/2010 3:18:06 PM
Date (last access): 6/9/2010 3:18:06 PM
Date (last write): 6/9/2010 3:18:06 PM
Filesize: 405176
Attributes: archive
MD5: 4A77B60A19B6179F0F9E88AD89E79F13
CRC32: CC97C726
Version: 1.0.0.37
--- Process list ---
PID: 0 ( 0) [System]
PID: 4504 (5080) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
PID: 352 (5080) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
PID: 1852 (5080) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
PID: 4856 (5080) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
PID: 2368 (5080) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 3976 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 939848
MD5: A852BEC60713B0465DFB0E899FDADBC8
PID: 4604 (4128) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
size: 12995952
MD5: 2A8AEFDE5BED57D232ECF9482336E139
PID: 3488 (4128) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
size: 44814336
MD5: 8BBFFD6536EF589FC2D2820F6E377ABD
PID: 6080 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 12116 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 11708 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 5880 (11708) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 11636 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 6940 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
size: 130400
MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
PID: 13992 (4128) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 372 ( 4) smss.exe
PID: 532 ( 524) csrss.exe
PID: 608 ( 524) wininit.exe
size: 96256
PID: 632 ( 620) csrss.exe
PID: 676 ( 608) services.exe
PID: 692 ( 608) lsass.exe
PID: 700 ( 608) lsm.exe
PID: 804 ( 676) svchost.exe
size: 20992
PID: 868 ( 676) nvvsvc.exe
PID: 908 ( 676) svchost.exe
size: 20992
PID: 972 ( 676) svchost.exe
size: 20992
PID: 1012 ( 676) svchost.exe
size: 20992
PID: 140 ( 676) svchost.exe
size: 20992
PID: 488 ( 676) stacsv64.exe
PID: 1124 ( 676) svchost.exe
size: 20992
PID: 1176 ( 676) hpservice.exe
PID: 1224 ( 676) vcsFPService.exe
size: 1656112
PID: 1284 ( 676) svchost.exe
size: 20992
PID: 1380 ( 620) winlogon.exe
PID: 1412 ( 676) AAWService.exe
PID: 1536 ( 676) spoolsv.exe
PID: 1568 ( 676) DpHostW.exe
PID: 1672 ( 676) svchost.exe
size: 20992
PID: 1780 ( 676) AESTSr64.exe
PID: 1816 ( 676) AppleMobileDeviceService.exe
PID: 1892 ( 868) nvvsvc.exe
PID: 1036 ( 676) cronsvc.exe
PID: 1184 ( 676) EngineServer.exe
PID: 1612 ( 676) LSSrvc.exe
PID: 1620 ( 676) lxcqcoms.exe
size: 537520
PID: 1728 ( 676) McSACore.exe
PID: 2084 ( 676) McShield.exe
PID: 2188 ( 676) MpfSrv.exe
PID: 2496 ( 676) myAgtSvc.exe
PID: 2588 ( 676) RichVideo.exe
PID: 2648 ( 676) svchost.exe
size: 20992
PID: 2732 ( 676) TVCapSvc.exe
PID: 2824 ( 676) SDWinSec.exe
PID: 2684 ( 804) unsecapp.exe
PID: 3124 ( 804) WmiPrvSE.exe
PID: 3652 ( 676) svchost.exe
size: 20992
PID: 3856 (1012) WUDFHost.exe
PID: 3756 ( 676) C:\Windows\System32\taskhost.exe
PID: 2552 (1012) C:\Windows\System32\dwm.exe
PID: 4104 ( 804) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 4128 (1960) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 4276 ( 676) svchost.exe
size: 20992
PID: 5104 (4128) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2096424
MD5: 26D207379AF9B717538D1F7E2D9A58CB
PID: 5064 (4128) C:\Program Files\IDT\WDM\sttray64.exe
size: 450048
MD5: 7A2C26459B599A2D6D5401F73ACA1981
PID: 5076 (4128) C:\Program Files\Java\jre6\bin\jusched.exe
size: 171520
MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
PID: 5000 (4128) C:\Windows\WindowsMobile\wmdc.exe
size: 660360
MD5: 233A10D4B3F6897899112E4EC60F1906
PID: 4552 (5104) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 121128
MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
PID: 5052 ( 676) svchost.exe
size: 20992
PID: 4176 ( 676) SearchIndexer.exe
size: 428032
PID: 4464 (1852) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
size: 163392
MD5: 4ACF5383E778D14C7ECB60534AE7358D
PID: 4220 ( 676) hpqWmiEx.exe
PID: 5080 ( 676) Com4QLBEx.exe
PID: 4232 ( 676) iPodService.exe
PID: 1552 ( 676) HPHC_Service.exe
PID: 2360 ( 676) wmpnetwk.exe
PID: 5628 ( 804) C:\Windows\ehome\ehmsas.exe
size: 48640
MD5: 0857BF4842D85BC7FEA8DA6A24CC7921
PID: 6132 ( 676) ehrecvr.exe
PID: 5992 ( 676) FNPLicensingService.exe
PID: 6552 (3488) C:\Windows\splwow64.exe
size: 61952
MD5: 88454E4E3D0DC64E9FBC5E9D1BDBA771
PID: 6620 ( 804) C:\Windows\System32\dllhost.exe
size: 7168
MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID: 10160 ( 140) taskeng.exe
size: 192000
PID: 13260 ( 972) audiodg.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/3/2011 4:35:41 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Please re-run Spybot after a reboot. Post back about findings.
Microsoft Windows Insider MVP 2016-2020
Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
If you have problems create a thread in the forum, please.
Malware removal instructions are for the correspondent user's case only.
I restarted and ran Spybot.. No threats were found.. I restarted the computer and ran Spybot again - and it once again found Click.Giftload
This thing just doesn't seem to go away.
Any other suggestions? Is it this hard to remove in other people's computers too?
Regardless, thanks for all the effort. It looks like I may have to live with this thing.
Here is the most recent Spybot report..
Even though I "Fixed Selected Problems" after a restart and another Spybot scan the following were found:
Click.GiftLoad, DoubleClick and Right Media
--- Search result list ---
Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1
DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)
Right Media: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, DpAgent
command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
Located: HK_LM:Run, HPCam_Menu
command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: CD1E74BC24CB1D1544406741F46F4D61
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, MVS Splash
command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
Located: HK_LM:Run, QlbCtrl.exe
command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 11:45:14 AM
Date (last access): 4/1/2011 12:40:04 PM
Date (last write): 1/30/2011 11:45:14 AM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: DigitalPersona Personal Extension
CLSID name: DigitalPersona Personal Extension
Path: C:\Program Files (x86)\DigitalPersona\Bin\
Long name: DpOtsPluginIe8.dll
Short name: DPOTSP~1.DLL
Date (created): 12/1/2009 1:37:48 PM
Date (last access): 10/12/2010 9:47:12 PM
Date (last write): 12/1/2009 1:37:48 PM
Filesize: 1256512
Attributes: archive
MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
CRC32: 8E02630C
Version: 5.0.0.3790
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/21/2009 11:09:06 PM
Date (last access): 12/21/2009 11:09:06 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
Long name: ScriptSn.20100802144004.dll
Short name: SCRIPT~1.DLL
Date (created): 8/2/2010 2:40:06 PM
Date (last access): 8/2/2010 2:40:06 PM
Date (last write): 12/15/2009 3:25:50 PM
Filesize: 62784
Attributes: archive
MD5: 9421AB13002A83C0629B96BE06139241
CRC32: E417E975
Version: 14.0.0.438
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 6:41:30 PM
Date (last access): 8/15/2009 5:20:04 AM
Date (last write): 1/22/2009 6:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
Long name: McIEPlg.dll
Short name:
Date (created): 12/16/2009 8:31:00 PM
Date (last access): 4/12/2010 10:10:44 AM
Date (last write): 12/16/2009 8:31:00 PM
Filesize: 116032
Attributes: archive
MD5: 62A9C0FF5A7231E9A7D6490C31411515
CRC32: 6A52AE99
Version: 3.0.0.539
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NitroPDFBHO Class
CLSID name:
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Microsoft Live Search Toolbar Helper
Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 4/7/2009 8:15:54 PM
Date (last access): 8/15/2009 8:12:22 AM
Date (last write): 4/7/2009 8:15:54 PM
Filesize: 82784
Attributes: archive
MD5: F24D277095D2B74FC97BA9BD35268EE8
CRC32: B62D4AAB
Version: 3.0.560.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/9/2011 4:31:20 PM
Date (last access): 3/25/2011 1:13:46 AM
Date (last write): 2/9/2011 4:31:20 PM
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~2.DLL
Date (created): 11/16/2009 2:54:18 PM
Date (last access): 11/16/2009 2:54:18 PM
Date (last write): 11/16/2009 2:54:18 PM
Filesize: 459480
Attributes: archive
MD5: D814967E656216F251E3F2C6070BCD63
CRC32: 68C70C16
Version: 1.0.0.211
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 4/1/2011 12:45:04 PM
Date (last access): 4/1/2011 12:45:04 PM
Date (last write): 1/25/2011 4:09:22 PM
Filesize: 3381024
Attributes: archive
MD5: B51BB6A174641FBDA164396FEF152151
CRC32: 1B979B83
Version: 1.0.0.6425
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
DPF name:
CLSID name: diskhealth Class
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...iskMD3Ctrl.dll
Path: C:\Windows\Downloaded Program Files\
Long name: DiskMD3Ctrl.dll
Short name: DISKMD~1.DLL
Date (created): 10/28/2010 12:14:32 PM
Date (last access): 10/28/2010 12:14:32 PM
Date (last write): 10/28/2010 12:14:32 PM
Filesize: 344216
Attributes: archive
MD5: A79B4C5306E5E5E98400232DCCEE4D34
CRC32: 76B448AC
Version: 1.0.0.23
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
DPF name:
CLSID name: PCMaticVer Class
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PCMaticCtrl.dll
Short name: PCMATI~1.DLL
Date (created): 3/18/2010 1:21:20 PM
Date (last access): 3/18/2010 1:21:20 PM
Date (last write): 3/18/2010 1:21:20 PM
Filesize: 91320
Attributes: archive
MD5: 038C8B41A21A9ACF0930F2B5978559EE
CRC32: 1DF117B7
Version: 1.0.0.8
{A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
DPF name:
CLSID name: PCPitstop AntiVirus
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...pAntiVirus.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstopAntiVirus.dll
Short name: PCPITS~4.DLL
Date (created): 1/19/2010 8:40:20 PM
Date (last access): 1/19/2010 8:40:20 PM
Date (last write): 1/19/2010 8:40:22 PM
Filesize: 197304
Attributes: archive
MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
CRC32: 39CAE85A
Version: 1.0.0.12
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab
Path: C:\Windows\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 2/4/2010 12:55:38 PM
Date (last access): 2/4/2010 12:55:38 PM
Date (last write): 2/4/2010 12:55:38 PM
Filesize: 3171608
Attributes: archive
MD5: C7103946ED86FAC01E23C457EDD7F719
CRC32: 65FF7081
Version: 1.0.31.0
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 2/2/2011 7:19:42 PM
Date (last access): 2/2/2011 9:42:34 PM
Date (last write): 2/2/2011 9:40:34 PM
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7
{D27CDB6E-AE6D-11CF-96B8-444553635000} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/Nirva...pcpitstop2.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~3.DLL
Date (created): 6/9/2010 3:18:06 PM
Date (last access): 6/9/2010 3:18:06 PM
Date (last write): 6/9/2010 3:18:06 PM
Filesize: 405176
Attributes: archive
MD5: 4A77B60A19B6179F0F9E88AD89E79F13
CRC32: CC97C726
Version: 1.0.0.37
--- Process list ---
PID: 0 ( 0) [System]
PID: 4632 (4500) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
PID: 4724 (4500) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
PID: 4744 (4500) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
PID: 4768 (4500) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
PID: 4784 (4500) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 620 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 939848
MD5: A852BEC60713B0465DFB0E899FDADBC8
PID: 1404 (1956) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5088 (1956) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 963976
MD5: 4CEC4B72C5B255EC2F7C54CD03554540
PID: 5032 (1956) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 2356 (5032) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 4380 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
size: 130400
MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
PID: 4 ( 0) System
PID: 372 ( 4) smss.exe
PID: 532 ( 520) csrss.exe
PID: 608 ( 520) wininit.exe
size: 96256
PID: 632 ( 620) csrss.exe
PID: 668 ( 608) services.exe
PID: 688 ( 608) lsass.exe
PID: 696 ( 608) lsm.exe
PID: 804 ( 668) svchost.exe
size: 20992
PID: 868 ( 668) nvvsvc.exe
PID: 908 ( 668) svchost.exe
size: 20992
PID: 980 ( 668) svchost.exe
size: 20992
PID: 1012 ( 668) svchost.exe
size: 20992
PID: 340 ( 668) svchost.exe
size: 20992
PID: 488 ( 668) stacsv64.exe
PID: 1136 ( 668) svchost.exe
size: 20992
PID: 1180 ( 668) hpservice.exe
PID: 1228 ( 668) vcsFPService.exe
size: 1656112
PID: 1284 ( 668) svchost.exe
size: 20992
PID: 1376 ( 620) winlogon.exe
PID: 1412 ( 668) AAWService.exe
PID: 1556 ( 668) spoolsv.exe
PID: 1592 ( 668) DpHostW.exe
PID: 1664 ( 668) svchost.exe
size: 20992
PID: 1752 ( 668) AESTSr64.exe
PID: 1792 ( 668) AppleMobileDeviceService.exe
PID: 1864 ( 868) nvvsvc.exe
PID: 1996 ( 668) mDNSResponder.exe
PID: 2020 ( 668) cronsvc.exe
PID: 1068 ( 668) EngineServer.exe
PID: 1212 ( 668) LSSrvc.exe
PID: 1700 ( 668) lxcqcoms.exe
size: 537520
PID: 360 ( 668) McSACore.exe
PID: 2072 ( 668) McShield.exe
PID: 2156 ( 668) MpfSrv.exe
PID: 2524 ( 668) myAgtSvc.exe
PID: 2616 ( 668) RichVideo.exe
PID: 2676 ( 668) svchost.exe
size: 20992
PID: 2780 ( 668) TVCapSvc.exe
PID: 2896 ( 668) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2436 ( 804) unsecapp.exe
PID: 3140 ( 804) WmiPrvSE.exe
PID: 3980 ( 668) svchost.exe
size: 20992
PID: 3380 (1012) WUDFHost.exe
PID: 4040 ( 668) C:\Windows\System32\taskhost.exe
PID: 3700 (1012) C:\Windows\System32\dwm.exe
PID: 1956 (3240) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 4216 ( 668) svchost.exe
size: 20992
PID: 4400 (1956) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2096424
MD5: 26D207379AF9B717538D1F7E2D9A58CB
PID: 4436 (1956) C:\Program Files\IDT\WDM\sttray64.exe
size: 450048
MD5: 7A2C26459B599A2D6D5401F73ACA1981
PID: 4476 (1956) C:\Program Files\Java\jre6\bin\jusched.exe
size: 171520
MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
PID: 4492 (1956) C:\Windows\WindowsMobile\wmdc.exe
size: 660360
MD5: 233A10D4B3F6897899112E4EC60F1906
PID: 4540 ( 668) svchost.exe
size: 20992
PID: 4676 (4400) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 121128
MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
PID: 4924 (4744) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
size: 163392
MD5: 4ACF5383E778D14C7ECB60534AE7358D
PID: 4180 ( 668) hpqWmiEx.exe
PID: 4816 ( 668) Com4QLBEx.exe
PID: 4868 ( 668) SearchIndexer.exe
size: 428032
PID: 1644 ( 668) iPodService.exe
PID: 4344 ( 668) HPHC_Service.exe
PID: 4988 ( 668) wmpnetwk.exe
PID: 3648 ( 980) audiodg.exe
PID: 4960 (4868) C:\Windows\System32\SearchProtocolHost.exe
size: 164352
MD5: 89ED7C028A487340B7D93D5A38FDCB54
PID: 4468 (4868) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: 8A674F9AB20B4937357BF6F5A0938EBF
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/4/2011 12:22:22 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip[*]
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP