Page 2 of 5 FirstFirst 12345 LastLast
Results 11 to 20 of 43

Thread: click.GiftLoad Removal

  1. #11
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    Spoke too soon.. Click.GiftLoad was just found by Search & Destroy.. Looks like ComboFix was not able to get rid of it?

  2. #12
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. A few more things to do.

    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    DDS::
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "OwelyQt"=-

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is not checkmarked.
    • Click Scan
    • Wait for the scan to finish.


    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #13
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    Ok I scanned with ESET but there was no report at the end.. After two hours of scanning it completed it's scan and noted "no threats found"

    Below is the ComboFix log after I dragged the .txt file you had me made into it's icon on my desktop... And below it I've pasted the fresh DDS log...



    ComboFix 11-03-30.03 - John 04/01/2011 12:05:18.2.8 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2331 [GMT -4:00]
    Running from: c:\users\John\Downloads\ComboFix.exe
    Command switches used :: c:\users\John\Desktop\CFScript.txt
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Resident AV is active
    .
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
    .
    .
    2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
    2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
    2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
    2011-03-28 18:41 . 2011-03-29 20:44 -------- d-----w- c:\users\John\AppData\Local\Adobe
    2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
    2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
    2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
    2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
    2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
    2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
    2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
    2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
    2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
    2011-03-14 04:20 . 2011-04-01 16:02 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
    2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
    2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
    2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
    2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
    2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
    2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
    2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
    2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
    2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
    2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
    2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
    2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
    2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
    2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
    2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
    2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
    2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\users\John\AppData\Local\Sunbelt Software
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
    2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
    2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
    2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
    2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
    2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
    2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
    2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
    2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
    2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
    2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
    2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
    2011-01-05 04:00 . 2011-02-09 16:34 3127808 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2011-03-31_18.46.36 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-07-14 04:54 . 2011-03-31 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-01 16:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-08-15 09:17 . 2011-03-31 21:19 54924 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2009-07-14 05:10 . 2011-03-31 21:20 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
    + 2009-12-10 19:21 . 2011-03-31 21:20 16850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413551326-45703177-197955308-1000_UserData.bin
    - 2009-11-02 08:28 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2009-11-02 08:28 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2009-11-02 08:28 . 2011-03-25 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2009-11-02 08:28 . 2011-03-31 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2009-07-14 04:54 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2009-07-14 04:54 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2009-12-14 01:16 . 2011-04-01 14:03 355622 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
    + 2009-07-14 05:01 . 2011-03-31 20:51 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    - 2009-07-14 05:01 . 2011-03-31 18:44 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
    + 2009-07-14 02:34 . 2011-04-01 14:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-07-14 02:34 . 2011-03-31 15:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
    - 2009-12-12 01:55 . 2011-03-31 18:44 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
    + 2009-12-12 01:55 . 2011-03-31 20:51 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
    "MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
    "DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
    R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
    R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
    S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
    S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
    S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
    S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
    S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
    S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
    S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
    S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
    S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
    S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
    S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
    .
    2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
    "LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.yahoo.com/
    uLocal Page = c:\windows\system32\blank.htm
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
    "ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-04-01 12:14:49
    ComboFix-quarantined-files.txt 2011-04-01 16:14
    ComboFix2.txt 2011-03-31 19:01
    .
    Pre-Run: 168,438,026,240 bytes free
    Post-Run: 168,221,753,344 bytes free
    .
    - - End Of File - - 4F2A897B73DC9BB124AEF23FC0BD0F89






    .
    DDS (Ver_11-03-05.01) - NTFS_AMD64
    Run by John at 15:15:32.18 on Fri 04/01/2011
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1554 [GMT -4:00]
    .
    AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
    AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
    FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vcsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Prey\platform\windows\cronsvc.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\lxcqcoms.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
    C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\DigitalPersona\Bin\DPAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBEI1C0P\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.yahoo.com/
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
    TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    dPolicies-system: WallpaperStyle = 2
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
    IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
    IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
    Trusted Zone: //about.htm/
    Trusted Zone: //Exclude.htm/
    Trusted Zone: //FWEvent.htm/
    Trusted Zone: //LanguageSelection.htm/
    Trusted Zone: //Message.htm/
    Trusted Zone: //MyAgttryCmd.htm/
    Trusted Zone: //MyAgttryNag.htm/
    Trusted Zone: //MyNotification.htm/
    Trusted Zone: //NOCLessUpdate.htm/
    Trusted Zone: //quarantine.htm/
    Trusted Zone: //ScanNow.htm/
    Trusted Zone: //strings.vbs/
    Trusted Zone: //Template.htm/
    Trusted Zone: //Update.htm/
    Trusted Zone: //VirFound.htm/
    Trusted Zone: mcafee.com\*
    Trusted Zone: mcafeeasap.com\betavscan
    Trusted Zone: mcafeeasap.com\vs
    Trusted Zone: mcafeeasap.com\www
    DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
    DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
    DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
    DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
    Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
    BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    BHO-X64: DigitalPersona Personal Extension - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
    BHO-X64: scriptproxy - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
    mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
    R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
    R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
    R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
    R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
    R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
    R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
    R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
    R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
    R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
    R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
    R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
    R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
    R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
    R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
    R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
    R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
    S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
    S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
    S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
    S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
    .
    =============== Created Last 30 ================
    .
    2011-04-01 19:12:56 -------- d-sh--w- C:\$RECYCLE.BIN
    2011-04-01 16:45:01 -------- d-----w- C:\Program Files (x86)\ESET
    2011-04-01 16:36:46 32592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
    2011-03-31 18:24:22 98816 ----a-w- C:\Windows\sed.exe
    2011-03-31 18:24:22 89088 ----a-w- C:\Windows\MBR.exe
    2011-03-31 18:24:22 256512 ----a-w- C:\Windows\PEV.exe
    2011-03-31 18:24:22 161792 ----a-w- C:\Windows\SWREG.exe
    2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
    2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
    2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
    2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
    2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
    2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
    2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
    2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
    2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
    2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
    2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
    2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
    2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
    2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
    2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
    2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
    2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
    2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
    2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
    2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
    2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
    2011-03-14 04:17:12 -------- d-----w- C:\Prey
    2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
    2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
    2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
    2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
    2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
    2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
    2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
    2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
    2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
    .
    ==================== Find3M ====================
    .
    2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
    2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
    2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 15:16:55.56 ===============

  4. #14
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    1. Download TDSSKiller and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
    2. Execute the file TDSSKiller.exe.
    3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
    4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #15
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    OK I scanned with TDSSKiller but no threats were found. Below is the log file info..


    2011/04/02 14:28:30.0019 4272 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
    2011/04/02 14:28:30.0191 4272 ================================================================================
    2011/04/02 14:28:30.0191 4272 SystemInfo:
    2011/04/02 14:28:30.0191 4272
    2011/04/02 14:28:30.0191 4272 OS Version: 6.1.7600 ServicePack: 0.0
    2011/04/02 14:28:30.0191 4272 Product type: Workstation
    2011/04/02 14:28:30.0194 4272 ComputerName: HPDV8T
    2011/04/02 14:28:30.0194 4272 UserName: John
    2011/04/02 14:28:30.0194 4272 Windows directory: C:\Windows
    2011/04/02 14:28:30.0194 4272 System windows directory: C:\Windows
    2011/04/02 14:28:30.0194 4272 Running under WOW64
    2011/04/02 14:28:30.0194 4272 Processor architecture: Intel x64
    2011/04/02 14:28:30.0194 4272 Number of processors: 8
    2011/04/02 14:28:30.0194 4272 Page size: 0x1000
    2011/04/02 14:28:30.0194 4272 Boot type: Normal boot
    2011/04/02 14:28:30.0194 4272 ================================================================================
    2011/04/02 14:28:30.0576 4272 Initialize success
    2011/04/02 14:28:36.0279 5068 ================================================================================
    2011/04/02 14:28:36.0279 5068 Scan started
    2011/04/02 14:28:36.0279 5068 Mode: Manual;
    2011/04/02 14:28:36.0279 5068 ================================================================================
    2011/04/02 14:28:36.0679 5068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
    2011/04/02 14:28:36.0746 5068 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
    2011/04/02 14:28:36.0799 5068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
    2011/04/02 14:28:36.0856 5068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
    2011/04/02 14:28:36.0934 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
    2011/04/02 14:28:37.0021 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
    2011/04/02 14:28:37.0079 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
    2011/04/02 14:28:37.0176 5068 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
    2011/04/02 14:28:37.0299 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
    2011/04/02 14:28:37.0371 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
    2011/04/02 14:28:37.0409 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
    2011/04/02 14:28:37.0456 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
    2011/04/02 14:28:37.0504 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
    2011/04/02 14:28:37.0584 5068 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
    2011/04/02 14:28:37.0664 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
    2011/04/02 14:28:37.0714 5068 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
    2011/04/02 14:28:37.0779 5068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
    2011/04/02 14:28:37.0911 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
    2011/04/02 14:28:37.0989 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
    2011/04/02 14:28:38.0046 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
    2011/04/02 14:28:38.0081 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
    2011/04/02 14:28:38.0166 5068 AVerBDA6x_x64 (c416791c85ed2998d458db434a61e766) C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
    2011/04/02 14:28:38.0304 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
    2011/04/02 14:28:38.0369 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
    2011/04/02 14:28:38.0436 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
    2011/04/02 14:28:38.0556 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
    2011/04/02 14:28:38.0629 5068 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
    2011/04/02 14:28:38.0711 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
    2011/04/02 14:28:38.0746 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
    2011/04/02 14:28:38.0776 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
    2011/04/02 14:28:38.0799 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
    2011/04/02 14:28:38.0861 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
    2011/04/02 14:28:38.0894 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
    2011/04/02 14:28:38.0919 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
    2011/04/02 14:28:39.0086 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
    2011/04/02 14:28:39.0176 5068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
    2011/04/02 14:28:39.0241 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
    2011/04/02 14:28:39.0316 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
    2011/04/02 14:28:39.0434 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
    2011/04/02 14:28:39.0506 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
    2011/04/02 14:28:39.0566 5068 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
    2011/04/02 14:28:39.0666 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
    2011/04/02 14:28:39.0776 5068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
    2011/04/02 14:28:39.0996 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
    2011/04/02 14:28:40.0146 5068 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
    2011/04/02 14:28:40.0204 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
    2011/04/02 14:28:40.0281 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
    2011/04/02 14:28:40.0356 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
    2011/04/02 14:28:40.0406 5068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
    2011/04/02 14:28:40.0496 5068 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
    2011/04/02 14:28:40.0599 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
    2011/04/02 14:28:40.0744 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
    2011/04/02 14:28:40.0809 5068 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
    2011/04/02 14:28:40.0879 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
    2011/04/02 14:28:40.0991 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
    2011/04/02 14:28:41.0031 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
    2011/04/02 14:28:41.0094 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
    2011/04/02 14:28:41.0126 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
    2011/04/02 14:28:41.0149 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
    2011/04/02 14:28:41.0194 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
    2011/04/02 14:28:41.0244 5068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
    2011/04/02 14:28:41.0324 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
    2011/04/02 14:28:41.0349 5068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
    2011/04/02 14:28:41.0406 5068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
    2011/04/02 14:28:41.0461 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
    2011/04/02 14:28:41.0536 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
    2011/04/02 14:28:41.0601 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
    2011/04/02 14:28:41.0674 5068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
    2011/04/02 14:28:41.0746 5068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
    2011/04/02 14:28:41.0786 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
    2011/04/02 14:28:41.0821 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
    2011/04/02 14:28:41.0899 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
    2011/04/02 14:28:41.0959 5068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
    2011/04/02 14:28:42.0034 5068 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
    2011/04/02 14:28:42.0086 5068 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
    2011/04/02 14:28:42.0169 5068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
    2011/04/02 14:28:42.0259 5068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
    2011/04/02 14:28:42.0336 5068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
    2011/04/02 14:28:42.0404 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
    2011/04/02 14:28:42.0446 5068 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
    2011/04/02 14:28:42.0501 5068 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
    2011/04/02 14:28:42.0679 5068 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
    2011/04/02 14:28:42.0841 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
    2011/04/02 14:28:42.0904 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
    2011/04/02 14:28:42.0974 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
    2011/04/02 14:28:43.0029 5068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
    2011/04/02 14:28:43.0066 5068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
    2011/04/02 14:28:43.0094 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
    2011/04/02 14:28:43.0176 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
    2011/04/02 14:28:43.0244 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
    2011/04/02 14:28:43.0279 5068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
    2011/04/02 14:28:43.0316 5068 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
    2011/04/02 14:28:43.0379 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
    2011/04/02 14:28:43.0409 5068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
    2011/04/02 14:28:43.0506 5068 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
    2011/04/02 14:28:43.0549 5068 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
    2011/04/02 14:28:43.0581 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
    2011/04/02 14:28:43.0666 5068 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
    2011/04/02 14:28:43.0809 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
    2011/04/02 14:28:43.0896 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
    2011/04/02 14:28:43.0914 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
    2011/04/02 14:28:43.0934 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
    2011/04/02 14:28:43.0969 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
    2011/04/02 14:28:44.0044 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
    2011/04/02 14:28:44.0121 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
    2011/04/02 14:28:44.0161 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
    2011/04/02 14:28:44.0229 5068 MfeAVFK (e4b0f496c8e790343439149e53e82ff7) C:\Windows\system32\drivers\MfeAVFK.sys
    2011/04/02 14:28:44.0294 5068 mfehidk (93284867c712ad4cc4e3dadaf3269059) C:\Windows\system32\drivers\mfehidk.sys
    2011/04/02 14:28:44.0349 5068 MfeRKDk (d089618d9bb95cb5e3b8432e4b54674b) C:\Windows\system32\drivers\MfeRKDk.sys
    2011/04/02 14:28:44.0379 5068 mfetdik (acc9399ca33fa3fb937ecbc64bf06dde) C:\Windows\system32\drivers\mfetdik.sys
    2011/04/02 14:28:44.0441 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
    2011/04/02 14:28:44.0476 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
    2011/04/02 14:28:44.0509 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
    2011/04/02 14:28:44.0584 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
    2011/04/02 14:28:44.0616 5068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
    2011/04/02 14:28:44.0656 5068 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
    2011/04/02 14:28:44.0701 5068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
    2011/04/02 14:28:44.0741 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
    2011/04/02 14:28:44.0784 5068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
    2011/04/02 14:28:44.0841 5068 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
    2011/04/02 14:28:44.0886 5068 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
    2011/04/02 14:28:44.0911 5068 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
    2011/04/02 14:28:44.0941 5068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
    2011/04/02 14:28:44.0986 5068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
    2011/04/02 14:28:45.0069 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
    2011/04/02 14:28:45.0126 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
    2011/04/02 14:28:45.0169 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
    2011/04/02 14:28:45.0244 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
    2011/04/02 14:28:45.0276 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
    2011/04/02 14:28:45.0289 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
    2011/04/02 14:28:45.0319 5068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
    2011/04/02 14:28:45.0351 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
    2011/04/02 14:28:45.0386 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
    2011/04/02 14:28:45.0414 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
    2011/04/02 14:28:45.0459 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
    2011/04/02 14:28:45.0549 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
    2011/04/02 14:28:45.0589 5068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
    2011/04/02 14:28:45.0646 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
    2011/04/02 14:28:45.0696 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
    2011/04/02 14:28:45.0729 5068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
    2011/04/02 14:28:45.0764 5068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
    2011/04/02 14:28:45.0819 5068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
    2011/04/02 14:28:45.0839 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
    2011/04/02 14:28:45.0861 5068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
    2011/04/02 14:28:46.0099 5068 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
    2011/04/02 14:28:46.0319 5068 netw5v64 (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
    2011/04/02 14:28:46.0436 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
    2011/04/02 14:28:46.0504 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
    2011/04/02 14:28:46.0541 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
    2011/04/02 14:28:46.0594 5068 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
    2011/04/02 14:28:46.0691 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
    2011/04/02 14:28:46.0756 5068 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
    2011/04/02 14:28:46.0966 5068 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
    2011/04/02 14:28:47.0099 5068 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
    2011/04/02 14:28:47.0131 5068 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
    2011/04/02 14:28:47.0219 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
    2011/04/02 14:28:47.0279 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
    2011/04/02 14:28:47.0449 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
    2011/04/02 14:28:47.0494 5068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
    2011/04/02 14:28:47.0524 5068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
    2011/04/02 14:28:47.0576 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
    2011/04/02 14:28:47.0604 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
    2011/04/02 14:28:47.0629 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
    2011/04/02 14:28:47.0669 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
    2011/04/02 14:28:47.0799 5068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
    2011/04/02 14:28:47.0844 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
    2011/04/02 14:28:47.0899 5068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
    2011/04/02 14:28:47.0964 5068 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
    2011/04/02 14:28:48.0081 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
    2011/04/02 14:28:48.0129 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
    2011/04/02 14:28:48.0176 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
    2011/04/02 14:28:48.0259 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
    2011/04/02 14:28:48.0319 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
    2011/04/02 14:28:48.0374 5068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
    2011/04/02 14:28:48.0404 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
    2011/04/02 14:28:48.0426 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
    2011/04/02 14:28:48.0464 5068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
    2011/04/02 14:28:48.0511 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
    2011/04/02 14:28:48.0556 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
    2011/04/02 14:28:48.0591 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
    2011/04/02 14:28:48.0614 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
    2011/04/02 14:28:48.0649 5068 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
    2011/04/02 14:28:48.0716 5068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
    2011/04/02 14:28:48.0836 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
    2011/04/02 14:28:48.0904 5068 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
    2011/04/02 14:28:48.0964 5068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
    2011/04/02 14:28:49.0021 5068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
    2011/04/02 14:28:49.0086 5068 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
    2011/04/02 14:28:49.0149 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
    2011/04/02 14:28:49.0231 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
    2011/04/02 14:28:49.0264 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
    2011/04/02 14:28:49.0314 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
    2011/04/02 14:28:49.0379 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
    2011/04/02 14:28:49.0394 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
    2011/04/02 14:28:49.0406 5068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
    2011/04/02 14:28:49.0431 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
    2011/04/02 14:28:49.0499 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
    2011/04/02 14:28:49.0524 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
    2011/04/02 14:28:49.0564 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
    2011/04/02 14:28:49.0636 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
    2011/04/02 14:28:49.0694 5068 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
    2011/04/02 14:28:49.0736 5068 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
    2011/04/02 14:28:49.0789 5068 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
    2011/04/02 14:28:49.0854 5068 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
    2011/04/02 14:28:49.0921 5068 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
    2011/04/02 14:28:49.0999 5068 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
    2011/04/02 14:28:50.0094 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
    2011/04/02 14:28:50.0166 5068 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
    2011/04/02 14:28:50.0296 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
    2011/04/02 14:28:50.0384 5068 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
    2011/04/02 14:28:50.0496 5068 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
    2011/04/02 14:28:50.0591 5068 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
    2011/04/02 14:28:50.0641 5068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
    2011/04/02 14:28:50.0669 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
    2011/04/02 14:28:50.0684 5068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
    2011/04/02 14:28:50.0729 5068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
    2011/04/02 14:28:50.0764 5068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
    2011/04/02 14:28:50.0886 5068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
    2011/04/02 14:28:50.0941 5068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
    2011/04/02 14:28:51.0001 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
    2011/04/02 14:28:51.0036 5068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
    2011/04/02 14:28:51.0119 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
    2011/04/02 14:28:51.0191 5068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
    2011/04/02 14:28:51.0219 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
    2011/04/02 14:28:51.0294 5068 USB28xxBGA (f140578471200f788fb5440e6e7cf36d) C:\Windows\system32\DRIVERS\emBDA64.sys
    2011/04/02 14:28:51.0356 5068 USB28xxOEM (983ff2fd729bfe699cfceddc6e61ebbf) C:\Windows\system32\DRIVERS\emOEM64.sys
    2011/04/02 14:28:51.0454 5068 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
    2011/04/02 14:28:51.0494 5068 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
    2011/04/02 14:28:51.0549 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
    2011/04/02 14:28:51.0574 5068 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
    2011/04/02 14:28:51.0614 5068 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
    2011/04/02 14:28:51.0639 5068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
    2011/04/02 14:28:51.0691 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
    2011/04/02 14:28:51.0759 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
    2011/04/02 14:28:51.0789 5068 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
    2011/04/02 14:28:51.0829 5068 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
    2011/04/02 14:28:51.0901 5068 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
    2011/04/02 14:28:51.0971 5068 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
    2011/04/02 14:28:52.0084 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
    2011/04/02 14:28:52.0159 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
    2011/04/02 14:28:52.0194 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
    2011/04/02 14:28:52.0224 5068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
    2011/04/02 14:28:52.0264 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
    2011/04/02 14:28:52.0311 5068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
    2011/04/02 14:28:52.0336 5068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
    2011/04/02 14:28:52.0409 5068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
    2011/04/02 14:28:52.0484 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
    2011/04/02 14:28:52.0524 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
    2011/04/02 14:28:52.0596 5068 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
    2011/04/02 14:28:52.0626 5068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
    2011/04/02 14:28:52.0724 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
    2011/04/02 14:28:52.0761 5068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/02 14:28:52.0786 5068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
    2011/04/02 14:28:52.0871 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
    2011/04/02 14:28:52.0899 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
    2011/04/02 14:28:53.0009 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
    2011/04/02 14:28:53.0041 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
    2011/04/02 14:28:53.0134 5068 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
    2011/04/02 14:28:53.0172 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
    2011/04/02 14:28:53.0229 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
    2011/04/02 14:28:53.0269 5068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
    2011/04/02 14:28:53.0377 5068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
    2011/04/02 14:28:53.0462 5068 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
    2011/04/02 14:28:53.0567 5068 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
    2011/04/02 14:28:53.0654 5068 ================================================================================
    2011/04/02 14:28:53.0654 5068 Scan finished
    2011/04/02 14:28:53.0654 5068 ================================================================================

  6. #16
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please re-run Spybot and see if it's able to fix its findings. Post back the report of remaining bad items.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #17
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    OK I ran Spybot
    It found the following...

    BurstMedia
    CasaleMedia
    Click.GiftLoad
    DoubleClick
    FastClick
    MediaPlex
    Right Media
    Statcountry
    Zedo

    In case you need it I'll paste the Spybot log below....

    --- Search result list ---
    Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, fixed)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1

    MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    Zedo: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    FastClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    Right Media: Tracking cookie (Internet Explorer: John) (Cookie, fixed)


    DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)


    Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-12-21 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-03-29 Includes\Malware.sbi (*)
    2011-03-29 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-25 Includes\TrojansC-02.sbi (*)
    2011-03-29 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-29 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    size: 35736
    MD5: 8A6683AC1DAFA824615BB3857EF8C709

    Located: HK_LM:Run, DpAgent
    command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    size: 842816
    MD5: 1D48CA37FAA59919C1138357ED67E14A

    Located: HK_LM:Run, HPCam_Menu
    command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
    size: 218408
    MD5: CD1E74BC24CB1D1544406741F46F4D61

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03

    Located: HK_LM:Run, MVS Splash
    command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    size: 476480
    MD5: D4CC3CF516A3D721AC6EFFCC69DD3247

    Located: HK_LM:Run, QlbCtrl.exe
    command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    size: 320056
    MD5: 0771A5C3B78967F9F83C1C429334AD2A

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

    Located: HK_LM:Run, UpdatePRCShortCut
    command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
    size: 222504
    MD5: 4EFCDF3DB1BBA69C09622991280C4ACB



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 1/30/2011 11:45:14 AM
    Date (last access): 4/1/2011 12:40:04 PM
    Date (last write): 1/30/2011 11:45:14 AM
    Filesize: 62376
    Attributes: archive
    MD5: F31208835709A62ECC5D45211D89C772
    CRC32: 7859C01E
    Version: 10.0.1.434

    {395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: DigitalPersona Personal Extension
    CLSID name: DigitalPersona Personal Extension
    Path: C:\Program Files (x86)\DigitalPersona\Bin\
    Long name: DpOtsPluginIe8.dll
    Short name: DPOTSP~1.DLL
    Date (created): 12/1/2009 1:37:48 PM
    Date (last access): 10/12/2010 9:47:12 PM
    Date (last write): 12/1/2009 1:37:48 PM
    Filesize: 1256512
    Attributes: archive
    MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
    CRC32: 8E02630C
    Version: 5.0.0.3790

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files (x86)\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 12/21/2009 11:09:06 PM
    Date (last access): 12/21/2009 11:09:06 PM
    Date (last write): 1/26/2009 4:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
    Long name: ScriptSn.20100802144004.dll
    Short name: SCRIPT~1.DLL
    Date (created): 8/2/2010 2:40:06 PM
    Date (last access): 8/2/2010 2:40:06 PM
    Date (last write): 12/15/2009 3:25:50 PM
    Filesize: 62784
    Attributes: archive
    MD5: 9421AB13002A83C0629B96BE06139241
    CRC32: E417E975
    Version: 14.0.0.438

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 1/22/2009 6:41:30 PM
    Date (last access): 8/15/2009 5:20:04 AM
    Date (last write): 1/22/2009 6:41:30 PM
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: McAfee SiteAdvisor BHO
    Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
    Long name: McIEPlg.dll
    Short name:
    Date (created): 12/16/2009 8:31:00 PM
    Date (last access): 4/12/2010 10:10:44 AM
    Date (last write): 12/16/2009 8:31:00 PM
    Filesize: 116032
    Attributes: archive
    MD5: 62A9C0FF5A7231E9A7D6490C31411515
    CRC32: 6A52AE99
    Version: 3.0.0.539

    {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: NitroPDFBHO Class
    CLSID name:

    {d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Microsoft Live Search Toolbar Helper
    Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
    Long name: msneshellx.dll
    Short name: MSNESH~1.DLL
    Date (created): 4/7/2009 8:15:54 PM
    Date (last access): 8/15/2009 8:12:22 AM
    Date (last write): 4/7/2009 8:15:54 PM
    Filesize: 82784
    Attributes: archive
    MD5: F24D277095D2B74FC97BA9BD35268EE8
    CRC32: B62D4AAB
    Version: 3.0.560.0

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 2/9/2011 4:31:20 PM
    Date (last access): 3/25/2011 1:13:46 AM
    Date (last write): 2/9/2011 4:31:20 PM
    Filesize: 41760
    Attributes: archive
    MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
    CRC32: A5ABF297
    Version: 6.0.240.7



    --- ActiveX list ---
    {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    DPF name:
    CLSID name: PCPitstop Utility
    Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
    Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    description: Gateway tools
    classification: Legitimate
    known filename: PCPITSTOP.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\Downloaded Program Files\
    Long name: PCPitstop.dll
    Short name: PCPITS~2.DLL
    Date (created): 11/16/2009 2:54:18 PM
    Date (last access): 11/16/2009 2:54:18 PM
    Date (last write): 11/16/2009 2:54:18 PM
    Filesize: 459480
    Attributes: archive
    MD5: D814967E656216F251E3F2C6070BCD63
    CRC32: 68C70C16
    Version: 1.0.0.211

    {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
    Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
    description:
    classification: Legitimate
    known filename: npdivx32.dll
    info link:
    info source: Safer Networking Ltd.

    {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
    DPF name:
    CLSID name: OnlineScanner Control
    Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
    Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
    Path: C:\PROGRA~2\ESET\ESETON~1\
    Long name: OnlineScanner.ocx
    Short name: ONLINE~1.OCX
    Date (created): 4/1/2011 12:45:04 PM
    Date (last access): 4/1/2011 12:45:04 PM
    Date (last write): 1/25/2011 4:09:22 PM
    Filesize: 3381024
    Attributes: archive
    MD5: B51BB6A174641FBDA164396FEF152151
    CRC32: 1B979B83
    Version: 1.0.0.6425

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/11/2009 12:37:28 AM
    Date (last access): 2/2/2075 9:42:20 PM
    Date (last write): 2/2/2011 9:40:28 PM
    Filesize: 112416
    Attributes: archive
    MD5: 8E66E95FCD0218767CC5953F7BA64D19
    CRC32: F9A66843
    Version: 6.0.240.7

    {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
    DPF name:
    CLSID name: diskhealth Class
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...iskMD3Ctrl.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: DiskMD3Ctrl.dll
    Short name: DISKMD~1.DLL
    Date (created): 10/28/2010 12:14:32 PM
    Date (last access): 10/28/2010 12:14:32 PM
    Date (last write): 10/28/2010 12:14:32 PM
    Filesize: 344216
    Attributes: archive
    MD5: A79B4C5306E5E5E98400232DCCEE4D34
    CRC32: 76B448AC
    Version: 1.0.0.23

    {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
    DPF name:
    CLSID name: PCMaticVer Class
    Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
    Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: PCMaticCtrl.dll
    Short name: PCMATI~1.DLL
    Date (created): 3/18/2010 1:21:20 PM
    Date (last access): 3/18/2010 1:21:20 PM
    Date (last write): 3/18/2010 1:21:20 PM
    Filesize: 91320
    Attributes: archive
    MD5: 038C8B41A21A9ACF0930F2B5978559EE
    CRC32: 1DF117B7
    Version: 1.0.0.8

    {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
    DPF name:
    CLSID name: PCPitstop AntiVirus
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...pAntiVirus.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: pcpitstopAntiVirus.dll
    Short name: PCPITS~4.DLL
    Date (created): 1/19/2010 8:40:20 PM
    Date (last access): 1/19/2010 8:40:20 PM
    Date (last write): 1/19/2010 8:40:22 PM
    Filesize: 197304
    Attributes: archive
    MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
    CRC32: 39CAE85A
    Version: 1.0.0.12

    {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
    DPF name:
    CLSID name: EPUImageControl Class
    Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
    Codebase: http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: EPUWALcontrol.dll
    Short name: EPUWAL~1.DLL
    Date (created): 2/4/2010 12:55:38 PM
    Date (last access): 2/4/2010 12:55:38 PM
    Date (last write): 2/4/2010 12:55:38 PM
    Filesize: 3171608
    Attributes: archive
    MD5: C7103946ED86FAC01E23C457EDD7F719
    CRC32: 65FF7081
    Version: 1.0.31.0

    {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/11/2009 12:37:28 AM
    Date (last access): 2/2/2075 9:42:20 PM
    Date (last write): 2/2/2011 9:40:28 PM
    Filesize: 112416
    Attributes: archive
    MD5: 8E66E95FCD0218767CC5953F7BA64D19
    CRC32: F9A66843
    Version: 6.0.240.7

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: npjpi160_24.dll
    Short name: NPJPI1~1.DLL
    Date (created): 2/2/2011 7:19:42 PM
    Date (last access): 2/2/2011 9:42:34 PM
    Date (last write): 2/2/2011 9:40:34 PM
    Filesize: 141088
    Attributes: archive
    MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
    CRC32: 64BB8CA2
    Version: 6.0.240.7

    {D27CDB6E-AE6D-11CF-96B8-444553635000} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
    DPF name:
    CLSID name: PCPitstop Exam
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...pcpitstop2.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: pcpitstop2.dll
    Short name: PCPITS~3.DLL
    Date (created): 6/9/2010 3:18:06 PM
    Date (last access): 6/9/2010 3:18:06 PM
    Date (last write): 6/9/2010 3:18:06 PM
    Filesize: 405176
    Attributes: archive
    MD5: 4A77B60A19B6179F0F9E88AD89E79F13
    CRC32: CC97C726
    Version: 1.0.0.37



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 4504 (5080) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    size: 320056
    MD5: 0771A5C3B78967F9F83C1C429334AD2A
    PID: 352 (5080) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    size: 476480
    MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
    PID: 1852 (5080) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    size: 842816
    MD5: 1D48CA37FAA59919C1138357ED67E14A
    PID: 4856 (5080) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
    PID: 2368 (5080) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
    PID: 3976 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    size: 939848
    MD5: A852BEC60713B0465DFB0E899FDADBC8
    PID: 4604 (4128) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
    size: 12995952
    MD5: 2A8AEFDE5BED57D232ECF9482336E139
    PID: 3488 (4128) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
    size: 44814336
    MD5: 8BBFFD6536EF589FC2D2820F6E377ABD
    PID: 6080 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 12116 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 11708 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 5880 (11708) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 11636 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 6940 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
    size: 130400
    MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
    PID: 13992 (4128) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 4 ( 0) System
    PID: 372 ( 4) smss.exe
    PID: 532 ( 524) csrss.exe
    PID: 608 ( 524) wininit.exe
    size: 96256
    PID: 632 ( 620) csrss.exe
    PID: 676 ( 608) services.exe
    PID: 692 ( 608) lsass.exe
    PID: 700 ( 608) lsm.exe
    PID: 804 ( 676) svchost.exe
    size: 20992
    PID: 868 ( 676) nvvsvc.exe
    PID: 908 ( 676) svchost.exe
    size: 20992
    PID: 972 ( 676) svchost.exe
    size: 20992
    PID: 1012 ( 676) svchost.exe
    size: 20992
    PID: 140 ( 676) svchost.exe
    size: 20992
    PID: 488 ( 676) stacsv64.exe
    PID: 1124 ( 676) svchost.exe
    size: 20992
    PID: 1176 ( 676) hpservice.exe
    PID: 1224 ( 676) vcsFPService.exe
    size: 1656112
    PID: 1284 ( 676) svchost.exe
    size: 20992
    PID: 1380 ( 620) winlogon.exe
    PID: 1412 ( 676) AAWService.exe
    PID: 1536 ( 676) spoolsv.exe
    PID: 1568 ( 676) DpHostW.exe
    PID: 1672 ( 676) svchost.exe
    size: 20992
    PID: 1780 ( 676) AESTSr64.exe
    PID: 1816 ( 676) AppleMobileDeviceService.exe
    PID: 1892 ( 868) nvvsvc.exe
    PID: 1036 ( 676) cronsvc.exe
    PID: 1184 ( 676) EngineServer.exe
    PID: 1612 ( 676) LSSrvc.exe
    PID: 1620 ( 676) lxcqcoms.exe
    size: 537520
    PID: 1728 ( 676) McSACore.exe
    PID: 2084 ( 676) McShield.exe
    PID: 2188 ( 676) MpfSrv.exe
    PID: 2496 ( 676) myAgtSvc.exe
    PID: 2588 ( 676) RichVideo.exe
    PID: 2648 ( 676) svchost.exe
    size: 20992
    PID: 2732 ( 676) TVCapSvc.exe
    PID: 2824 ( 676) SDWinSec.exe
    PID: 2684 ( 804) unsecapp.exe
    PID: 3124 ( 804) WmiPrvSE.exe
    PID: 3652 ( 676) svchost.exe
    size: 20992
    PID: 3856 (1012) WUDFHost.exe
    PID: 3756 ( 676) C:\Windows\System32\taskhost.exe
    PID: 2552 (1012) C:\Windows\System32\dwm.exe
    PID: 4104 ( 804) C:\Windows\System32\rundll32.exe
    size: 44544
    MD5: 51138BEEA3E2C21EC44D0932C71762A8
    PID: 4128 (1960) C:\Windows\explorer.exe
    size: 2870272
    MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
    PID: 4276 ( 676) svchost.exe
    size: 20992
    PID: 5104 (4128) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 2096424
    MD5: 26D207379AF9B717538D1F7E2D9A58CB
    PID: 5064 (4128) C:\Program Files\IDT\WDM\sttray64.exe
    size: 450048
    MD5: 7A2C26459B599A2D6D5401F73ACA1981
    PID: 5076 (4128) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 171520
    MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
    PID: 5000 (4128) C:\Windows\WindowsMobile\wmdc.exe
    size: 660360
    MD5: 233A10D4B3F6897899112E4EC60F1906
    PID: 4552 (5104) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    size: 121128
    MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
    PID: 5052 ( 676) svchost.exe
    size: 20992
    PID: 4176 ( 676) SearchIndexer.exe
    size: 428032
    PID: 4464 (1852) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    size: 163392
    MD5: 4ACF5383E778D14C7ECB60534AE7358D
    PID: 4220 ( 676) hpqWmiEx.exe
    PID: 5080 ( 676) Com4QLBEx.exe
    PID: 4232 ( 676) iPodService.exe
    PID: 1552 ( 676) HPHC_Service.exe
    PID: 2360 ( 676) wmpnetwk.exe
    PID: 5628 ( 804) C:\Windows\ehome\ehmsas.exe
    size: 48640
    MD5: 0857BF4842D85BC7FEA8DA6A24CC7921
    PID: 6132 ( 676) ehrecvr.exe
    PID: 5992 ( 676) FNPLicensingService.exe
    PID: 6552 (3488) C:\Windows\splwow64.exe
    size: 61952
    MD5: 88454E4E3D0DC64E9FBC5E9D1BDBA771
    PID: 6620 ( 804) C:\Windows\System32\dllhost.exe
    size: 7168
    MD5: A63DC5C2EA944E6657203E0C8EDEAF61
    PID: 10160 ( 140) taskeng.exe
    size: 192000
    PID: 13260 ( 972) audiodg.exe


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 4/3/2011 4:35:41 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\SysWOW64\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 2: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 3: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 4: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 5: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 6: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

  8. #18
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Please re-run Spybot after a reboot. Post back about findings.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #19
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    I restarted and ran Spybot.. No threats were found.. I restarted the computer and ran Spybot again - and it once again found Click.Giftload

    This thing just doesn't seem to go away.

    Any other suggestions? Is it this hard to remove in other people's computers too?

    Regardless, thanks for all the effort. It looks like I may have to live with this thing.

  10. #20
    Junior Member
    Join Date
    Mar 2011
    Posts
    25

    Default

    Here is the most recent Spybot report..
    Even though I "Fixed Selected Problems" after a restart and another Spybot scan the following were found:
    Click.GiftLoad, DoubleClick and Right Media



    --- Search result list ---
    Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, nothing done)
    HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1

    DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)


    Right Media: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-12-21 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2011-03-18 Includes\Adware.sbi (*)
    2011-03-22 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-03-08 Includes\DialerC.sbi (*)
    2011-02-24 Includes\HeavyDuty.sbi (*)
    2011-03-29 Includes\Hijackers.sbi (*)
    2011-03-29 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2010-12-14 Includes\Keyloggers.sbi (*)
    2011-03-08 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2011-03-29 Includes\Malware.sbi (*)
    2011-03-29 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2011-03-15 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2009-01-13 Includes\Security.sbi (*)
    2011-03-08 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2011-02-24 Includes\Spyware.sbi (*)
    2011-03-15 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2010-12-28 Includes\Trojans.sbi (*)
    2011-03-25 Includes\TrojansC-02.sbi (*)
    2011-03-29 Includes\TrojansC-03.sbi (*)
    2011-03-08 Includes\TrojansC-04.sbi (*)
    2011-03-29 Includes\TrojansC-05.sbi (*)
    2011-03-08 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll



    --- System information ---
    Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
    / MSXML4SP2: Security update for MSXML4 SP2 (KB973688)


    --- Startup entries list ---
    Located: HK_LM:Run, Adobe ARM
    command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    size: 932288
    MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

    Located: HK_LM:Run, Adobe Reader Speed Launcher
    command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
    size: 35736
    MD5: 8A6683AC1DAFA824615BB3857EF8C709

    Located: HK_LM:Run, DpAgent
    command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
    size: 842816
    MD5: 1D48CA37FAA59919C1138357ED67E14A

    Located: HK_LM:Run, HPCam_Menu
    command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
    file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
    size: 218408
    MD5: CD1E74BC24CB1D1544406741F46F4D61

    Located: HK_LM:Run, iTunesHelper
    command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03

    Located: HK_LM:Run, MVS Splash
    command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
    file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    size: 476480
    MD5: D4CC3CF516A3D721AC6EFFCC69DD3247

    Located: HK_LM:Run, QlbCtrl.exe
    command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
    size: 320056
    MD5: 0771A5C3B78967F9F83C1C429334AD2A

    Located: HK_LM:Run, SunJavaUpdateSched
    command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3

    Located: HK_LM:Run, UpdatePRCShortCut
    command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
    size: 222504
    MD5: 4EFCDF3DB1BBA69C09622991280C4ACB



    --- Browser helper object list ---
    {18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: AcroIEHelperStub
    CLSID name: Adobe PDF Link Helper
    Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
    Long name: AcroIEHelperShim.dll
    Short name: ACROIE~2.DLL
    Date (created): 1/30/2011 11:45:14 AM
    Date (last access): 4/1/2011 12:40:04 PM
    Date (last write): 1/30/2011 11:45:14 AM
    Filesize: 62376
    Attributes: archive
    MD5: F31208835709A62ECC5D45211D89C772
    CRC32: 7859C01E
    Version: 10.0.1.434

    {395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: DigitalPersona Personal Extension
    CLSID name: DigitalPersona Personal Extension
    Path: C:\Program Files (x86)\DigitalPersona\Bin\
    Long name: DpOtsPluginIe8.dll
    Short name: DPOTSP~1.DLL
    Date (created): 12/1/2009 1:37:48 PM
    Date (last access): 10/12/2010 9:47:12 PM
    Date (last write): 12/1/2009 1:37:48 PM
    Filesize: 1256512
    Attributes: archive
    MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
    CRC32: 8E02630C
    Version: 5.0.0.3790

    {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Spybot-S&D IE Protection
    description: Spybot-S&D IE Browser plugin
    classification: Legitimate
    known filename: SDhelper.dll
    info link: http://spybot.eon.net.au/
    info source: Patrick M. Kolla
    Path: C:\Program Files (x86)\Spybot - Search & Destroy\
    Long name: SDHelper.dll
    Short name:
    Date (created): 12/21/2009 11:09:06 PM
    Date (last access): 12/21/2009 11:09:06 PM
    Date (last write): 1/26/2009 4:31:02 PM
    Filesize: 1879896
    Attributes: archive
    MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
    CRC32: 5BA24007
    Version: 1.6.2.14

    {7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: scriptproxy
    CLSID name: scriptproxy
    Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
    Long name: ScriptSn.20100802144004.dll
    Short name: SCRIPT~1.DLL
    Date (created): 8/2/2010 2:40:06 PM
    Date (last access): 8/2/2010 2:40:06 PM
    Date (last write): 12/15/2009 3:25:50 PM
    Filesize: 62784
    Attributes: archive
    MD5: 9421AB13002A83C0629B96BE06139241
    CRC32: E417E975
    Version: 14.0.0.438

    {9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Windows Live Sign-in Helper
    Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
    Long name: WindowsLiveLogin.dll
    Short name: WINDOW~1.DLL
    Date (created): 1/22/2009 6:41:30 PM
    Date (last access): 8/15/2009 5:20:04 AM
    Date (last write): 1/22/2009 6:41:30 PM
    Filesize: 408448
    Attributes: archive
    MD5: B7899C3E21B299D7A3C0DA96CAE340BD
    CRC32: 288935F8
    Version: 5.0.818.5

    {B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: McAfee SiteAdvisor BHO
    Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
    Long name: McIEPlg.dll
    Short name:
    Date (created): 12/16/2009 8:31:00 PM
    Date (last access): 4/12/2010 10:10:44 AM
    Date (last write): 12/16/2009 8:31:00 PM
    Filesize: 116032
    Attributes: archive
    MD5: 62A9C0FF5A7231E9A7D6490C31411515
    CRC32: 6A52AE99
    Version: 3.0.0.539

    {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name: NitroPDFBHO Class
    CLSID name:

    {d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Microsoft Live Search Toolbar Helper
    Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
    Long name: msneshellx.dll
    Short name: MSNESH~1.DLL
    Date (created): 4/7/2009 8:15:54 PM
    Date (last access): 8/15/2009 8:12:22 AM
    Date (last write): 4/7/2009 8:15:54 PM
    Filesize: 82784
    Attributes: archive
    MD5: F24D277095D2B74FC97BA9BD35268EE8
    CRC32: B62D4AAB
    Version: 3.0.560.0

    {DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
    location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
    BHO name:
    CLSID name: Java(tm) Plug-In 2 SSV Helper
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2ssv.dll
    Short name:
    Date (created): 2/9/2011 4:31:20 PM
    Date (last access): 3/25/2011 1:13:46 AM
    Date (last write): 2/9/2011 4:31:20 PM
    Filesize: 41760
    Attributes: archive
    MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
    CRC32: A5ABF297
    Version: 6.0.240.7



    --- ActiveX list ---
    {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
    DPF name:
    CLSID name: PCPitstop Utility
    Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
    Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    description: Gateway tools
    classification: Legitimate
    known filename: PCPITSTOP.DLL
    info link:
    info source: Patrick M. Kolla
    Path: C:\Windows\Downloaded Program Files\
    Long name: PCPitstop.dll
    Short name: PCPITS~2.DLL
    Date (created): 11/16/2009 2:54:18 PM
    Date (last access): 11/16/2009 2:54:18 PM
    Date (last write): 11/16/2009 2:54:18 PM
    Filesize: 459480
    Attributes: archive
    MD5: D814967E656216F251E3F2C6070BCD63
    CRC32: 68C70C16
    Version: 1.0.0.211

    {67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
    Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
    description:
    classification: Legitimate
    known filename: npdivx32.dll
    info link:
    info source: Safer Networking Ltd.

    {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
    DPF name:
    CLSID name: OnlineScanner Control
    Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
    Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
    Path: C:\PROGRA~2\ESET\ESETON~1\
    Long name: OnlineScanner.ocx
    Short name: ONLINE~1.OCX
    Date (created): 4/1/2011 12:45:04 PM
    Date (last access): 4/1/2011 12:45:04 PM
    Date (last write): 1/25/2011 4:09:22 PM
    Filesize: 3381024
    Attributes: archive
    MD5: B51BB6A174641FBDA164396FEF152151
    CRC32: 1B979B83
    Version: 1.0.0.6425

    {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
    info link:
    info source: Patrick M. Kolla
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/11/2009 12:37:28 AM
    Date (last access): 2/2/2075 9:42:20 PM
    Date (last write): 2/2/2011 9:40:28 PM
    Filesize: 112416
    Attributes: archive
    MD5: 8E66E95FCD0218767CC5953F7BA64D19
    CRC32: F9A66843
    Version: 6.0.240.7

    {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
    DPF name:
    CLSID name: diskhealth Class
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...iskMD3Ctrl.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: DiskMD3Ctrl.dll
    Short name: DISKMD~1.DLL
    Date (created): 10/28/2010 12:14:32 PM
    Date (last access): 10/28/2010 12:14:32 PM
    Date (last write): 10/28/2010 12:14:32 PM
    Filesize: 344216
    Attributes: archive
    MD5: A79B4C5306E5E5E98400232DCCEE4D34
    CRC32: 76B448AC
    Version: 1.0.0.23

    {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
    DPF name:
    CLSID name: PCMaticVer Class
    Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
    Codebase: http://utilities.pcpitstop.com/Nirva...ls/pcmatic.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: PCMaticCtrl.dll
    Short name: PCMATI~1.DLL
    Date (created): 3/18/2010 1:21:20 PM
    Date (last access): 3/18/2010 1:21:20 PM
    Date (last write): 3/18/2010 1:21:20 PM
    Filesize: 91320
    Attributes: archive
    MD5: 038C8B41A21A9ACF0930F2B5978559EE
    CRC32: 1DF117B7
    Version: 1.0.0.8

    {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
    DPF name:
    CLSID name: PCPitstop AntiVirus
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...pAntiVirus.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: pcpitstopAntiVirus.dll
    Short name: PCPITS~4.DLL
    Date (created): 1/19/2010 8:40:20 PM
    Date (last access): 1/19/2010 8:40:20 PM
    Date (last write): 1/19/2010 8:40:22 PM
    Filesize: 197304
    Attributes: archive
    MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
    CRC32: 39CAE85A
    Version: 1.0.0.12

    {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
    DPF name:
    CLSID name: EPUImageControl Class
    Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
    Codebase: http://tools.ebayimg.com/eps/wl/acti..._v1-0-31-0.cab
    Path: C:\Windows\Downloaded Program Files\
    Long name: EPUWALcontrol.dll
    Short name: EPUWAL~1.DLL
    Date (created): 2/4/2010 12:55:38 PM
    Date (last access): 2/4/2010 12:55:38 PM
    Date (last write): 2/4/2010 12:55:38 PM
    Filesize: 3171608
    Attributes: archive
    MD5: C7103946ED86FAC01E23C457EDD7F719
    CRC32: 65FF7081
    Version: 1.0.31.0

    {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: jp2iexp.dll
    Short name:
    Date (created): 12/11/2009 12:37:28 AM
    Date (last access): 2/2/2075 9:42:20 PM
    Date (last write): 2/2/2011 9:40:28 PM
    Filesize: 112416
    Attributes: archive
    MD5: 8E66E95FCD0218767CC5953F7BA64D19
    CRC32: F9A66843
    Version: 6.0.240.7

    {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
    DPF name: Java Runtime Environment 1.6.0
    CLSID name: Java Plug-in 1.6.0_24
    Installer:
    Codebase: http://java.sun.com/update/1.6.0/jin...ndows-i586.cab
    description:
    classification: Legitimate
    known filename: npjpi150_06.dll
    info link:
    info source: Safer Networking Ltd.
    Path: C:\Program Files (x86)\Java\jre6\bin\
    Long name: npjpi160_24.dll
    Short name: NPJPI1~1.DLL
    Date (created): 2/2/2011 7:19:42 PM
    Date (last access): 2/2/2011 9:42:34 PM
    Date (last write): 2/2/2011 9:40:34 PM
    Filesize: 141088
    Attributes: archive
    MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
    CRC32: 64BB8CA2
    Version: 6.0.240.7

    {D27CDB6E-AE6D-11CF-96B8-444553635000} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\swflash.inf
    Codebase: http://fpdownload2.macromedia.com/ge...sh/swflash.cab

    {E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
    DPF name:
    CLSID name:
    Installer: C:\Windows\Downloaded Program Files\gp.inf
    Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
    DPF name:
    CLSID name: PCPitstop Exam
    Installer:
    Codebase: http://utilities.pcpitstop.com/Nirva...pcpitstop2.dll
    Path: C:\Windows\Downloaded Program Files\
    Long name: pcpitstop2.dll
    Short name: PCPITS~3.DLL
    Date (created): 6/9/2010 3:18:06 PM
    Date (last access): 6/9/2010 3:18:06 PM
    Date (last write): 6/9/2010 3:18:06 PM
    Filesize: 405176
    Attributes: archive
    MD5: 4A77B60A19B6179F0F9E88AD89E79F13
    CRC32: CC97C726
    Version: 1.0.0.37



    --- Process list ---
    PID: 0 ( 0) [System]
    PID: 4632 (4500) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    size: 320056
    MD5: 0771A5C3B78967F9F83C1C429334AD2A
    PID: 4724 (4500) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
    size: 476480
    MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
    PID: 4744 (4500) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
    size: 842816
    MD5: 1D48CA37FAA59919C1138357ED67E14A
    PID: 4768 (4500) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    size: 421160
    MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
    PID: 4784 (4500) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    size: 249064
    MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
    PID: 620 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
    size: 939848
    MD5: A852BEC60713B0465DFB0E899FDADBC8
    PID: 1404 (1956) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
    size: 5365592
    MD5: 0477C2F9171599CA5BC3307FDFBA8D89
    PID: 5088 (1956) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
    size: 963976
    MD5: 4CEC4B72C5B255EC2F7C54CD03554540
    PID: 5032 (1956) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 2356 (5032) C:\Program Files (x86)\Internet Explorer\iexplore.exe
    size: 748336
    MD5: 904E13BA41AF2E353A32CF351CA53639
    PID: 4380 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
    size: 130400
    MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
    PID: 4 ( 0) System
    PID: 372 ( 4) smss.exe
    PID: 532 ( 520) csrss.exe
    PID: 608 ( 520) wininit.exe
    size: 96256
    PID: 632 ( 620) csrss.exe
    PID: 668 ( 608) services.exe
    PID: 688 ( 608) lsass.exe
    PID: 696 ( 608) lsm.exe
    PID: 804 ( 668) svchost.exe
    size: 20992
    PID: 868 ( 668) nvvsvc.exe
    PID: 908 ( 668) svchost.exe
    size: 20992
    PID: 980 ( 668) svchost.exe
    size: 20992
    PID: 1012 ( 668) svchost.exe
    size: 20992
    PID: 340 ( 668) svchost.exe
    size: 20992
    PID: 488 ( 668) stacsv64.exe
    PID: 1136 ( 668) svchost.exe
    size: 20992
    PID: 1180 ( 668) hpservice.exe
    PID: 1228 ( 668) vcsFPService.exe
    size: 1656112
    PID: 1284 ( 668) svchost.exe
    size: 20992
    PID: 1376 ( 620) winlogon.exe
    PID: 1412 ( 668) AAWService.exe
    PID: 1556 ( 668) spoolsv.exe
    PID: 1592 ( 668) DpHostW.exe
    PID: 1664 ( 668) svchost.exe
    size: 20992
    PID: 1752 ( 668) AESTSr64.exe
    PID: 1792 ( 668) AppleMobileDeviceService.exe
    PID: 1864 ( 868) nvvsvc.exe
    PID: 1996 ( 668) mDNSResponder.exe
    PID: 2020 ( 668) cronsvc.exe
    PID: 1068 ( 668) EngineServer.exe
    PID: 1212 ( 668) LSSrvc.exe
    PID: 1700 ( 668) lxcqcoms.exe
    size: 537520
    PID: 360 ( 668) McSACore.exe
    PID: 2072 ( 668) McShield.exe
    PID: 2156 ( 668) MpfSrv.exe
    PID: 2524 ( 668) myAgtSvc.exe
    PID: 2616 ( 668) RichVideo.exe
    PID: 2676 ( 668) svchost.exe
    size: 20992
    PID: 2780 ( 668) TVCapSvc.exe
    PID: 2896 ( 668) SDWinSec.exe
    size: 1153368
    MD5: 794D4B48DFB6E999537C7C3947863463
    PID: 2436 ( 804) unsecapp.exe
    PID: 3140 ( 804) WmiPrvSE.exe
    PID: 3980 ( 668) svchost.exe
    size: 20992
    PID: 3380 (1012) WUDFHost.exe
    PID: 4040 ( 668) C:\Windows\System32\taskhost.exe
    PID: 3700 (1012) C:\Windows\System32\dwm.exe
    PID: 1956 (3240) C:\Windows\explorer.exe
    size: 2870272
    MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
    PID: 4216 ( 668) svchost.exe
    size: 20992
    PID: 4400 (1956) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    size: 2096424
    MD5: 26D207379AF9B717538D1F7E2D9A58CB
    PID: 4436 (1956) C:\Program Files\IDT\WDM\sttray64.exe
    size: 450048
    MD5: 7A2C26459B599A2D6D5401F73ACA1981
    PID: 4476 (1956) C:\Program Files\Java\jre6\bin\jusched.exe
    size: 171520
    MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
    PID: 4492 (1956) C:\Windows\WindowsMobile\wmdc.exe
    size: 660360
    MD5: 233A10D4B3F6897899112E4EC60F1906
    PID: 4540 ( 668) svchost.exe
    size: 20992
    PID: 4676 (4400) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    size: 121128
    MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
    PID: 4924 (4744) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    size: 163392
    MD5: 4ACF5383E778D14C7ECB60534AE7358D
    PID: 4180 ( 668) hpqWmiEx.exe
    PID: 4816 ( 668) Com4QLBEx.exe
    PID: 4868 ( 668) SearchIndexer.exe
    size: 428032
    PID: 1644 ( 668) iPodService.exe
    PID: 4344 ( 668) HPHC_Service.exe
    PID: 4988 ( 668) wmpnetwk.exe
    PID: 3648 ( 980) audiodg.exe
    PID: 4960 (4868) C:\Windows\System32\SearchProtocolHost.exe
    size: 164352
    MD5: 89ED7C028A487340B7D93D5A38FDCB54
    PID: 4468 (4868) C:\Windows\System32\SearchFilterHost.exe
    size: 86528
    MD5: 8A674F9AB20B4937357BF6F5A0938EBF


    --- Browser start & search pages list ---
    Spybot - Search & Destroy browser pages report, 4/4/2011 12:22:22 PM

    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
    http://www.microsoft.com/isapi/redir...ie&ar=iesearch
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
    http://www.yahoo.com/
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
    C:\Windows\SysWOW64\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
    http://ie.redirect.hp.com/svs/rdr?TY...vilion&pf=cnnb
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
    http://go.microsoft.com/fwlink/?LinkId=69157
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
    http://go.microsoft.com/fwlink/?LinkId=54896
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
    http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm


    --- Winsock Layered Service Provider list ---
    Protocol 0: MSAFD Tcpip [TCP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 1: MSAFD Tcpip [UDP/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 2: MSAFD Tcpip [RAW/IP]
    GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IP protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 3: MSAFD Tcpip [TCP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 4: MSAFD Tcpip [UDP/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 5: MSAFD Tcpip [RAW/IPv6]
    GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP IPv6 protocol
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: MSAFD Tcpip[*]

    Protocol 6: RSVP TCPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 7: RSVP TCP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 8: RSVP UDPv6 Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Protocol 9: RSVP UDP Service Provider
    GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
    Filename: %SystemRoot%\system32\mswsock.dll
    Description: Microsoft Windows NT/2k/XP RVSP
    DB filename: %SystemRoot%\system32\rsvpsp.dll
    DB protocol: RSVP * Service Provider

    Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
    GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
    Filename:
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: NLA-Namespace

    Namespace Provider 1: Tcpip
    GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
    Filename:
    Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
    DB filename: %SystemRoot%\system32\mswsock.dll
    DB protocol: TCP/IP

    Namespace Provider 2: NTDS
    GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
    Filename: %SystemRoot%\System32\winrnr.dll
    Description: Microsoft Windows NT/2k/XP name space provider
    DB filename: %SystemRoot%\system32\winrnr.dll
    DB protocol: NTDS

    Namespace Provider 3: E-mail Naming Shim Provider
    GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
    Filename:

    Namespace Provider 4: PNRP Cloud Namespace Provider
    GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 5: PNRP Name Namespace Provider
    GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
    Filename:

    Namespace Provider 6: mdnsNSP
    GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
    Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
    Description: Apple Rendezvous protocol
    DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
    DB protocol: mdnsNSP

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •