View Full Version : click.GiftLoad Removal
Hello
I'm unable to remove click.giftload and was hoping you might be able to help me remove it.
I ran OTL as Admin
I will post the otl.txt and extras.txt info into two seperate posts below.
Thanks in advance for your help!
John
extras.txt in zipped file attached.
Hi,
If help still needed please run DDS as instructed in our BEFORE you POST (READ this Procedure BEFORE Requesting Assistance) (http://forums.spybot.info/showthread.php?t=288) topic and copy-paste contents of those logs back here :)
OK thank you much for your help.
Below is the DDS.txt information....
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by John at 12:25:08.85 on Thu 03/31/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1548 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcqcoms.exe
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\splwow64.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TK03GY23\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [OwelyQt] C:/Program Files (x86)/Owely/Owely.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
uPolicies-system: WallpaperStyle = 2
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
LSA: Notification Packages = scecli DPPWDFLT
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
FF - component: C:\Program Files (x86)\DigitalPersona\Bin\firefoxext\components\dpffcli.dll
FF - component: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\components\McFFPlg.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-7-24 275840]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2011-3-24 17152]
R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17:12 -------- d-----w- C:\Prey
2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
.
==================== Find3M ====================
.
2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-02-09 19:24:08 72080 ----a-w- C:\Users\John\g2mdlhlpx.exe
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 12:26:31.28 ===============
Hi,
Download aswMBR (http://public.avast.com/~gmerek/aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it.
Click the "Scan" button to start scan
On completion of the scan click save log, save it to your desktop and post in your next reply.
Hi
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.
Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
OK below is the ComboFix log file... And the new DDS.txt pasted below..
I think I'm now clean (thanks to your help). I ran Spybot Search & Destroy and click.GiftLoad was not found.
Please let me know if you see anything that doesnt look right.
And thank you for helping with this! I sincerely appreciate your time and effort :)
ComboFix 11-03-30.02 - John 03/31/2011 14:28:34.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2316 [GMT -4:00]
Running from: c:\users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SIZ6K3MZ\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Downloaded Installers
c:\program files (x86)\Downloaded Installers\{DAFFF734-CAF9-4CBE-A6BE-C2E792058D04}\setup.msi
c:\programdata\ntuser.dat
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\John\g2mdlhlpx.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-31 )))))))))))))))))))))))))))))))
.
.
2011-03-31 18:42 . 2011-03-31 18:42 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-03-31 18:42 . 2011-03-31 18:42 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
2011-03-28 18:41 . 2011-03-29 20:44 -------- d-----w- c:\users\John\AppData\Local\Adobe
2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-03-14 04:20 . 2011-03-31 18:45 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\users\John\AppData\Local\Sunbelt Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 04:00 . 2011-02-09 16:34 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OwelyQt"="C:" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF26184.cfxxe" [X]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [N/A]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-MVS - c:\progra~2\McAfee\MANAGE~1\Agent\myinx
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\progra~2\McAfee\MANAGE~1\VScan\McShield.exe
c:\program files (x86)\McAfee\MPF\MPFSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Completion time: 2011-03-31 15:00:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-31 19:00
.
Pre-Run: 168,521,539,584 bytes free
Post-Run: 167,967,281,152 bytes free
.
- - End Of File - - 8D29FB6FDC25D88EBA60A5B7ED267DF6
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by John at 15:28:47.07 on Thu 03/31/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2032 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcqcoms.exe
C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe
C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\X53JYIGV\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [OwelyQt] C:/Program Files (x86)/Owely/Owely.exe
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\John\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-7-24 275840]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2009-7-13 1924400]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-4-13 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-03-31 18:46:07 -------- d-----w- C:\$RECYCLE.BIN
2011-03-31 18:24:22 98816 ----a-w- C:\Windows\sed.exe
2011-03-31 18:24:22 89088 ----a-w- C:\Windows\MBR.exe
2011-03-31 18:24:22 256512 ----a-w- C:\Windows\PEV.exe
2011-03-31 18:24:22 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17:12 -------- d-----w- C:\Prey
2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
.
==================== Find3M ====================
.
2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:29:32.64 ===============
Spoke too soon.. Click.GiftLoad was just found by Search & Destroy.. Looks like ComboFix was not able to get rid of it?
Good. A few more things to do.
Open notepad and copy/paste the text in the quotebox below into it:
DDS::
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OwelyQt"=-
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).
* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checkmarked.
Click Scan
Wait for the scan to finish.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
Ok I scanned with ESET but there was no report at the end.. After two hours of scanning it completed it's scan and noted "no threats found"
Below is the ComboFix log after I dragged the .txt file you had me made into it's icon on my desktop... And below it I've pasted the fresh DDS log...
ComboFix 11-03-30.03 - John 04/01/2011 12:05:18.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2331 [GMT -4:00]
Running from: c:\users\John\Downloads\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((( Files Created from 2011-03-01 to 2011-04-01 )))))))))))))))))))))))))))))))
.
.
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-01 16:10 . 2011-04-01 16:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
2011-03-28 18:41 . 2011-03-29 20:44 -------- d-----w- c:\users\John\AppData\Local\Adobe
2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-03-14 04:20 . 2011-04-01 16:02 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
2011-03-03 03:53 . 2011-03-03 03:53 -------- d-----w- c:\users\John\AppData\Local\Sunbelt Software
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-01-05 04:00 . 2011-02-09 16:34 3127808 ----a-w- c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_18.46.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-01 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-15 09:17 . 2011-03-31 21:19 54924 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-03-31 21:20 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-10 19:21 . 2011-03-31 21:20 16850 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413551326-45703177-197955308-1000_UserData.bin
- 2009-11-02 08:28 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-02 08:28 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-02 08:28 . 2011-03-25 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-02 08:28 . 2011-03-31 21:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-31 21:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-03-31 21:18 . 2011-03-31 21:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-14 01:16 . 2011-04-01 14:03 355622 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2011-03-31 20:51 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-03-31 18:44 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:34 . 2011-04-01 14:23 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-03-31 15:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-12-12 01:55 . 2011-03-31 18:44 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
+ 2009-12-12 01:55 . 2011-03-31 20:51 10679368 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
2011-04-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-01 12:14:49
ComboFix-quarantined-files.txt 2011-04-01 16:14
ComboFix2.txt 2011-03-31 19:01
.
Pre-Run: 168,438,026,240 bytes free
Post-Run: 168,221,753,344 bytes free
.
- - End Of File - - 4F2A897B73DC9BB124AEF23FC0BD0F89
.
DDS (Ver_11-03-05.01) - NTFS_AMD64
Run by John at 15:15:32.18 on Fri 04/01/2011
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.1554 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee® Total Protection™ Service *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Prey\platform\windows\cronsvc.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcqcoms.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DigitalPersona\Bin\DPAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehRecvr.exe
C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\John\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FBEI1C0P\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DigitalPersona Personal Extension: {395610ae-c624-4f58-b89e-23733ea00f9a} - C:\Program Files (x86)\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\ScriptSn.20100802144004.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
BHO: NitroPDFBHO Class: {cf070cb8-f02f-4af4-a7b7-8d45cad4bb54} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
mRun: [HPCam_Menu] "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [MVS Splash] "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRunOnce: [Uninstall Adobe Download Manager] "C:\Program Files (x86)\NOS\bin\getPlusUninst_Adobe.exe" /Get1noarp
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
dPolicies-system: WallpaperStyle = 2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://C:\Program Files (x86)\Nitro PDF\PDF Download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {96538116-AB8C-4879-9F21-BD2BFE22A414} - {DC6169B9-3397-4D01-8639-07F1A34BAF99}
IE: {AD9E6088-E00B-42f9-9F0C-8480525D234E} - {FF5073C0-28A0-4223-9BDF-59FF020FE77C} - C:\Program Files (x86)\Nitro PDF\PDF Download\NitroPDF.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553635000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\MyRmProt5.0.0.811.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McIEPlg.dll
Name-Space Handler: ftp\* - {419A0123-4312-1122-A0C0-434FDA6DA542} - C:\Program Files (x86)\CoreFTP\pftpns.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: DigitalPersona Personal Extension: {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
BHO-X64: DigitalPersona Personal Extension - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\PROGRA~2\McAfee\MANAGE~1\VScan64\SCRIPT~1.DLL
BHO-X64: scriptproxy - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
mRun-x64: [LXCQCATS] rundll32 C:\Windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll,RunDLLEntry
mRun-x64: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\System32\drivers\Lbd.sys [2011-3-25 69376]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-3-24 55024]
R1 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-8-6 308296]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48:07];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-11-2 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-11-2 89600]
R2 CronService;Cron Service for Prey;C:\Prey\platform\windows\cronsvc.exe [2011-2-15 19968]
R2 EngineServer;EngineServer;C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-10 14144]
R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2009-7-8 30520]
R2 lxcq_device;lxcq_device;C:\Windows\system32\lxcqcoms.exe -service --> C:\Windows\system32\lxcqcoms.exe -service [?]
R2 McShield;McShield;C:\PROGRA~2\McAfee\MANAGE~1\VScan\McShield.exe [2009-12-10 144704]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2009-12-10 282824]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-12-21 1153368]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;C:\Windows\System32\drivers\AVerBDA716x_x64.sys [2009-11-2 1354880]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-15 228408]
R3 easytether;easytether;C:\Windows\System32\drivers\easytthr.sys [2010-12-16 21072]
R3 enecir;ENE CIR Receiver;C:\Windows\System32\drivers\enecir.sys [2009-6-29 70656]
R3 JMCR;JMCR;C:\Windows\System32\drivers\jmcr.sys [2009-7-20 140712]
R3 MfeAVFK;McAfee Inc. MfeAVFK;C:\Windows\System32\drivers\mfeavfk.sys [2009-8-6 102472]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2009-6-26 83488]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-21 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-3-24 1405384]
S2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-16 222528]
S3 MfeRKDk;McAfee Inc. MfeRKDk;C:\Windows\System32\drivers\mferkdk.sys [2009-8-6 40904]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\NETw5v64.sys [2009-11-2 5435904]
S3 RoxMediaDB11;RoxMediaDB11;C:\Program Files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-5-20 1128944]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2011-04-01 19:12:56 -------- d-sh--w- C:\$RECYCLE.BIN
2011-04-01 16:45:01 -------- d-----w- C:\Program Files (x86)\ESET
2011-04-01 16:36:46 32592 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\np_gp.dll
2011-03-31 18:24:22 98816 ----a-w- C:\Windows\sed.exe
2011-03-31 18:24:22 89088 ----a-w- C:\Windows\MBR.exe
2011-03-31 18:24:22 256512 ----a-w- C:\Windows\PEV.exe
2011-03-31 18:24:22 161792 ----a-w- C:\Windows\SWREG.exe
2011-03-31 03:06:25 -------- d-----w- C:\Users\John\AppData\Local\Apple
2011-03-28 18:41:55 -------- d-----w- C:\Users\John\AppData\Local\Adobe
2011-03-25 16:49:57 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2011-03-25 05:14:53 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-03-25 05:14:53 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:03:32 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2011-03-25 05:01:41 -------- dc-h--w- C:\PROGRA~3\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01:30 -------- d-----w- C:\Program Files (x86)\Lavasoft
2011-03-23 18:47:38 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47:37 781272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47:37 728024 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47:37 719832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47:37 1874904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47:37 16856 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47:37 15832 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47:37 142296 ----a-w- C:\Program Files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47:36 1975768 ----a-w- C:\Program Files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 18:47:36 1893336 ----a-w- C:\Program Files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 17:39:05 -------- d-----w- C:\Users\John\AppData\Roaming\TheSage
2011-03-23 15:30:09 982912 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2011-03-23 15:06:30 -------- d-----w- C:\Program Files (x86)\Owely
2011-03-23 14:52:21 -------- d-----w- C:\Users\John\AppData\Roaming\avidemux
2011-03-23 14:52:03 -------- d-----w- C:\Program Files (x86)\Avidemux 2.5
2011-03-14 04:20:46 29 ----a-w- C:\Windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17:12 -------- d-----w- C:\Prey
2011-03-14 02:33:48 -------- d-----w- C:\Program Files (x86)\Pure Motion
2011-03-14 02:33:47 -------- d-----w- C:\Program Files (x86)\Sonic Foundry
2011-03-14 02:33:30 -------- d-----w- C:\Program Files (x86)\DebugMode
2011-03-10 06:18:32 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-03-10 06:18:32 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-03-10 06:18:29 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-03-10 06:18:24 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-03-10 06:18:22 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-03-10 06:18:19 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-03-10 06:18:14 850432 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-03-10 06:18:12 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-03-10 06:16:11 1034240 ----a-w- C:\Windows\SysWow64\mstsc.exe
2011-03-10 06:16:10 1097216 ----a-w- C:\Windows\System32\mstsc.exe
2011-03-10 06:16:09 2690560 ----a-w- C:\Windows\SysWow64\mstscax.dll
2011-03-10 06:16:07 3138048 ----a-w- C:\Windows\System32\mstscax.dll
2011-03-10 03:55:06 -------- d-----w- C:\Program Files\iPod
2011-03-10 03:55:03 -------- d-----w- C:\Program Files\iTunes
2011-03-10 03:55:03 -------- d-----w- C:\Program Files (x86)\iTunes
2011-03-03 03:53:13 -------- d-----w- C:\Users\John\AppData\Local\Sunbelt Software
.
==================== Find3M ====================
.
2011-03-23 15:30:10 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-01-07 08:06:50 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-01-07 07:27:11 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-01-07 05:49:20 366080 ----a-w- C:\Windows\System32\atmfd.dll
2011-01-07 05:33:11 294400 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-01-05 04:00:16 3127808 ----a-w- C:\Windows\System32\win32k.sys
.
============= FINISH: 15:16:55.56 ===============
Hi,
1. Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and extract its contents into a folder in desired location (i.e. c:\tdsskiller).
2. Execute the file TDSSKiller.exe.
3. Click Start Scan. If threats are found, select cure and click Continue (tool may prompt for a reboot).
4. Post back contents of log file in c: drive root (name should be in UtilityName.Version_Date_Time_log.txt format)
OK I scanned with TDSSKiller but no threats were found. Below is the log file info..
2011/04/02 14:28:30.0019 4272 TDSS rootkit removing tool 2.4.21.0 Mar 10 2011 12:26:28
2011/04/02 14:28:30.0191 4272 ================================================================================
2011/04/02 14:28:30.0191 4272 SystemInfo:
2011/04/02 14:28:30.0191 4272
2011/04/02 14:28:30.0191 4272 OS Version: 6.1.7600 ServicePack: 0.0
2011/04/02 14:28:30.0191 4272 Product type: Workstation
2011/04/02 14:28:30.0194 4272 ComputerName: HPDV8T
2011/04/02 14:28:30.0194 4272 UserName: John
2011/04/02 14:28:30.0194 4272 Windows directory: C:\Windows
2011/04/02 14:28:30.0194 4272 System windows directory: C:\Windows
2011/04/02 14:28:30.0194 4272 Running under WOW64
2011/04/02 14:28:30.0194 4272 Processor architecture: Intel x64
2011/04/02 14:28:30.0194 4272 Number of processors: 8
2011/04/02 14:28:30.0194 4272 Page size: 0x1000
2011/04/02 14:28:30.0194 4272 Boot type: Normal boot
2011/04/02 14:28:30.0194 4272 ================================================================================
2011/04/02 14:28:30.0576 4272 Initialize success
2011/04/02 14:28:36.0279 5068 ================================================================================
2011/04/02 14:28:36.0279 5068 Scan started
2011/04/02 14:28:36.0279 5068 Mode: Manual;
2011/04/02 14:28:36.0279 5068 ================================================================================
2011/04/02 14:28:36.0679 5068 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
2011/04/02 14:28:36.0746 5068 Accelerometer (3e2427d4966c7606097341e55ab4e105) C:\Windows\system32\DRIVERS\Accelerometer.sys
2011/04/02 14:28:36.0799 5068 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
2011/04/02 14:28:36.0856 5068 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
2011/04/02 14:28:36.0934 5068 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
2011/04/02 14:28:37.0021 5068 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
2011/04/02 14:28:37.0079 5068 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
2011/04/02 14:28:37.0176 5068 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
2011/04/02 14:28:37.0299 5068 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
2011/04/02 14:28:37.0371 5068 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
2011/04/02 14:28:37.0409 5068 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
2011/04/02 14:28:37.0456 5068 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
2011/04/02 14:28:37.0504 5068 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
2011/04/02 14:28:37.0584 5068 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
2011/04/02 14:28:37.0664 5068 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
2011/04/02 14:28:37.0714 5068 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
2011/04/02 14:28:37.0779 5068 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
2011/04/02 14:28:37.0911 5068 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
2011/04/02 14:28:37.0989 5068 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
2011/04/02 14:28:38.0046 5068 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/04/02 14:28:38.0081 5068 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
2011/04/02 14:28:38.0166 5068 AVerBDA6x_x64 (c416791c85ed2998d458db434a61e766) C:\Windows\system32\DRIVERS\AVerBDA716x_x64.sys
2011/04/02 14:28:38.0304 5068 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
2011/04/02 14:28:38.0369 5068 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
2011/04/02 14:28:38.0436 5068 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
2011/04/02 14:28:38.0556 5068 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
2011/04/02 14:28:38.0629 5068 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
2011/04/02 14:28:38.0711 5068 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
2011/04/02 14:28:38.0746 5068 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
2011/04/02 14:28:38.0776 5068 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
2011/04/02 14:28:38.0799 5068 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
2011/04/02 14:28:38.0861 5068 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
2011/04/02 14:28:38.0894 5068 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
2011/04/02 14:28:38.0919 5068 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
2011/04/02 14:28:39.0086 5068 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/04/02 14:28:39.0176 5068 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
2011/04/02 14:28:39.0241 5068 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
2011/04/02 14:28:39.0316 5068 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
2011/04/02 14:28:39.0434 5068 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/04/02 14:28:39.0506 5068 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
2011/04/02 14:28:39.0566 5068 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
2011/04/02 14:28:39.0666 5068 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
2011/04/02 14:28:39.0776 5068 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
2011/04/02 14:28:39.0996 5068 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
2011/04/02 14:28:40.0146 5068 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
2011/04/02 14:28:40.0204 5068 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
2011/04/02 14:28:40.0281 5068 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
2011/04/02 14:28:40.0356 5068 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
2011/04/02 14:28:40.0406 5068 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
2011/04/02 14:28:40.0496 5068 easytether (1d69a83033930c20583d608c622ca56b) C:\Windows\system32\DRIVERS\easytthr.sys
2011/04/02 14:28:40.0599 5068 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
2011/04/02 14:28:40.0744 5068 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
2011/04/02 14:28:40.0809 5068 enecir (524c79054636d2e5751169005006460b) C:\Windows\system32\DRIVERS\enecir.sys
2011/04/02 14:28:40.0879 5068 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
2011/04/02 14:28:40.0991 5068 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
2011/04/02 14:28:41.0031 5068 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
2011/04/02 14:28:41.0094 5068 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
2011/04/02 14:28:41.0126 5068 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
2011/04/02 14:28:41.0149 5068 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
2011/04/02 14:28:41.0194 5068 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/04/02 14:28:41.0244 5068 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
2011/04/02 14:28:41.0324 5068 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
2011/04/02 14:28:41.0349 5068 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
2011/04/02 14:28:41.0406 5068 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
2011/04/02 14:28:41.0461 5068 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
2011/04/02 14:28:41.0536 5068 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/04/02 14:28:41.0601 5068 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
2011/04/02 14:28:41.0674 5068 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
2011/04/02 14:28:41.0746 5068 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/04/02 14:28:41.0786 5068 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
2011/04/02 14:28:41.0821 5068 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
2011/04/02 14:28:41.0899 5068 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
2011/04/02 14:28:41.0959 5068 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
2011/04/02 14:28:42.0034 5068 hpdskflt (ccbe758967cc0f53f5ba3b271653c4e6) C:\Windows\system32\DRIVERS\hpdskflt.sys
2011/04/02 14:28:42.0086 5068 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
2011/04/02 14:28:42.0169 5068 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
2011/04/02 14:28:42.0259 5068 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
2011/04/02 14:28:42.0336 5068 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
2011/04/02 14:28:42.0404 5068 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/04/02 14:28:42.0446 5068 iaStor (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
2011/04/02 14:28:42.0501 5068 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
2011/04/02 14:28:42.0679 5068 igfx (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/04/02 14:28:42.0841 5068 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
2011/04/02 14:28:42.0904 5068 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
2011/04/02 14:28:42.0974 5068 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
2011/04/02 14:28:43.0029 5068 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/04/02 14:28:43.0066 5068 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
2011/04/02 14:28:43.0094 5068 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
2011/04/02 14:28:43.0176 5068 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
2011/04/02 14:28:43.0244 5068 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
2011/04/02 14:28:43.0279 5068 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/04/02 14:28:43.0316 5068 JMCR (f8844b00c10e386c704c610e95a9847d) C:\Windows\system32\DRIVERS\jmcr.sys
2011/04/02 14:28:43.0379 5068 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/04/02 14:28:43.0409 5068 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/04/02 14:28:43.0506 5068 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
2011/04/02 14:28:43.0549 5068 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
2011/04/02 14:28:43.0581 5068 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
2011/04/02 14:28:43.0666 5068 Lbd (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
2011/04/02 14:28:43.0809 5068 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
2011/04/02 14:28:43.0896 5068 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
2011/04/02 14:28:43.0914 5068 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
2011/04/02 14:28:43.0934 5068 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
2011/04/02 14:28:43.0969 5068 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
2011/04/02 14:28:44.0044 5068 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
2011/04/02 14:28:44.0121 5068 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
2011/04/02 14:28:44.0161 5068 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
2011/04/02 14:28:44.0229 5068 MfeAVFK (e4b0f496c8e790343439149e53e82ff7) C:\Windows\system32\drivers\MfeAVFK.sys
2011/04/02 14:28:44.0294 5068 mfehidk (93284867c712ad4cc4e3dadaf3269059) C:\Windows\system32\drivers\mfehidk.sys
2011/04/02 14:28:44.0349 5068 MfeRKDk (d089618d9bb95cb5e3b8432e4b54674b) C:\Windows\system32\drivers\MfeRKDk.sys
2011/04/02 14:28:44.0379 5068 mfetdik (acc9399ca33fa3fb937ecbc64bf06dde) C:\Windows\system32\drivers\mfetdik.sys
2011/04/02 14:28:44.0441 5068 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
2011/04/02 14:28:44.0476 5068 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
2011/04/02 14:28:44.0509 5068 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
2011/04/02 14:28:44.0584 5068 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
2011/04/02 14:28:44.0616 5068 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
2011/04/02 14:28:44.0656 5068 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\Windows\system32\Drivers\Mpfp.sys
2011/04/02 14:28:44.0701 5068 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
2011/04/02 14:28:44.0741 5068 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
2011/04/02 14:28:44.0784 5068 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
2011/04/02 14:28:44.0841 5068 mrxsmb (767a4c3bcf9410c286ced15a2db17108) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/04/02 14:28:44.0886 5068 mrxsmb10 (920ee0ff995fcfdeb08c41605a959e1c) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/04/02 14:28:44.0911 5068 mrxsmb20 (740d7ea9d72c981510a5292cf6adc941) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/04/02 14:28:44.0941 5068 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
2011/04/02 14:28:44.0986 5068 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
2011/04/02 14:28:45.0069 5068 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
2011/04/02 14:28:45.0126 5068 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
2011/04/02 14:28:45.0169 5068 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
2011/04/02 14:28:45.0244 5068 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
2011/04/02 14:28:45.0276 5068 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/04/02 14:28:45.0289 5068 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
2011/04/02 14:28:45.0319 5068 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
2011/04/02 14:28:45.0351 5068 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/04/02 14:28:45.0386 5068 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
2011/04/02 14:28:45.0414 5068 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
2011/04/02 14:28:45.0459 5068 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
2011/04/02 14:28:45.0549 5068 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
2011/04/02 14:28:45.0589 5068 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
2011/04/02 14:28:45.0646 5068 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
2011/04/02 14:28:45.0696 5068 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/04/02 14:28:45.0729 5068 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/04/02 14:28:45.0764 5068 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/04/02 14:28:45.0819 5068 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
2011/04/02 14:28:45.0839 5068 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
2011/04/02 14:28:45.0861 5068 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
2011/04/02 14:28:46.0099 5068 NETw5s64 (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
2011/04/02 14:28:46.0319 5068 netw5v64 (d68de412a3243f8d57ddb814aa509813) C:\Windows\system32\DRIVERS\netw5v64.sys
2011/04/02 14:28:46.0436 5068 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
2011/04/02 14:28:46.0504 5068 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
2011/04/02 14:28:46.0541 5068 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
2011/04/02 14:28:46.0594 5068 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
2011/04/02 14:28:46.0691 5068 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
2011/04/02 14:28:46.0756 5068 NVHDA (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
2011/04/02 14:28:46.0966 5068 nvlddmkm (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
2011/04/02 14:28:47.0099 5068 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
2011/04/02 14:28:47.0131 5068 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
2011/04/02 14:28:47.0219 5068 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
2011/04/02 14:28:47.0279 5068 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/04/02 14:28:47.0449 5068 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
2011/04/02 14:28:47.0494 5068 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
2011/04/02 14:28:47.0524 5068 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
2011/04/02 14:28:47.0576 5068 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
2011/04/02 14:28:47.0604 5068 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/04/02 14:28:47.0629 5068 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
2011/04/02 14:28:47.0669 5068 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
2011/04/02 14:28:47.0799 5068 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
2011/04/02 14:28:47.0844 5068 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
2011/04/02 14:28:47.0899 5068 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
2011/04/02 14:28:47.0964 5068 PxHlpa64 (fbf4db6d53585437e41a113300002a2b) C:\Windows\system32\Drivers\PxHlpa64.sys
2011/04/02 14:28:48.0081 5068 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
2011/04/02 14:28:48.0129 5068 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
2011/04/02 14:28:48.0176 5068 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
2011/04/02 14:28:48.0259 5068 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
2011/04/02 14:28:48.0319 5068 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
2011/04/02 14:28:48.0374 5068 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/04/02 14:28:48.0404 5068 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/04/02 14:28:48.0426 5068 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
2011/04/02 14:28:48.0464 5068 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
2011/04/02 14:28:48.0511 5068 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
2011/04/02 14:28:48.0556 5068 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/04/02 14:28:48.0591 5068 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
2011/04/02 14:28:48.0614 5068 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
2011/04/02 14:28:48.0649 5068 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
2011/04/02 14:28:48.0716 5068 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
2011/04/02 14:28:48.0836 5068 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
2011/04/02 14:28:48.0904 5068 RTL8167 (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
2011/04/02 14:28:48.0964 5068 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
2011/04/02 14:28:49.0021 5068 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
2011/04/02 14:28:49.0086 5068 sdbus (2c8d162efaf73abd36d8bcbb6340cae7) C:\Windows\system32\DRIVERS\sdbus.sys
2011/04/02 14:28:49.0149 5068 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/04/02 14:28:49.0231 5068 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
2011/04/02 14:28:49.0264 5068 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
2011/04/02 14:28:49.0314 5068 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
2011/04/02 14:28:49.0379 5068 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
2011/04/02 14:28:49.0394 5068 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
2011/04/02 14:28:49.0406 5068 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
2011/04/02 14:28:49.0431 5068 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
2011/04/02 14:28:49.0499 5068 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
2011/04/02 14:28:49.0524 5068 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
2011/04/02 14:28:49.0564 5068 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
2011/04/02 14:28:49.0636 5068 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
2011/04/02 14:28:49.0694 5068 srv (de6f5658da951c4bc8e498570b5b0d5f) C:\Windows\system32\DRIVERS\srv.sys
2011/04/02 14:28:49.0736 5068 srv2 (4d33d59c0b930c523d29f9bd40cda9d2) C:\Windows\system32\DRIVERS\srv2.sys
2011/04/02 14:28:49.0789 5068 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
2011/04/02 14:28:49.0854 5068 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
2011/04/02 14:28:49.0921 5068 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
2011/04/02 14:28:49.0999 5068 srvnet (5a663fd67049267bc5c3f3279e631ffb) C:\Windows\system32\DRIVERS\srvnet.sys
2011/04/02 14:28:50.0094 5068 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
2011/04/02 14:28:50.0166 5068 STHDA (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
2011/04/02 14:28:50.0296 5068 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
2011/04/02 14:28:50.0384 5068 SynTP (3a706a967295e16511e40842b1a2761d) C:\Windows\system32\DRIVERS\SynTP.sys
2011/04/02 14:28:50.0496 5068 Tcpip (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\drivers\tcpip.sys
2011/04/02 14:28:50.0591 5068 TCPIP6 (90a2d722cf64d911879d6c4a4f802a4d) C:\Windows\system32\DRIVERS\tcpip.sys
2011/04/02 14:28:50.0641 5068 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
2011/04/02 14:28:50.0669 5068 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
2011/04/02 14:28:50.0684 5068 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
2011/04/02 14:28:50.0729 5068 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
2011/04/02 14:28:50.0764 5068 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
2011/04/02 14:28:50.0886 5068 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/04/02 14:28:50.0941 5068 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
2011/04/02 14:28:51.0001 5068 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
2011/04/02 14:28:51.0036 5068 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
2011/04/02 14:28:51.0119 5068 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
2011/04/02 14:28:51.0191 5068 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
2011/04/02 14:28:51.0219 5068 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
2011/04/02 14:28:51.0294 5068 USB28xxBGA (f140578471200f788fb5440e6e7cf36d) C:\Windows\system32\DRIVERS\emBDA64.sys
2011/04/02 14:28:51.0356 5068 USB28xxOEM (983ff2fd729bfe699cfceddc6e61ebbf) C:\Windows\system32\DRIVERS\emOEM64.sys
2011/04/02 14:28:51.0454 5068 usbaudio (77b01bc848298223a95d4ec23e1785a1) C:\Windows\system32\drivers\usbaudio.sys
2011/04/02 14:28:51.0494 5068 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/04/02 14:28:51.0549 5068 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
2011/04/02 14:28:51.0574 5068 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
2011/04/02 14:28:51.0614 5068 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
2011/04/02 14:28:51.0639 5068 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
2011/04/02 14:28:51.0691 5068 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
2011/04/02 14:28:51.0759 5068 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
2011/04/02 14:28:51.0789 5068 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/04/02 14:28:51.0829 5068 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/04/02 14:28:51.0901 5068 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
2011/04/02 14:28:51.0971 5068 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
2011/04/02 14:28:52.0084 5068 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
2011/04/02 14:28:52.0159 5068 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/04/02 14:28:52.0194 5068 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
2011/04/02 14:28:52.0224 5068 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
2011/04/02 14:28:52.0264 5068 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
2011/04/02 14:28:52.0311 5068 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
2011/04/02 14:28:52.0336 5068 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
2011/04/02 14:28:52.0409 5068 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
2011/04/02 14:28:52.0484 5068 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
2011/04/02 14:28:52.0524 5068 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
2011/04/02 14:28:52.0596 5068 VWiFiFlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
2011/04/02 14:28:52.0626 5068 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
2011/04/02 14:28:52.0724 5068 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
2011/04/02 14:28:52.0761 5068 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 14:28:52.0786 5068 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
2011/04/02 14:28:52.0871 5068 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
2011/04/02 14:28:52.0899 5068 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
2011/04/02 14:28:53.0009 5068 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
2011/04/02 14:28:53.0041 5068 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
2011/04/02 14:28:53.0134 5068 WinUSB (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUSB.sys
2011/04/02 14:28:53.0172 5068 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/04/02 14:28:53.0229 5068 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
2011/04/02 14:28:53.0269 5068 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
2011/04/02 14:28:53.0377 5068 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/04/02 14:28:53.0462 5068 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
2011/04/02 14:28:53.0567 5068 {55662437-DA8C-40c0-AADA-2C816A897A49} (74983addca2d9618512c088d856d6615) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
2011/04/02 14:28:53.0654 5068 ================================================================================
2011/04/02 14:28:53.0654 5068 Scan finished
2011/04/02 14:28:53.0654 5068 ================================================================================
Hi,
Please re-run Spybot and see if it's able to fix its findings. Post back the report of remaining bad items.
OK I ran Spybot
It found the following...
BurstMedia
CasaleMedia
Click.GiftLoad
DoubleClick
FastClick
MediaPlex
Right Media
Statcountry
Zedo
In case you need it I'll paste the Spybot log below....
--- Search result list ---
Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, fixed)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1
MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
Zedo: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
FastClick: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
CasaleMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
MediaPlex: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
BurstMedia: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
Right Media: Tracking cookie (Internet Explorer: John) (Cookie, fixed)
DoubleClick: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
CasaleMedia: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Zedo: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
Statcounter: Tracking cookie (Chrome: Chrome) (Cookie, fixed)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, DpAgent
command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
Located: HK_LM:Run, HPCam_Menu
command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: CD1E74BC24CB1D1544406741F46F4D61
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, MVS Splash
command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
Located: HK_LM:Run, QlbCtrl.exe
command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 11:45:14 AM
Date (last access): 4/1/2011 12:40:04 PM
Date (last write): 1/30/2011 11:45:14 AM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: DigitalPersona Personal Extension
CLSID name: DigitalPersona Personal Extension
Path: C:\Program Files (x86)\DigitalPersona\Bin\
Long name: DpOtsPluginIe8.dll
Short name: DPOTSP~1.DLL
Date (created): 12/1/2009 1:37:48 PM
Date (last access): 10/12/2010 9:47:12 PM
Date (last write): 12/1/2009 1:37:48 PM
Filesize: 1256512
Attributes: archive
MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
CRC32: 8E02630C
Version: 5.0.0.3790
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/21/2009 11:09:06 PM
Date (last access): 12/21/2009 11:09:06 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
Long name: ScriptSn.20100802144004.dll
Short name: SCRIPT~1.DLL
Date (created): 8/2/2010 2:40:06 PM
Date (last access): 8/2/2010 2:40:06 PM
Date (last write): 12/15/2009 3:25:50 PM
Filesize: 62784
Attributes: archive
MD5: 9421AB13002A83C0629B96BE06139241
CRC32: E417E975
Version: 14.0.0.438
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 6:41:30 PM
Date (last access): 8/15/2009 5:20:04 AM
Date (last write): 1/22/2009 6:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
Long name: McIEPlg.dll
Short name:
Date (created): 12/16/2009 8:31:00 PM
Date (last access): 4/12/2010 10:10:44 AM
Date (last write): 12/16/2009 8:31:00 PM
Filesize: 116032
Attributes: archive
MD5: 62A9C0FF5A7231E9A7D6490C31411515
CRC32: 6A52AE99
Version: 3.0.0.539
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NitroPDFBHO Class
CLSID name:
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Microsoft Live Search Toolbar Helper
Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 4/7/2009 8:15:54 PM
Date (last access): 8/15/2009 8:12:22 AM
Date (last write): 4/7/2009 8:15:54 PM
Filesize: 82784
Attributes: archive
MD5: F24D277095D2B74FC97BA9BD35268EE8
CRC32: B62D4AAB
Version: 3.0.560.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/9/2011 4:31:20 PM
Date (last access): 3/25/2011 1:13:46 AM
Date (last write): 2/9/2011 4:31:20 PM
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~2.DLL
Date (created): 11/16/2009 2:54:18 PM
Date (last access): 11/16/2009 2:54:18 PM
Date (last write): 11/16/2009 2:54:18 PM
Filesize: 459480
Attributes: archive
MD5: D814967E656216F251E3F2C6070BCD63
CRC32: 68C70C16
Version: 1.0.0.211
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 4/1/2011 12:45:04 PM
Date (last access): 4/1/2011 12:45:04 PM
Date (last write): 1/25/2011 4:09:22 PM
Filesize: 3381024
Attributes: archive
MD5: B51BB6A174641FBDA164396FEF152151
CRC32: 1B979B83
Version: 1.0.0.6425
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
DPF name:
CLSID name: diskhealth Class
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
Path: C:\Windows\Downloaded Program Files\
Long name: DiskMD3Ctrl.dll
Short name: DISKMD~1.DLL
Date (created): 10/28/2010 12:14:32 PM
Date (last access): 10/28/2010 12:14:32 PM
Date (last write): 10/28/2010 12:14:32 PM
Filesize: 344216
Attributes: archive
MD5: A79B4C5306E5E5E98400232DCCEE4D34
CRC32: 76B448AC
Version: 1.0.0.23
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
DPF name:
CLSID name: PCMaticVer Class
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PCMaticCtrl.dll
Short name: PCMATI~1.DLL
Date (created): 3/18/2010 1:21:20 PM
Date (last access): 3/18/2010 1:21:20 PM
Date (last write): 3/18/2010 1:21:20 PM
Filesize: 91320
Attributes: archive
MD5: 038C8B41A21A9ACF0930F2B5978559EE
CRC32: 1DF117B7
Version: 1.0.0.8
{A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
DPF name:
CLSID name: PCPitstop AntiVirus
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstopAntiVirus.dll
Short name: PCPITS~4.DLL
Date (created): 1/19/2010 8:40:20 PM
Date (last access): 1/19/2010 8:40:20 PM
Date (last write): 1/19/2010 8:40:22 PM
Filesize: 197304
Attributes: archive
MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
CRC32: 39CAE85A
Version: 1.0.0.12
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Path: C:\Windows\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 2/4/2010 12:55:38 PM
Date (last access): 2/4/2010 12:55:38 PM
Date (last write): 2/4/2010 12:55:38 PM
Filesize: 3171608
Attributes: archive
MD5: C7103946ED86FAC01E23C457EDD7F719
CRC32: 65FF7081
Version: 1.0.31.0
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 2/2/2011 7:19:42 PM
Date (last access): 2/2/2011 9:42:34 PM
Date (last write): 2/2/2011 9:40:34 PM
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7
{D27CDB6E-AE6D-11CF-96B8-444553635000} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~3.DLL
Date (created): 6/9/2010 3:18:06 PM
Date (last access): 6/9/2010 3:18:06 PM
Date (last write): 6/9/2010 3:18:06 PM
Filesize: 405176
Attributes: archive
MD5: 4A77B60A19B6179F0F9E88AD89E79F13
CRC32: CC97C726
Version: 1.0.0.37
--- Process list ---
PID: 0 ( 0) [System]
PID: 4504 (5080) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
PID: 352 (5080) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
PID: 1852 (5080) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
PID: 4856 (5080) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
PID: 2368 (5080) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 3976 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 939848
MD5: A852BEC60713B0465DFB0E899FDADBC8
PID: 4604 (4128) C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE
size: 12995952
MD5: 2A8AEFDE5BED57D232ECF9482336E139
PID: 3488 (4128) C:\Program Files (x86)\Adobe\Adobe Photoshop CS3\Photoshop.exe
size: 44814336
MD5: 8BBFFD6536EF589FC2D2820F6E377ABD
PID: 6080 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 12116 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 11708 (4128) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 5880 (11708) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 11636 (6080) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 6940 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
size: 130400
MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
PID: 13992 (4128) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 4 ( 0) System
PID: 372 ( 4) smss.exe
PID: 532 ( 524) csrss.exe
PID: 608 ( 524) wininit.exe
size: 96256
PID: 632 ( 620) csrss.exe
PID: 676 ( 608) services.exe
PID: 692 ( 608) lsass.exe
PID: 700 ( 608) lsm.exe
PID: 804 ( 676) svchost.exe
size: 20992
PID: 868 ( 676) nvvsvc.exe
PID: 908 ( 676) svchost.exe
size: 20992
PID: 972 ( 676) svchost.exe
size: 20992
PID: 1012 ( 676) svchost.exe
size: 20992
PID: 140 ( 676) svchost.exe
size: 20992
PID: 488 ( 676) stacsv64.exe
PID: 1124 ( 676) svchost.exe
size: 20992
PID: 1176 ( 676) hpservice.exe
PID: 1224 ( 676) vcsFPService.exe
size: 1656112
PID: 1284 ( 676) svchost.exe
size: 20992
PID: 1380 ( 620) winlogon.exe
PID: 1412 ( 676) AAWService.exe
PID: 1536 ( 676) spoolsv.exe
PID: 1568 ( 676) DpHostW.exe
PID: 1672 ( 676) svchost.exe
size: 20992
PID: 1780 ( 676) AESTSr64.exe
PID: 1816 ( 676) AppleMobileDeviceService.exe
PID: 1892 ( 868) nvvsvc.exe
PID: 1036 ( 676) cronsvc.exe
PID: 1184 ( 676) EngineServer.exe
PID: 1612 ( 676) LSSrvc.exe
PID: 1620 ( 676) lxcqcoms.exe
size: 537520
PID: 1728 ( 676) McSACore.exe
PID: 2084 ( 676) McShield.exe
PID: 2188 ( 676) MpfSrv.exe
PID: 2496 ( 676) myAgtSvc.exe
PID: 2588 ( 676) RichVideo.exe
PID: 2648 ( 676) svchost.exe
size: 20992
PID: 2732 ( 676) TVCapSvc.exe
PID: 2824 ( 676) SDWinSec.exe
PID: 2684 ( 804) unsecapp.exe
PID: 3124 ( 804) WmiPrvSE.exe
PID: 3652 ( 676) svchost.exe
size: 20992
PID: 3856 (1012) WUDFHost.exe
PID: 3756 ( 676) C:\Windows\System32\taskhost.exe
PID: 2552 (1012) C:\Windows\System32\dwm.exe
PID: 4104 ( 804) C:\Windows\System32\rundll32.exe
size: 44544
MD5: 51138BEEA3E2C21EC44D0932C71762A8
PID: 4128 (1960) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 4276 ( 676) svchost.exe
size: 20992
PID: 5104 (4128) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2096424
MD5: 26D207379AF9B717538D1F7E2D9A58CB
PID: 5064 (4128) C:\Program Files\IDT\WDM\sttray64.exe
size: 450048
MD5: 7A2C26459B599A2D6D5401F73ACA1981
PID: 5076 (4128) C:\Program Files\Java\jre6\bin\jusched.exe
size: 171520
MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
PID: 5000 (4128) C:\Windows\WindowsMobile\wmdc.exe
size: 660360
MD5: 233A10D4B3F6897899112E4EC60F1906
PID: 4552 (5104) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 121128
MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
PID: 5052 ( 676) svchost.exe
size: 20992
PID: 4176 ( 676) SearchIndexer.exe
size: 428032
PID: 4464 (1852) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
size: 163392
MD5: 4ACF5383E778D14C7ECB60534AE7358D
PID: 4220 ( 676) hpqWmiEx.exe
PID: 5080 ( 676) Com4QLBEx.exe
PID: 4232 ( 676) iPodService.exe
PID: 1552 ( 676) HPHC_Service.exe
PID: 2360 ( 676) wmpnetwk.exe
PID: 5628 ( 804) C:\Windows\ehome\ehmsas.exe
size: 48640
MD5: 0857BF4842D85BC7FEA8DA6A24CC7921
PID: 6132 ( 676) ehrecvr.exe
PID: 5992 ( 676) FNPLicensingService.exe
PID: 6552 (3488) C:\Windows\splwow64.exe
size: 61952
MD5: 88454E4E3D0DC64E9FBC5E9D1BDBA771
PID: 6620 ( 804) C:\Windows\System32\dllhost.exe
size: 7168
MD5: A63DC5C2EA944E6657203E0C8EDEAF61
PID: 10160 ( 140) taskeng.exe
size: 192000
PID: 13260 ( 972) audiodg.exe
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/3/2011 4:35:41 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Please re-run Spybot after a reboot. Post back about findings.
I restarted and ran Spybot.. No threats were found.. I restarted the computer and ran Spybot again - and it once again found Click.Giftload
This thing just doesn't seem to go away.
Any other suggestions? Is it this hard to remove in other people's computers too?
Regardless, thanks for all the effort. It looks like I may have to live with this thing.
Here is the most recent Spybot report..
Even though I "Fixed Selected Problems" after a restart and another Spybot scan the following were found:
Click.GiftLoad, DoubleClick and Right Media
--- Search result list ---
Click.GiftLoad: [SBI $5ABC7D37] User settings (Registry change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1
DoubleClick: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)
Right Media: Tracking cookie (Internet Explorer: John) (Cookie, nothing done)
--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---
2009-01-26 blindman.exe (1.0.0.8)
2009-01-26 SDFiles.exe (1.6.1.7)
2009-01-26 SDMain.exe (1.0.0.6)
2009-01-26 SDUpdate.exe (1.6.0.12)
2009-01-26 SDWinSec.exe (1.0.0.12)
2009-01-26 SpybotSD.exe (1.6.2.46)
2009-03-05 TeaTimer.exe (1.6.6.32)
2009-12-21 unins000.exe (51.49.0.0)
2009-01-26 Update.exe (1.6.0.7)
2009-11-04 advcheck.dll (1.6.5.20)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2009-01-26 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2009-01-26 Tools.dll (2.1.6.10)
2009-01-16 UninsSrv.dll (1.0.0.0)
2011-03-18 Includes\Adware.sbi (*)
2011-03-22 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2010-12-14 Includes\Dialer.sbi (*)
2011-03-08 Includes\DialerC.sbi (*)
2011-02-24 Includes\HeavyDuty.sbi (*)
2011-03-29 Includes\Hijackers.sbi (*)
2011-03-29 Includes\HijackersC.sbi (*)
2010-09-15 Includes\iPhone.sbi (*)
2010-12-14 Includes\Keyloggers.sbi (*)
2011-03-08 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2011-03-29 Includes\Malware.sbi (*)
2011-03-29 Includes\MalwareC.sbi (*)
2011-02-24 Includes\PUPS.sbi (*)
2011-03-15 Includes\PUPSC.sbi (*)
2010-01-25 Includes\Revision.sbi (*)
2009-01-13 Includes\Security.sbi (*)
2011-03-08 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2011-02-24 Includes\Spyware.sbi (*)
2011-03-15 Includes\SpywareC.sbi (*)
2010-03-08 Includes\Tracks.uti
2010-12-28 Includes\Trojans.sbi (*)
2011-03-25 Includes\TrojansC-02.sbi (*)
2011-03-29 Includes\TrojansC-03.sbi (*)
2011-03-08 Includes\TrojansC-04.sbi (*)
2011-03-29 Includes\TrojansC-05.sbi (*)
2011-03-08 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll
--- System information ---
Unknown Windows version 6.1 (Build: 7600) (6.1.7600)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)
--- Startup entries list ---
Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A
Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: 8A6683AC1DAFA824615BB3857EF8C709
Located: HK_LM:Run, DpAgent
command: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
file: C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
Located: HK_LM:Run, HPCam_Menu
command: "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam"
file: c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe
size: 218408
MD5: CD1E74BC24CB1D1544406741F46F4D61
Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
file: C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
Located: HK_LM:Run, MVS Splash
command: "C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" /LOGON
file: C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
Located: HK_LM:Run, QlbCtrl.exe
command: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
file: C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
file: C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
Located: HK_LM:Run, UpdatePRCShortCut
command: "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
file: C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
size: 222504
MD5: 4EFCDF3DB1BBA69C09622991280C4ACB
--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 1/30/2011 11:45:14 AM
Date (last access): 4/1/2011 12:40:04 PM
Date (last write): 1/30/2011 11:45:14 AM
Filesize: 62376
Attributes: archive
MD5: F31208835709A62ECC5D45211D89C772
CRC32: 7859C01E
Version: 10.0.1.434
{395610AE-C624-4f58-B89E-23733EA00F9A} (DigitalPersona Personal Extension)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: DigitalPersona Personal Extension
CLSID name: DigitalPersona Personal Extension
Path: C:\Program Files (x86)\DigitalPersona\Bin\
Long name: DpOtsPluginIe8.dll
Short name: DPOTSP~1.DLL
Date (created): 12/1/2009 1:37:48 PM
Date (last access): 10/12/2010 9:47:12 PM
Date (last write): 12/1/2009 1:37:48 PM
Filesize: 1256512
Attributes: archive
MD5: D6703BE3CA7FA0ED07BE77E2D62ECABC
CRC32: 8E02630C
Version: 5.0.0.3790
{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Spybot - Search & Destroy\
Long name: SDHelper.dll
Short name:
Date (created): 12/21/2009 11:09:06 PM
Date (last access): 12/21/2009 11:09:06 PM
Date (last write): 1/26/2009 4:31:02 PM
Filesize: 1879896
Attributes: archive
MD5: 022C2F6DCCDFA0AD73024D254E62AFAC
CRC32: 5BA24007
Version: 1.6.2.14
{7DB2D5A0-7241-4E79-B68D-6309F01C5231} (scriptproxy)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: scriptproxy
CLSID name: scriptproxy
Path: C:\Program Files (x86)\McAfee\Managed VirusScan\VScan\
Long name: ScriptSn.20100802144004.dll
Short name: SCRIPT~1.DLL
Date (created): 8/2/2010 2:40:06 PM
Date (last access): 8/2/2010 2:40:06 PM
Date (last write): 12/15/2009 3:25:50 PM
Filesize: 62784
Attributes: archive
MD5: 9421AB13002A83C0629B96BE06139241
CRC32: E417E975
Version: 14.0.0.438
{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Windows Live Sign-in Helper
Path: C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\
Long name: WindowsLiveLogin.dll
Short name: WINDOW~1.DLL
Date (created): 1/22/2009 6:41:30 PM
Date (last access): 8/15/2009 5:20:04 AM
Date (last write): 1/22/2009 6:41:30 PM
Filesize: 408448
Attributes: archive
MD5: B7899C3E21B299D7A3C0DA96CAE340BD
CRC32: 288935F8
Version: 5.0.818.5
{B164E929-A1B6-4A06-B104-2CD0E90A88FF} (McAfee SiteAdvisor BHO)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: McAfee SiteAdvisor BHO
Path: C:\Program Files (x86)\McAfee\SiteAdvisor Enterprise\
Long name: McIEPlg.dll
Short name:
Date (created): 12/16/2009 8:31:00 PM
Date (last access): 4/12/2010 10:10:44 AM
Date (last write): 12/16/2009 8:31:00 PM
Filesize: 116032
Attributes: archive
MD5: 62A9C0FF5A7231E9A7D6490C31411515
CRC32: 6A52AE99
Version: 3.0.0.539
{CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} (NitroPDFBHO Class)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: NitroPDFBHO Class
CLSID name:
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} (Microsoft Live Search Toolbar Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Microsoft Live Search Toolbar Helper
Path: c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\
Long name: msneshellx.dll
Short name: MSNESH~1.DLL
Date (created): 4/7/2009 8:15:54 PM
Date (last access): 8/15/2009 8:12:22 AM
Date (last write): 4/7/2009 8:15:54 PM
Filesize: 82784
Attributes: archive
MD5: F24D277095D2B74FC97BA9BD35268EE8
CRC32: B62D4AAB
Version: 3.0.560.0
{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java(tm) Plug-In 2 SSV Helper)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Java(tm) Plug-In 2 SSV Helper
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2ssv.dll
Short name:
Date (created): 2/9/2011 4:31:20 PM
Date (last access): 3/25/2011 1:13:46 AM
Date (last write): 2/9/2011 4:31:20 PM
Filesize: 41760
Attributes: archive
MD5: 88E49C2B7E75B1D9695D6A063F28A8BB
CRC32: A5ABF297
Version: 6.0.240.7
--- ActiveX list ---
{0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility)
DPF name:
CLSID name: PCPitstop Utility
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
description: Gateway tools
classification: Legitimate
known filename: PCPITSTOP.DLL
info link:
info source: Patrick M. Kolla
Path: C:\Windows\Downloaded Program Files\
Long name: PCPitstop.dll
Short name: PCPITS~2.DLL
Date (created): 11/16/2009 2:54:18 PM
Date (last access): 11/16/2009 2:54:18 PM
Date (last write): 11/16/2009 2:54:18 PM
Filesize: 459480
Attributes: archive
MD5: D814967E656216F251E3F2C6070BCD63
CRC32: 68C70C16
Version: 1.0.0.211
{67DABFBF-D0AB-41FA-9C46-CC0F21721616} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\DivXPlugin.inf
Codebase: http://download.divx.com/player/DivXBrowserPlugin.cab
description:
classification: Legitimate
known filename: npdivx32.dll
info link:
info source: Safer Networking Ltd.
{7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control)
DPF name:
CLSID name: OnlineScanner Control
Installer: C:\Windows\Downloaded Program Files\OnlineScanner.inf
Codebase: http://download.eset.com/special/eos/OnlineScanner.cab
Path: C:\PROGRA~2\ESET\ESETON~1\
Long name: OnlineScanner.ocx
Short name: ONLINE~1.OCX
Date (created): 4/1/2011 12:45:04 PM
Date (last access): 4/1/2011 12:45:04 PM
Date (last write): 1/25/2011 4:09:22 PM
Filesize: 3381024
Attributes: archive
MD5: B51BB6A174641FBDA164396FEF152151
CRC32: 1B979B83
Version: 1.0.0.6425
{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description: Sun Java
classification: Legitimate
known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin\npjava131.dll
info link:
info source: Patrick M. Kolla
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class)
DPF name:
CLSID name: diskhealth Class
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
Path: C:\Windows\Downloaded Program Files\
Long name: DiskMD3Ctrl.dll
Short name: DISKMD~1.DLL
Date (created): 10/28/2010 12:14:32 PM
Date (last access): 10/28/2010 12:14:32 PM
Date (last write): 10/28/2010 12:14:32 PM
Filesize: 344216
Attributes: archive
MD5: A79B4C5306E5E5E98400232DCCEE4D34
CRC32: 76B448AC
Version: 1.0.0.23
{A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class)
DPF name:
CLSID name: PCMaticVer Class
Installer: C:\Windows\Downloaded Program Files\pcmatic.inf
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Path: C:\Windows\Downloaded Program Files\
Long name: PCMaticCtrl.dll
Short name: PCMATI~1.DLL
Date (created): 3/18/2010 1:21:20 PM
Date (last access): 3/18/2010 1:21:20 PM
Date (last write): 3/18/2010 1:21:20 PM
Filesize: 91320
Attributes: archive
MD5: 038C8B41A21A9ACF0930F2B5978559EE
CRC32: 1DF117B7
Version: 1.0.0.8
{A553720A-BFED-4EA4-A71F-7EFCA690A1F7} (PCPitstop AntiVirus)
DPF name:
CLSID name: PCPitstop AntiVirus
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstopAntiVirus.dll
Short name: PCPITS~4.DLL
Date (created): 1/19/2010 8:40:20 PM
Date (last access): 1/19/2010 8:40:20 PM
Date (last write): 1/19/2010 8:40:22 PM
Filesize: 197304
Attributes: archive
MD5: 4892DE406AFE9AF8DB2E9FCED11D0394
CRC32: 39CAE85A
Version: 1.0.0.12
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} (EPUImageControl Class)
DPF name:
CLSID name: EPUImageControl Class
Installer: C:\Windows\Downloaded Program Files\EPUWALcontrol.inf
Codebase: http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab
Path: C:\Windows\Downloaded Program Files\
Long name: EPUWALcontrol.dll
Short name: EPUWAL~1.DLL
Date (created): 2/4/2010 12:55:38 PM
Date (last access): 2/4/2010 12:55:38 PM
Date (last write): 2/4/2010 12:55:38 PM
Filesize: 3171608
Attributes: archive
MD5: C7103946ED86FAC01E23C457EDD7F719
CRC32: 65FF7081
Version: 1.0.31.0
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: jp2iexp.dll
Short name:
Date (created): 12/11/2009 12:37:28 AM
Date (last access): 2/2/2075 9:42:20 PM
Date (last write): 2/2/2011 9:40:28 PM
Filesize: 112416
Attributes: archive
MD5: 8E66E95FCD0218767CC5953F7BA64D19
CRC32: F9A66843
Version: 6.0.240.7
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
DPF name: Java Runtime Environment 1.6.0
CLSID name: Java Plug-in 1.6.0_24
Installer:
Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
description:
classification: Legitimate
known filename: npjpi150_06.dll
info link:
info source: Safer Networking Ltd.
Path: C:\Program Files (x86)\Java\jre6\bin\
Long name: npjpi160_24.dll
Short name: NPJPI1~1.DLL
Date (created): 2/2/2011 7:19:42 PM
Date (last access): 2/2/2011 9:42:34 PM
Date (last write): 2/2/2011 9:40:34 PM
Filesize: 141088
Attributes: archive
MD5: 1DA2629EEE65A34D54BB9741CE30DE3D
CRC32: 64BB8CA2
Version: 6.0.240.7
{D27CDB6E-AE6D-11CF-96B8-444553635000} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\swflash.inf
Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
{E2883E8F-472F-4FB0-9522-AC9BF37916A7} ()
DPF name:
CLSID name:
Installer: C:\Windows\Downloaded Program Files\gp.inf
Codebase: http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
{FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam)
DPF name:
CLSID name: PCPitstop Exam
Installer:
Codebase: http://utilities.pcpitstop.com/Nirvana/controls/pcpitstop2.dll
Path: C:\Windows\Downloaded Program Files\
Long name: pcpitstop2.dll
Short name: PCPITS~3.DLL
Date (created): 6/9/2010 3:18:06 PM
Date (last access): 6/9/2010 3:18:06 PM
Date (last write): 6/9/2010 3:18:06 PM
Filesize: 405176
Attributes: archive
MD5: 4A77B60A19B6179F0F9E88AD89E79F13
CRC32: CC97C726
Version: 1.0.0.37
--- Process list ---
PID: 0 ( 0) [System]
PID: 4632 (4500) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
size: 320056
MD5: 0771A5C3B78967F9F83C1C429334AD2A
PID: 4724 (4500) C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe
size: 476480
MD5: D4CC3CF516A3D721AC6EFFCC69DD3247
PID: 4744 (4500) C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
size: 842816
MD5: 1D48CA37FAA59919C1138357ED67E14A
PID: 4768 (4500) C:\Program Files (x86)\iTunes\iTunesHelper.exe
size: 421160
MD5: 0CFBE2D135A73CA98381FC8CC8BC5A03
PID: 4784 (4500) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
size: 249064
MD5: 2E5212A0BFB98FE0167C92C76C87AFE3
PID: 620 (1412) C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
size: 939848
MD5: A852BEC60713B0465DFB0E899FDADBC8
PID: 1404 (1956) C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
size: 5365592
MD5: 0477C2F9171599CA5BC3307FDFBA8D89
PID: 5088 (1956) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
size: 963976
MD5: 4CEC4B72C5B255EC2F7C54CD03554540
PID: 5032 (1956) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 2356 (5032) C:\Program Files (x86)\Internet Explorer\iexplore.exe
size: 748336
MD5: 904E13BA41AF2E353A32CF351CA53639
PID: 4380 ( 804) c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msntask.exe
size: 130400
MD5: 2716EA1EAE1E27CC7F53AF41C52C18A4
PID: 4 ( 0) System
PID: 372 ( 4) smss.exe
PID: 532 ( 520) csrss.exe
PID: 608 ( 520) wininit.exe
size: 96256
PID: 632 ( 620) csrss.exe
PID: 668 ( 608) services.exe
PID: 688 ( 608) lsass.exe
PID: 696 ( 608) lsm.exe
PID: 804 ( 668) svchost.exe
size: 20992
PID: 868 ( 668) nvvsvc.exe
PID: 908 ( 668) svchost.exe
size: 20992
PID: 980 ( 668) svchost.exe
size: 20992
PID: 1012 ( 668) svchost.exe
size: 20992
PID: 340 ( 668) svchost.exe
size: 20992
PID: 488 ( 668) stacsv64.exe
PID: 1136 ( 668) svchost.exe
size: 20992
PID: 1180 ( 668) hpservice.exe
PID: 1228 ( 668) vcsFPService.exe
size: 1656112
PID: 1284 ( 668) svchost.exe
size: 20992
PID: 1376 ( 620) winlogon.exe
PID: 1412 ( 668) AAWService.exe
PID: 1556 ( 668) spoolsv.exe
PID: 1592 ( 668) DpHostW.exe
PID: 1664 ( 668) svchost.exe
size: 20992
PID: 1752 ( 668) AESTSr64.exe
PID: 1792 ( 668) AppleMobileDeviceService.exe
PID: 1864 ( 868) nvvsvc.exe
PID: 1996 ( 668) mDNSResponder.exe
PID: 2020 ( 668) cronsvc.exe
PID: 1068 ( 668) EngineServer.exe
PID: 1212 ( 668) LSSrvc.exe
PID: 1700 ( 668) lxcqcoms.exe
size: 537520
PID: 360 ( 668) McSACore.exe
PID: 2072 ( 668) McShield.exe
PID: 2156 ( 668) MpfSrv.exe
PID: 2524 ( 668) myAgtSvc.exe
PID: 2616 ( 668) RichVideo.exe
PID: 2676 ( 668) svchost.exe
size: 20992
PID: 2780 ( 668) TVCapSvc.exe
PID: 2896 ( 668) SDWinSec.exe
size: 1153368
MD5: 794D4B48DFB6E999537C7C3947863463
PID: 2436 ( 804) unsecapp.exe
PID: 3140 ( 804) WmiPrvSE.exe
PID: 3980 ( 668) svchost.exe
size: 20992
PID: 3380 (1012) WUDFHost.exe
PID: 4040 ( 668) C:\Windows\System32\taskhost.exe
PID: 3700 (1012) C:\Windows\System32\dwm.exe
PID: 1956 (3240) C:\Windows\explorer.exe
size: 2870272
MD5: 9AAAEC8DAC27AA17B053E6352AD233AE
PID: 4216 ( 668) svchost.exe
size: 20992
PID: 4400 (1956) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
size: 2096424
MD5: 26D207379AF9B717538D1F7E2D9A58CB
PID: 4436 (1956) C:\Program Files\IDT\WDM\sttray64.exe
size: 450048
MD5: 7A2C26459B599A2D6D5401F73ACA1981
PID: 4476 (1956) C:\Program Files\Java\jre6\bin\jusched.exe
size: 171520
MD5: A0DD3037E2DC702A7BED6C3CC2DB8FA6
PID: 4492 (1956) C:\Windows\WindowsMobile\wmdc.exe
size: 660360
MD5: 233A10D4B3F6897899112E4EC60F1906
PID: 4540 ( 668) svchost.exe
size: 20992
PID: 4676 (4400) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
size: 121128
MD5: 1BE8B67DB72BB7F650D9092E9BA6196E
PID: 4924 (4744) C:\Program Files\DigitalPersona\Bin\DpAgent.exe
size: 163392
MD5: 4ACF5383E778D14C7ECB60534AE7358D
PID: 4180 ( 668) hpqWmiEx.exe
PID: 4816 ( 668) Com4QLBEx.exe
PID: 4868 ( 668) SearchIndexer.exe
size: 428032
PID: 1644 ( 668) iPodService.exe
PID: 4344 ( 668) HPHC_Service.exe
PID: 4988 ( 668) wmpnetwk.exe
PID: 3648 ( 980) audiodg.exe
PID: 4960 (4868) C:\Windows\System32\SearchProtocolHost.exe
size: 164352
MD5: 89ED7C028A487340B7D93D5A38FDCB54
PID: 4468 (4868) C:\Windows\System32\SearchFilterHost.exe
size: 86528
MD5: 8A674F9AB20B4937357BF6F5A0938EBF
--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 4/4/2011 12:22:22 PM
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
http://www.yahoo.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
C:\Windows\SysWOW64\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
http://go.microsoft.com/fwlink/?LinkId=69157
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
http://go.microsoft.com/fwlink/?LinkId=54896
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
--- Winsock Layered Service Provider list ---
Protocol 0: MSAFD Tcpip [TCP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 1: MSAFD Tcpip [UDP/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 2: MSAFD Tcpip [RAW/IP]
GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IP protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 3: MSAFD Tcpip [TCP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 4: MSAFD Tcpip [UDP/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 5: MSAFD Tcpip [RAW/IPv6]
GUID: {F9EAB0C0-26D4-11D0-BBBF-00AA006C34E4}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP IPv6 protocol
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: MSAFD Tcpip
Protocol 6: RSVP TCPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 7: RSVP TCP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 8: RSVP UDPv6 Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Protocol 9: RSVP UDP Service Provider
GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}
Filename: %SystemRoot%\system32\mswsock.dll
Description: Microsoft Windows NT/2k/XP RVSP
DB filename: %SystemRoot%\system32\rsvpsp.dll
DB protocol: RSVP * Service Provider
Namespace Provider 0: Network Location Awareness Legacy (NLAv1) Namespace
GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}
Filename:
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: NLA-Namespace
Namespace Provider 1: Tcpip
GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}
Filename:
Description: Microsoft Windows NT/2k/XP TCP/IP name space provider
DB filename: %SystemRoot%\system32\mswsock.dll
DB protocol: TCP/IP
Namespace Provider 2: NTDS
GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}
Filename: %SystemRoot%\System32\winrnr.dll
Description: Microsoft Windows NT/2k/XP name space provider
DB filename: %SystemRoot%\system32\winrnr.dll
DB protocol: NTDS
Namespace Provider 3: E-mail Naming Shim Provider
GUID: {964ACBA2-B2BC-40EB-8C6A-A6DB40161CAE}
Filename:
Namespace Provider 4: PNRP Cloud Namespace Provider
GUID: {03FE89CE-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 5: PNRP Name Namespace Provider
GUID: {03FE89CD-766D-4976-B9C1-BB9BC42C7B4D}
Filename:
Namespace Provider 6: mdnsNSP
GUID: {B600E6E9-553B-4A19-8696-335E5C896153}
Filename: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Description: Apple Rendezvous protocol
DB filename: %ProgramFiles%\Rendezvous\bin\mdnsNSP.dll
DB protocol: mdnsNSP
Hi,
Please run ComboFix with the following CFScript.txt contents:
Registry::
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"enablehttp1_1"=-
Ok I copied your latest coding and created CFScript.txt and saved the file to my desktop them dragged this .txt file into the ComboFix Shortcut icon on my desktop.... this ran ComboFix.. The log info from this scan is pasted below....
ComboFix 11-03-30.03 - John 04/05/2011 11:46:10.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.2186 [GMT -4:00]
Running from: c:\users\John\Downloads\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-05 to 2011-04-05 )))))))))))))))))))))))))))))))
.
.
2011-04-05 15:52 . 2011-04-05 15:52 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-04-05 15:52 . 2011-04-05 15:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-05 15:52 . 2011-04-05 15:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-02 18:27 . 2011-04-02 18:28 -------- d-----w- c:\program files\TDSSkiller
2011-04-01 16:45 . 2011-04-01 16:45 -------- d-----w- c:\program files (x86)\ESET
2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
2011-03-28 18:41 . 2011-04-01 16:28 -------- d-----w- c:\users\John\AppData\Local\Adobe
2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-03-14 04:20 . 2011-04-05 15:42 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-31_18.46.36 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-04 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-04 16:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-31 18:45 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-04 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-15 09:17 . 2011-04-04 15:57 55020 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-04 15:57 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-10 19:21 . 2011-04-04 15:57 16882 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413551326-45703177-197955308-1000_UserData.bin
- 2009-11-02 08:28 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-02 08:28 . 2011-04-05 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-02 08:28 . 2011-04-05 15:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-11-02 08:28 . 2011-03-25 14:48 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-25 14:48 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-10 16:49 . 2010-11-10 16:49 73624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\wow_helper.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-04 15:55 . 2011-04-04 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-04 15:55 . 2011-04-04 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-03-31 18:45 . 2011-03-31 18:45 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-12-14 01:16 . 2011-04-05 15:09 359284 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2010-11-10 16:49 . 2010-11-10 16:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
- 2009-07-14 05:01 . 2011-03-31 18:44 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-04 15:54 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-11-10 20:54 . 2010-11-10 20:54 2307584 c:\windows\Installer\41a3e3f.msi
+ 2010-11-10 16:49 . 2010-11-10 16:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 16:49 . 2010-11-10 16:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 16:49 . 2010-11-10 16:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2009-07-14 02:34 . 2011-04-05 15:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
- 2009-07-14 02:34 . 2011-03-31 15:50 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-12 01:55 . 2011-04-04 15:54 11862031 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\41a3e40.msp
+ 2010-11-10 16:49 . 2010-11-10 16:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
S2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
S2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
S3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - Lavasoft Kernexplorer
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
2011-04-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-05 11:55:34
ComboFix-quarantined-files.txt 2011-04-05 15:55
ComboFix2.txt 2011-04-01 16:14
ComboFix3.txt 2011-03-31 19:01
.
Pre-Run: 167,525,707,776 bytes free
Post-Run: 167,339,229,184 bytes free
.
- - End Of File - - A35C08B410ACA9ED19E1A27A8E9DAD52
I did another three Spybot searches rebooting each time.. It found Click.GiftLoad (along with a few others) each time. This thing just wont budge.. Any other suggestions?
Hi,
Please try to run ComboFix with the same cfscript.txt script in safe mode. Is it always that same HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\enablehttp1_1 entry?
Ok I ran cfscript.txt in Safe Mode by dragging it into the ComboFix icon... A message said ComboFix had expired but I ran it anway... I'll paste the log file below... After this I restarted the computer and entered Safe Mode again where I ran SpyBot. Click.GiftLoad was not found (some others were)... I fixed what was found, rebooted and ran SpyBot in nowmal Windows this time -- and it once again found click.GiftLoad -- so it's still on the computer, ComboFix wasn't able to delete it in Safe Mode..
ComboFix 11-03-30.03 - John 04/06/2011 23:08:31.4.8 - x64 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4087.3456 [GMT -4:00]
Running from: c:\users\John\Downloads\ComboFix.exe
Command switches used :: c:\users\John\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: McAfee® Total Protection™ Service *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
FW: McAfee® Total Protection™ Service *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: McAfee® Total Protection™ Service *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-03-07 to 2011-04-07 )))))))))))))))))))))))))))))))
.
.
2011-04-07 03:10 . 2011-04-07 03:10 -------- d-----w- c:\users\McAfeeMVSUser\AppData\Local\temp
2011-04-07 03:10 . 2011-04-07 03:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-04-07 03:10 . 2011-04-07 03:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-04-02 18:27 . 2011-04-02 18:28 -------- d-----w- c:\program files\TDSSkiller
2011-04-01 16:45 . 2011-04-01 16:45 -------- d-----w- c:\program files (x86)\ESET
2011-03-31 03:06 . 2011-03-31 03:06 -------- d-----w- c:\users\John\AppData\Local\Apple
2011-03-28 18:41 . 2011-04-01 16:28 -------- d-----w- c:\users\John\AppData\Local\Adobe
2011-03-27 17:57 . 2011-03-27 17:58 -------- d-----w- c:\programdata\WinZip
2011-03-25 16:49 . 2011-03-24 08:03 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-25 05:15 . 2011-03-25 05:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2011-03-25 05:14 . 2011-02-03 01:40 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-03-25 05:03 . 2011-03-24 08:03 69376 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-03-25 05:01 . 2011-03-25 05:01 -------- dc-h--w- c:\programdata\{6A27DD32-7047-49DB-A679-BD2BD6B0BBD1}
2011-03-25 05:01 . 2011-03-25 05:01 -------- d-----w- c:\program files (x86)\Lavasoft
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-23 18:47 . 2011-03-18 17:53 16856 ----a-w- c:\program files (x86)\Mozilla Firefox\plugin-container.exe
2011-03-23 18:47 . 2011-03-18 17:53 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-23 18:47 . 2011-03-18 17:53 1874904 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-23 18:47 . 2011-03-18 17:53 719832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozcpp19.dll
2011-03-23 18:47 . 2011-03-18 17:53 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-23 18:47 . 2011-03-18 17:53 728024 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-23 18:47 . 2011-03-18 17:53 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-23 18:47 . 2011-03-18 17:53 1893336 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-23 18:47 . 2011-03-18 17:53 1975768 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-23 17:39 . 2011-03-23 17:47 -------- d-----w- c:\users\John\AppData\Roaming\TheSage
2011-03-23 15:30 . 2011-03-23 15:30 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-03-23 15:06 . 2011-03-23 15:06 -------- d-----w- c:\program files (x86)\Owely
2011-03-23 14:52 . 2011-03-23 14:58 -------- d-----w- c:\users\John\AppData\Roaming\avidemux
2011-03-23 14:52 . 2011-03-23 14:52 -------- d-----w- c:\program files (x86)\Avidemux 2.5
2011-03-14 04:20 . 2011-04-07 03:00 29 ----a-w- c:\windows\SysWow64\TempWmicBatchFile.bat
2011-03-14 04:17 . 2011-03-14 04:20 -------- d-----w- C:\Prey
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Pure Motion
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\Sonic Foundry
2011-03-14 02:33 . 2011-03-14 02:33 -------- d-----w- c:\program files (x86)\DebugMode
2011-03-10 06:18 . 2010-12-23 06:07 961024 ----a-w- c:\windows\system32\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:07 723968 ----a-w- c:\windows\system32\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-03-10 06:18 . 2010-12-23 05:28 642048 ----a-w- c:\windows\SysWow64\CPFilters.dll
2011-03-10 06:18 . 2010-12-23 06:02 259072 ----a-w- c:\windows\system32\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:24 199680 ----a-w- c:\windows\SysWow64\mpg2splt.ax
2011-03-10 06:18 . 2010-12-23 05:28 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2011-03-10 06:18 . 2010-12-23 06:07 1118720 ----a-w- c:\windows\system32\sbe.dll
2011-03-10 06:16 . 2010-12-18 05:26 1034240 ----a-w- c:\windows\SysWow64\mstsc.exe
2011-03-10 06:16 . 2010-12-18 06:08 1097216 ----a-w- c:\windows\system32\mstsc.exe
2011-03-10 06:16 . 2010-12-18 05:30 2690560 ----a-w- c:\windows\SysWow64\mstscax.dll
2011-03-10 06:16 . 2010-12-18 06:12 3138048 ----a-w- c:\windows\system32\mstscax.dll
2011-03-10 03:55 . 2011-03-10 03:55 -------- d-----w- c:\program files\iPod
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files\iTunes
2011-03-10 03:55 . 2011-03-10 03:56 -------- d-----w- c:\program files (x86)\iTunes
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-14 16:16 . 2010-01-29 15:44 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2011-03-14 16:15 . 2010-02-15 06:07 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2011-03-14 16:14 . 2010-11-13 05:34 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2011-03-14 16:13 . 2009-12-26 00:19 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-03-11 16:47 . 2009-12-13 01:23 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2011-03-11 16:37 . 2009-12-13 01:23 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2011-03-11 16:36 . 2010-10-12 17:40 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-01-08 03:21 . 2011-01-08 03:21 4277016 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-3\markup.dll
2011-01-08 03:21 . 2009-12-13 01:23 539968 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-01-07 08:06 . 2011-02-09 16:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-01-07 07:27 . 2011-02-09 16:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-01-07 05:49 . 2011-02-09 16:34 366080 ----a-w- c:\windows\system32\atmfd.dll
2011-01-07 05:33 . 2011-02-09 16:34 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-04-05_15.53.41 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-04-04 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-04-05 16:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-04-04 16:03 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 16:28 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 16:28 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-04 16:03 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-15 09:17 . 2011-04-05 16:31 55068 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2009-07-14 05:10 . 2011-04-04 15:57 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-04-05 16:31 56596 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2009-12-10 19:21 . 2011-04-05 16:23 16898 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2413551326-45703177-197955308-1000_UserData.bin
+ 2009-11-02 08:28 . 2011-04-05 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-02 08:28 . 2011-04-05 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-02 08:28 . 2011-04-05 15:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-11-02 08:28 . 2011-04-05 16:26 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-04-05 16:26 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-04-05 15:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-07 03:02 . 2011-04-07 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-04-04 15:55 . 2011-04-04 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-04-07 03:02 . 2011-04-07 03:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-04 15:55 . 2011-04-04 15:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-12 14:11 . 2011-04-06 22:33 324526 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2009-12-14 01:16 . 2011-04-07 01:27 360036 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2011-04-04 15:54 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2011-04-07 02:58 1778716 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2011-04-05 15:03 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2011-04-06 14:52 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-12-12 01:55 . 2011-04-07 02:58 12473584 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2413551326-45703177-197955308-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"MVS Splash"="c:\program files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe" [2010-07-24 476480]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2009-12-01 842816]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/02 01:48];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-07-24 04:45 146928]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 CronService;Cron Service for Prey;c:\prey\platform\windows\cronsvc.exe [2011-02-15 19968]
R2 EngineServer;EngineServer;c:\program files (x86)\McAfee\Managed VirusScan\VScan\EngineServer.exe [2009-12-15 14144]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 135664]
R2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-03-24 1405384]
R2 lxcq_device;lxcq_device;c:\windows\system32\lxcqcoms.exe [2006-12-05 566192]
R2 McAfee SiteAdvisor Enterprise Service;McAfee SiteAdvisor Enterprise Service;c:\program files (x86)\McAfee\SiteAdvisor Enterprise\McSACore.exe [2009-12-17 222528]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2010-07-24 282824]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TVCapSvc;TV Background Capture Service (TVBCS);c:\program files (x86)\Hewlett-Packard\Media\Live TV\Kernel\TV\TVCapSvc.exe [2009-07-25 275840]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2009-07-13 1924400]
R3 AVerBDA6x_x64;AVerMedia SAA716x BDA Service;c:\windows\system32\DRIVERS\AVerBDA716x_x64.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 easytether;easytether;c:\windows\system32\DRIVERS\easytthr.sys [x]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-03-24 17152]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files (x86)\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2009-05-20 1128944]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-03-24 08:03]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
2011-04-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-22 03:20]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-15 171520]
"LXCQCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCQtime.dll" [2006-11-21 31744]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: Save Page As PDF ... - file://c:\program files (x86)\Nitro PDF\PDF Download\nitroweb.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/Nirvana/controls/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
DPF: {A553720A-BFED-4EA4-A71F-7EFCA690A1F7} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcpitstopAntiVirus.dll
FF - ProfilePath - c:\users\John\AppData\Roaming\Mozilla\Firefox\Profiles\b2bg0py3.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-RunOnce-<NO NAME> - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-04-06 23:14:35
ComboFix-quarantined-files.txt 2011-04-07 03:14
ComboFix2.txt 2011-04-05 15:55
ComboFix3.txt 2011-04-01 16:14
ComboFix4.txt 2011-03-31 19:01
.
Pre-Run: 166,519,406,592 bytes free
Post-Run: 166,285,959,168 bytes free
.
- - End Of File - - 64055EE65DE4515B1EA16F2D32312249
Hi,
Open notepad and then copy and paste the bolded lines below into it. Go to File > save as and name the file fixes.bat, change the Save as type to all files and save it to your desktop.
@ECHO OFF
SWREG QUERY "HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings" /s >Logit.txt
START Logit.txt
DEL %0
Double-click on fixes.bat file to execute it. Notepad should open up. Post back its contents, please (if log is long attach it as a file instead).
OK I did it. I turned off McAfee and Lavasoft first. Attached is the log report...
here's the attached Log file..
Ok trying again.. It's Zipped this time (it was too big to upload as a .txt file).
Hi,
Click start-> type cmd.exe to search field and press enter. In command prompt window type regedit and press enter (click yes to allow executing).
In Registry Editor navigate to HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings key on the tree and click Internet Settings. On the right side of the window you should see EnableHttp1_1. Right click it and choose delete. Close registry editor and run Spybot to check if item is found. Then reboot the system and do a recheck.
Ok great instructions.
I deleted the EnableHttp1_1 file then scanned with SpyBot... It found click.GiftLoad... I fixed it, then restarted and scanned again, it did NOT find it this time.. I've rechecked three times and scanned with Malwarebytes and Adaware.. It was not detected, SpyBot did detect a few tracking cookies (Double Click, MediaPlex and Right Media) but not click.GiftLoad..
I think you did it and it's finally gone.
Thank you for not giving up on it. I know this was a stubborn one.
I really appreciate it.
Hi,
Good to hear that worked :). Earlier attempts should had cleaned it. However, sometimes protection software like McAfee and Ad-Aware prevent registry changes unless the changes are done right in registry editor.
Anyway, if no issues left let's see the final steps then :)
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
A To disable the System Restore feature:
1. Click on the Start button.
2. Hover over the Computer option, right click on it and then click Properties.
3. On the left hand side, click Advanced Settings.
4. If asked to permit the action, click on Allow.
5. Click on the System Protection tab.
6. Select c: drive and click Configure...
7. Select Turn off protection
8. Press OK.
Repeat steps 6-8 for each hard drive.
B. Reboot.
C Turn ON System Restore.
Follow the steps like you did when disabling system restore but on step 7. select Restore system settings and previous versions of files -option.
Now lets uninstall ComboFix:
Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade :cool:
Ok I did all that. Excellent instructions.
I installed Service Pack 1 for Windows 7 along with three other Windows 64 updates.
I wasn't able to uninstall ComboFix. I Ran "Combofix / uninstall" and it tried to run the program instead of uninstall it. I tried to find it in my Revo Unistaller program and couldnt find it. I'll keep looking.
I get an error message on entrance to Windows that reads:
"There was a problem starting \3\LXCQTIME.dll the specidied module could not be found". I plan to just uninstall Quick Time, then reinstall it again later. I think that should solve that error problem.
Lastly, my MacAfee expires next week. Rather than spend $30-some to renew it I'm considering running a free anti virus program. I've heard that there are a few very good free ones that actually work better since they don't hog system resources like a few of the paid ones do.. Do you recommend getting a free one, if so which one? Or would you spend the $30-some and renew MacAfee?
Thank you for all your help. Do you have a Pay Pal donate address?
Hi,
Download and run this (http://download.bleepingcomputer.com/sUBs/CF_UNINST.EXE) to uninstall ComboFix.
Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html) and
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)
If you wish to donate you may do so here (http://www.spybot.info/en/donate/index.html) :)
OK I uninstalled ComboFix and I'm about to get Avast instead of MacAfee..
One last thing, maybe you know what this might be..
I'm still greeted with an error when I boot up. I uninstalled Quick Time and it didn't get rid of the error. I've also ran CCleaner and fix registry errors, but still get the error message on boot up..
"There was a problem starting \3\LXCQTime.dll the specified module could not be found"
Any idea what this could be? How can I get rid of this error?
Thanks!!
Hi,
Have you had Lexmark printer in use with this system?
Click start-> type services.msc to "search programs and files" textbox and press enter. Do you see any service with Lexmark mentioned in its description?
I searched, no Lexmark.. I did find lxcq_device in this path:
C:\Windows\system32\lxcqcoms.exe -service
I don't notice any problems with the machine, it's just annoying seeing an error message come up.
I don't want to bog you down with this. I can live with the error if needed.
Thanks.
I'll donate now.
I searched, no Lexmark.. I did find lxcq_device in this path:
C:\Windows\system32\lxcqcoms.exe -service
Please check that the correspondent service is set to manual start up type and stopped. See if that helps with the issue.
ok the lxcq_device was set to Automatic type.. I did change it to Manual and stopped it.. but after a few restart tests I still get the same error message on boot up.
Click start-> type cmd.exe to search field and press enter. In command prompt window type regedit and press enter (click yes to allow executing).
In Registry Editor navigate to HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run key on the tree and click Run. On the right side of the window you should see LXCQCATS. Right click it and choose delete. Close registry editor. Does the error still appear?
Nice work!
I deleted whatever that file was, rebooted and no error messag :)
Thanks a ton for all the help you provided and for sticking with this last little problem.
Hi,
That removed item was startup entry for Lexmark software. It either didn't exist anymore or was not compatible with your OS resulting to that error message.
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.