PDA

View Full Version : Can't remove Win32.downloader.gen malware!



roberts1008
2013-03-22, 00:14
Recently, I ran Spybot and it found an infection with Win32.downloader.gen malware. After finding it, Spybot tried to remove it but couldn't. Then, Spybot
asked if I wanted to allow Spybot to run again when the computer restarts. I selected "yes" and once restarting, Spybot ran for several hours (with no other programs running) and again detected the malware. Once I selected "fix problem", it checked it off as if it was repaired. However, when I run the program again, it still finds it again and the whole sequence is repeated.

Potential source of the problem: Recently, I downloaded several audio codec files from download.cnet.com/windows/ and possibly this infected my computer.

I was running Spybot Search & Destroy version 1.6.2.46

Tashi asked me to post to this forum.

In the instructions, I was told to use ERUNT to back up my system registry.

Then, I was told to run the DDS log and below are the contents:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by JEFF at 14:10:57 on 2013-03-21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1359 [GMT -7:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ================
.
D:\Program Files\Microsoft Security Client\MsMpEng.exe
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
D:\Program Files\SearchProtect\bin\CltMngSvc.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
D:\WINDOWS\system32\EscSvc.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Dell\QuickSet\quickset.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
D:\Program Files\Epson Software\Event Manager\EEventManager.exe
D:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
D:\Program Files\Microsoft Security Client\msseces.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\Digital Line Detect\DLG.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\WINDOWS\system32\wbem\unsecapp.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Documents and Settings\JEFF\Application Data\SearchProtect\bin\cltmng.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Microsoft Office\Office12\EXCEL.EXE
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\WINDOWS\system32\SearchFilterHost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} -
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - d:\program files\epson software\e-web print\ewps_tb.dll
uRun: [SearchProtect] d:\documents and settings\jeff\application data\searchprotect\bin\cltmng.exe
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
uRunOnce: [FlashPlayerUpdate] d:\windows\system32\macromed\flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [IntelZeroConfig] "d:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "d:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ChangeTPMAuth] d:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [SunJavaUpdateSched] d:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] d:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISW] d:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "d:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [PDVDDXSrv] "d:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PowerDVD12DMREngine] "d:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "d:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [EEventManager] "d:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "d:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "d:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [USBToolTip] d:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
mRun: [SearchProtectAll] d:\program files\searchprotect\bin\cltmng.exe
mRun: [MSC] "d:\program files\microsoft security client\msseces.exe" -hide -runkey
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - d:\program files\digital line detect\DLG.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343712404168
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362982937296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{1F0D5606-B5CA-40BE-8255-0BA7B935EC63} : DHCPNameServer = 10.0.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\jeff\application data\mozilla\firefox\profiles\0em5le4q.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: d:\program files\microsoft\office live\npOLW.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2013-02-16 00:46; e-webprint@epson.com; d:\program files\epson software\e-web print\Firefox Add-on
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2012-7-31 133208]
R0 MpFilter;Microsoft Malware Protection Driver;d:\windows\system32\drivers\MpFilter.sys [2013-1-20 195296]
R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2012-7-31 11352]
R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-7-31 485808]
R1 Vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2012-7-22 526640]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/01 21:21:53];d:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-12-28 76560]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;d:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-2-1 91248]
R2 CltMngSvc;Search Protect by Conduit Updater;d:\program files\searchprotect\bin\CltMngSvc.exe [2013-2-20 93984]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-2-1 78960]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-2-1 296048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;d:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
R2 EpsonScanSvc;Epson Scanner Service;d:\windows\system32\escsvc.exe [2013-2-13 122000]
R2 ISWKL;ZoneAlarm ForceField ISWKL;d:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
R2 IswSvc;ZoneAlarm ForceField IswSvc;d:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-11 398184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-11 682344]
R2 ntk_PowerDVD12;ntk_PowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-2-1 121208]
R2 vsmon;TrueVector Internet Monitor;d:\program files\checkpoint\zonealarm\vsmon.exe -service --> d:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 icsak;icsak;d:\program files\checkpoint\zaforcefield\ak\icsak.sys [2012-7-14 36784]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-11-11 21104]
S1 SBRE;SBRE;\??\d:\windows\system32\drivers\sbredrv.sys --> d:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 MBAMSwissArmy;MBAMSwissArmy;d:\windows\system32\drivers\mbamswissarmy.sys [2013-3-18 40776]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-21 20:07:06 7108640 ----a-w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{ca5bdd50-36ec-42df-9b8b-5e77f0d96314}\mpengine.dll
2013-03-19 21:53:24 6954968 ------w- d:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-03-19 21:48:54 -------- d-----w- d:\documents and settings\jeff\application data\SearchProtect
2013-03-19 05:47:14 40776 ----a-w- d:\windows\system32\drivers\mbamswissarmy.sys
2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023x.sys
2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023.sys
2013-03-11 22:46:42 -------- d-----w- d:\documents and settings\jeff\Tracing
2013-03-11 22:44:36 -------- d-----w- d:\program files\Microsoft Office Outlook Connector
2013-03-11 22:41:46 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
2013-03-11 22:38:37 -------- d-----w- d:\program files\Microsoft
2013-03-11 22:38:05 -------- d-----w- d:\program files\Windows Live SkyDrive
2013-03-11 22:37:06 4927864 ----a-w- d:\program files\common files\windows live\.cache\f5d64f481ce1ea8\Silverlight.2.0.exe
2013-03-11 22:35:22 74520 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DSETUP.dll
2013-03-11 22:35:22 484632 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DXSETUP.exe
2013-03-11 22:35:22 1670936 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\dsetup32.dll
2013-03-11 22:35:07 1013800 ----a-w- d:\program files\common files\windows live\.cache\aeda0bac1ce1ea8\WindowsXP-KB954708-x86-ENU.exe
2013-03-11 22:01:14 -------- d-----w- d:\program files\common files\Windows Live
2013-03-10 01:32:47 222448 ----a-w- d:\windows\system32\muweb.dll
2013-03-10 01:32:45 275696 ----a-w- d:\windows\system32\mucltui.dll
2013-03-10 01:32:45 17136 ----a-w- d:\windows\system32\mucltui.dll.mui
2013-03-10 00:48:53 232336 ------w- d:\windows\system32\MpSigStub.exe
2013-03-10 00:39:51 -------- d-----w- d:\program files\Microsoft Security Client
2013-03-09 06:15:51 -------- d-----w- d:\documents and settings\jeff\.SimXpert
2013-03-09 05:43:25 -------- d-----w- d:\documents and settings\jeff\CDMData
2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\scratch
2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\Process
2013-03-09 04:53:32 -------- d-----w- D:\MSC Software
2013-03-08 23:04:40 -------- d-----w- D:\SCRATCH
2013-03-08 22:34:54 -------- d-----w- D:\MSC.Software
2013-03-08 06:18:00 80090 ----a-w- d:\documents and settings\jeff\application data\SMBIOSSP.exe
2013-03-07 02:38:09 -------- d-----w- d:\program files\common files\Gretech Corporation
2013-03-07 02:38:08 -------- d-----w- d:\documents and settings\all users\application data\GRETECH
2013-03-07 02:35:32 -------- d-----w- d:\program files\GRETECH
2013-03-07 01:16:36 -------- d-----w- d:\program files\Conduit
2013-03-07 01:16:07 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Conduit
2013-03-07 01:16:06 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Temp
2013-03-07 01:15:23 -------- d-----w- d:\program files\SearchProtect
2013-03-04 17:15:23 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Pinnacle
2013-03-04 04:48:11 171520 ----a-w- d:\windows\system32\drivers\MarvinBus.sys
2013-03-04 04:47:54 -------- d-----w- d:\program files\common files\Pinnacle
2013-03-04 04:46:31 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio HD
2013-03-04 04:37:15 -------- d-----w- d:\program files\common files\Pegasus Imaging
2013-03-04 04:37:12 -------- d-----w- d:\program files\common files\Yahoo!
2013-03-04 04:37:11 -------- d-----w- d:\program files\Pinnacle
2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Studio 14
2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio Plus
2013-03-03 23:06:32 -------- d-----w- d:\documents and settings\all users\CyberLink
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2013-03-03 22:41:46 447479568 ----a-w- d:\program files\CL.2418_GM4_Trial_VDE121106-02.exe
2013-02-27 05:35:55 -------- d-----w- d:\windows\system32\NtmsData
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- d:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- d:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- d:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- d:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- d:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- d:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
2013-01-25 16:48:32 3915776 ----a-w- d:\windows\system32\ffmpeg.dll
2013-01-25 16:47:32 112640 ----a-w- d:\windows\system32\ff_vfw.dll
2013-01-25 16:47:18 3500544 ----a-w- d:\windows\system32\ffdshow.ax
2013-01-25 16:46:18 271360 ----a-w- d:\windows\system32\TomsMoComp_ff.dll
2013-01-25 16:46:16 99840 ----a-w- d:\windows\system32\ff_wmv9.dll
2013-01-25 16:46:16 157184 ----a-w- d:\windows\system32\ff_unrar.dll
2013-01-25 16:46:12 211968 ----a-w- d:\windows\system32\ff_libdts.dll
2013-01-25 16:46:12 147456 ----a-w- d:\windows\system32\ff_libmad.dll
2013-01-25 16:46:08 1525760 ----a-w- d:\windows\system32\ff_samplerate.dll
2013-01-25 16:46:08 114688 ----a-w- d:\windows\system32\ff_liba52.dll
2013-01-25 16:00:40 420008 ----a-w- d:\windows\system32\LAVSplitter.ax
2013-01-25 16:00:40 384472 ----a-w- d:\windows\system32\swscale-lav-2.dll
2013-01-25 16:00:40 279208 ----a-w- d:\windows\system32\IntelQuickSyncDecoder.dll
2013-01-25 16:00:40 247920 ----a-w- d:\windows\system32\avutil-lav-52.dll
2013-01-25 16:00:40 243880 ----a-w- d:\windows\system32\LAVAudio.ax
2013-01-25 16:00:40 183976 ----a-w- d:\windows\system32\libbluray.dll
2013-01-25 16:00:40 165160 ----a-w- d:\windows\system32\avresample-lav-1.dll
2013-01-25 16:00:40 1186984 ----a-w- d:\windows\system32\LAVVideo.ax
2013-01-25 16:00:38 7833552 ----a-w- d:\windows\system32\avcodec-lav-54.dll
2013-01-25 16:00:38 169888 ----a-w- d:\windows\system32\avfilter-lav-3.dll
2013-01-25 16:00:38 1257464 ----a-w- d:\windows\system32\avformat-lav-54.dll
2013-01-20 23:59:04 195296 ----a-w- d:\windows\system32\drivers\MpFilter.sys
2013-01-07 01:19:45 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- d:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- d:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- d:\windows\system32\quartz.dll
.
============= FINISH: 14:13:55.23 ===============

Here is the log from the aswMBR scan:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-21 14:33:17
-----------------------------
14:33:17.328 OS Version: Windows 5.1.2600 Service Pack 3
14:33:17.328 Number of processors: 2 586 0x1706
14:33:17.328 ComputerName: OSCAR2 UserName: JEFF
14:33:27.484 Initialize success
14:58:45.187 AVAST engine defs: 13032102
15:01:56.812 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
15:01:56.812 Disk 0 Vendor: WDC_WD7500BPVT-22HXZT1 01.01A01 Size: 715404MB BusType: 3
15:01:56.984 Disk 0 MBR read successfully
15:01:56.984 Disk 0 MBR scan
15:01:57.046 Disk 0 Windows XP default MBR code
15:01:57.046 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
15:01:57.093 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 114416 MB offset 208845
15:01:57.109 Disk 0 Partition - 00 0F Extended LBA 515405 MB offset 409593240
15:01:57.125 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 199996 MB offset 409593303
15:01:57.140 Disk 0 Partition - 00 05 Extended 315408 MB offset 819186480
15:01:57.156 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 315408 MB offset 819186543
15:01:57.156 Disk 0 scanning sectors +1465144065
15:01:57.218 Disk 0 scanning D:\WINDOWS\system32\drivers
15:02:18.640 Service scanning
15:02:38.421 Service MpKsl5be7457a D:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{CA5BDD50-36EC-42DF-9B8B-5E77F0D96314}\MpKsl5be7457a.sys **LOCKED** 32
15:03:01.500 Modules scanning
15:03:14.062 Disk 0 trace - called modules:
15:03:14.078 ntkrnlpa.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
15:03:14.078 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ac35820]
15:03:14.093 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8acd8d98]
15:03:15.328 AVAST engine scan D:\WINDOWS
15:03:28.265 AVAST engine scan D:\WINDOWS\system32
15:08:01.468 AVAST engine scan D:\WINDOWS\system32\drivers
15:08:27.984 AVAST engine scan D:\Documents and Settings\JEFF
15:12:48.953 Disk 0 MBR has been saved successfully to "D:\Documents and Settings\JEFF\My Documents\MBR.dat"
15:12:48.953 The log file has been saved successfully to "D:\Documents and Settings\JEFF\My Documents\aswMBR.txt"

shelf life
2013-03-28, 01:19
hi roberts1008,

Your post is a few days old. If you still need some help simply reply back.

roberts1008
2013-03-28, 23:27
Hello "shelf life",

Yes, I realize that it's a few days old. But, I do still need help. I was told that you guys are volunteers, so it takes longer than normal.

If you could, please assist. :thanks:

shelf life
2013-03-29, 01:09
Hi,

Ok we will do two things: First look in your add/remove programs panel and unninstall if present, the two items below. After both uninstalls are done reboot your machine.

Search Protect by conduit
MarketResearch

Next:

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) to your desktop.
Double click on AdwCleaner.exe, select OK, then Run
Click on Search
A logfile will automatically open after the scan has finished
Copy and paste the contents of the log file in your reply
You can also find the logfile at C:\AdwCleaner[R1].txt as well
Exit AdwCleaner with the X (close) button. click ok at the final prompt.

On a side note it looks like you have two AV running. Both MS Security Essentials and ZA Antivirus. Only need one active AV per machine. I would remove one of them via the add/remove programs panel then reboot.

roberts1008
2013-03-29, 08:21
Thanks, "shelf life"!

MarketResearch was not listed.
However, Search Protect by conduit was listed. So, I deleted it.

Regarding the Microsoft Security Essentials, I had added it because I was told it could remove the malware, but obviously it hasn't, so I'll remove it.

:thanks:

Below are the results of AdwCleaner:

# AdwCleaner v2.115 - Logfile created 03/28/2013 at 23:14:40
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JEFF - OSCAR2
# Boot Mode : Normal
# Running from : D:\Documents and Settings\JEFF\My Documents\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : D:\END
Folder Found : D:\DOCUME~1\JEFF\LOCALS~1\Temp\AskSearch
Folder Found : D:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Found : D:\Documents and Settings\JEFF\Application Data\adawaretb
Folder Found : D:\Documents and Settings\JEFF\Application Data\Claro LTD
Folder Found : D:\Documents and Settings\JEFF\Local Settings\Application Data\Conduit
Folder Found : D:\Program Files\Conduit
Folder Found : D:\Program Files\Playbryte

***** [Registry] *****

Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\SmartBar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\Playbryte
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.claro-search.com/?affID=117226&tt=4412_4&babsrc=NT_ss&mntrId=408acf2d000000000000001f3b016bd9

-\\ Mozilla Firefox v19.0.2 (en-US)

File : D:\Documents and Settings\JEFF\Application Data\Mozilla\Firefox\Profiles\0em5le4q.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : D:\Documents and Settings\JEFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3921 octets] - [28/03/2013 23:14:40]

########## EOF - D:\AdwCleaner[R1].txt - [3981 octets] ##########

shelf life
2013-03-29, 15:29
hi,

Ok good. Run Adwcleaner again by clicking the search button. Close the log file that pops up since you already posted that then click on the delete button. Your machine will reboot and after it restarts a new log file will come up with all the deletions, copy post the new log file in your reply.

Also after the above rescan with DDS like you did before and post its log also:

Download to your desktop DDS from one of the links below:

Link (http://download.bleepingcomputer.com/sUBs/dds.scr)

Double click the tool to run it.
If a black Screen opens, just read the contents and do nothing.
When the tool finishes, it will open 2 reports, DDS.txt and attach.txt
Copy/Paste the contents of 'DDS.txt' into your post. Please do not use code wrap.
'attach.txt' should be zipped using Windows native zip utility and attached to your post. Compress and uncompress files (zip files)

roberts1008
2013-03-29, 21:32
Hey 'shelf life',

After running AdwCleaner, it posted the following message:
--------
If you have been brought to use AdwCleaner, it’s probably because your PC contained potentially unwanted programs or adware
Potentially unwanted programs are often proposed during the installation of software. They may be present form of toolbars that sometimes change the home page of the browser and slow internet browsing
To avoid the installation of these programs polluting the computer, it is essential to follow these tips:
- Always download a program from the official link, or a trusted site
- When installing a program, do not click too fast [Next] without paying attention to Terms of Use and third-party programs available
- If third-party programs are available (toolbars, etc..), uncheck all checkboxes about him
- Enable detection of PUPs in your antivirus
You can also install Host Anti-PUP/Adware from AdwCleaner by clicking “?” and then “Download Hosts Anti-PUP/Adware”
---------------

What is a PUP? I currently am using ZoneAlarm Extreme Security, Malwarebytes Anti-Malware and Spybot Search and Destroy. Should I add any other protection? :thanks:

Here is the AdwCleaner log file:
----------------

# AdwCleaner v2.115 - Logfile created 03/29/2013 at 12:04:00
# Updated 17/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : JEFF - OSCAR2
# Boot Mode : Normal
# Running from : D:\Documents and Settings\JEFF\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : D:\END
Folder Deleted : D:\DOCUME~1\JEFF\LOCALS~1\Temp\AskSearch
Folder Deleted : D:\Documents and Settings\All Users\Application Data\blekko toolbars
Folder Deleted : D:\Documents and Settings\JEFF\Application Data\adawaretb
Folder Deleted : D:\Documents and Settings\JEFF\Application Data\Claro LTD
Folder Deleted : D:\Documents and Settings\JEFF\Local Settings\Application Data\Conduit
Folder Deleted : D:\Program Files\Conduit
Folder Deleted : D:\Program Files\Playbryte

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxSHDocVw.AxWebBrowser
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6823F25B-4D75-38A1-A163-7C696B45701F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97C47A30-3CFB-474B-94E3-6019A7EE0610}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\claro
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Playbryte
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://www.claro-search.com/?affID=117226&tt=4412_4&babsrc=NT_ss&mntrId=408acf2d000000000000001f3b016bd9 --> hxxp://www.google.com

-\\ Mozilla Firefox v19.0.2 (en-US)

File : D:\Documents and Settings\JEFF\Application Data\Mozilla\Firefox\Profiles\0em5le4q.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : D:\Documents and Settings\JEFF\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4050 octets] - [28/03/2013 23:14:40]
AdwCleaner[R2].txt - [4069 octets] - [29/03/2013 12:03:22]
AdwCleaner[S1].txt - [4119 octets] - [29/03/2013 12:04:00]

########## EOF - D:\AdwCleaner[S1].txt - [4179 octets] ##########

--------------

And, here is the DDS log file:

--------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by JEFF at 12:18:35 on 2013-03-29
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.1663 [GMT -7:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Extreme Security Firewall *Enabled*
.
============== Running Processes ================
.
D:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\System32\SCardSvr.exe
D:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMP\CLHNServer\CLHNServiceForPowerDVD12.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
D:\WINDOWS\system32\EscSvc.exe
D:\Program Files\Intel\Wireless\Bin\EvtEng.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
D:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
D:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
D:\Program Files\CyberLink\Shared Files\RichVideo.exe
D:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\WINDOWS\system32\SearchIndexer.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
D:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\stsystra.exe
D:\Program Files\Dell\QuickSet\quickset.exe
D:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
D:\Program Files\Synaptics\SynTP\SynTPEnh.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
D:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
D:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Epson Software\Event Manager\EEventManager.exe
D:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
D:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
D:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
D:\Program Files\Digital Line Detect\DLG.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Windows Desktop Search\WindowsSearch.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
D:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Mozilla Firefox\plugin-container.exe
D:\WINDOWS\system32\SearchProtocolHost.exe
D:\WINDOWS\system32\SearchFilterHost.exe
D:\WINDOWS\system32\wbem\wmiprvse.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\WINDOWS\system32\svchost.exe -k NetworkService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k LocalService
D:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - d:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - d:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - d:\program files\epson software\e-web print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - d:\program files\epson software\e-web print\ewps_tb.dll
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "d:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [IntelZeroConfig] "d:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "d:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvCplDaemon] RUNDLL32.EXE d:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RUNDLL32.EXE d:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [ChangeTPMAuth] d:\program files\wave systems corp\common\ChangeTPMAuth.exe /T:NTRU12
mRun: [SunJavaUpdateSched] d:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [Dell QuickSet] d:\program files\dell\quickset\quickset.exe
mRun: [SynTPEnh] d:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ISW] d:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"
mRun: [ZoneAlarm] "d:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [APSDaemon] "d:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Aware Browsing Protection] "d:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [PDVDDXSrv] "d:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HP Software Update] d:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe ARM] "d:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [PowerDVD12DMREngine] "d:\program files\cyberlink\powerdvd12\kernel\dmr\PowerDVD12DMREngine.exe"
mRun: [PowerDVD12Agent] "d:\program files\cyberlink\powerdvd12\PowerDVD12Agent.exe"
mRun: [EEventManager] "d:\program files\epson software\event manager\EEventManager.exe"
mRun: [FUFAXRCV] "d:\program files\epson software\fax utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "d:\program files\epson software\fax utility\FUFAXSTM.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [USBToolTip] d:\progra~1\pinnacle\shared~1\programs\usbtip\USBTip.exe
dRun: [DWQueuedReporting] "d:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - d:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - d:\program files\digital line detect\DLG.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - d:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - d:\program files\windows desktop search\WindowsSearch.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
IE: E&xport to Microsoft Excel - d:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - d:\program files\java\jre1.5.0_06\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1343712404168
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1362982937296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
TCP: NameServer = 10.0.0.1
TCP: Interfaces\{1F0D5606-B5CA-40BE-8255-0BA7B935EC63} : DHCPNameServer = 10.0.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - d:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\documents and settings\jeff\application data\mozilla\firefox\profiles\0em5le4q.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - plugin: d:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: d:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: d:\program files\microsoft\office live\npOLW.dll
FF - plugin: d:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - ExtSQL: 2013-02-16 00:46; e-webprint@epson.com; d:\program files\epson software\e-web print\Firefox Add-on
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;d:\windows\system32\drivers\kl1.sys [2012-7-31 133208]
R1 kl2;kl2;d:\windows\system32\drivers\kl2.sys [2012-7-31 11352]
R1 KLIF;Kaspersky Lab Driver;d:\windows\system32\drivers\klif.sys [2012-7-31 485808]
R1 Vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2012-7-22 526640]
R2 {73526619-C24F-470B-9BED-53D455FBB5C6};Power Control [2013/02/01 21:21:53];d:\program files\cyberlink\powerdvd12\common\navfilter\000.fcl [2012-12-28 76560]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;d:\program files\broadcom\asfipmon\AsfIpMon.exe [2007-6-20 79168]
R2 CLHNServiceForPowerDVD12;CLHNServiceForPowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\CLHNServiceForPowerDVD12.exe [2013-2-1 91248]
R2 CyberLink PowerDVD 12 Media Server Monitor Service;CyberLink PowerDVD 12 Media Server Monitor Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSMonitorServicePDVD12.exe [2013-2-1 78960]
R2 CyberLink PowerDVD 12 Media Server Service;CyberLink PowerDVD 12 Media Server Service;d:\program files\cyberlink\powerdvd12\kernel\dms\CLMSServerPDVD12.exe [2013-2-1 296048]
R2 EpsonCustomerParticipation;EpsonCustomerParticipation;d:\program files\epson\epsoncustomerparticipation\EPCP.exe [2012-5-10 539744]
R2 EpsonScanSvc;Epson Scanner Service;d:\windows\system32\escsvc.exe [2013-2-13 122000]
R2 ISWKL;ZoneAlarm ForceField ISWKL;d:\program files\checkpoint\zaforcefield\ISWKL.sys [2012-7-14 27056]
R2 IswSvc;ZoneAlarm ForceField IswSvc;d:\program files\checkpoint\zaforcefield\ISWSVC.exe [2012-7-14 497320]
R2 MBAMScheduler;MBAMScheduler;d:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-11 398184]
R2 MBAMService;MBAMService;d:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-11 682344]
R2 ntk_PowerDVD12;ntk_PowerDVD12;d:\program files\cyberlink\powerdvd12\kernel\dmp\clhnserver\ntk_PowerDVD12.sys [2013-2-1 121208]
R2 vsmon;TrueVector Internet Monitor;d:\program files\checkpoint\zonealarm\vsmon.exe -service --> d:\program files\checkpoint\zonealarm\vsmon.exe -service [?]
R3 icsak;icsak;d:\program files\checkpoint\zaforcefield\ak\icsak.sys [2012-7-14 36784]
R3 MBAMProtector;MBAMProtector;d:\windows\system32\drivers\mbam.sys [2012-11-11 21104]
S1 SBRE;SBRE;\??\d:\windows\system32\drivers\sbredrv.sys --> d:\windows\system32\drivers\SBREdrv.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WinRM;Windows Remote Management (WS-Management);d:\windows\system32\svchost.exe -k WINRM [2004-8-4 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;d:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2013-03-22 17:33:40 -------- d-----w- d:\program files\Citrix
2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023x.sys
2013-03-12 20:25:33 12928 -c----w- d:\windows\system32\dllcache\usb8023.sys
2013-03-11 22:46:42 -------- d-----w- d:\documents and settings\jeff\Tracing
2013-03-11 22:44:36 -------- d-----w- d:\program files\Microsoft Office Outlook Connector
2013-03-11 22:41:46 3426072 ----a-w- d:\windows\system32\d3dx9_32.dll
2013-03-11 22:38:37 -------- d-----w- d:\program files\Microsoft
2013-03-11 22:38:05 -------- d-----w- d:\program files\Windows Live SkyDrive
2013-03-11 22:37:06 4927864 ----a-w- d:\program files\common files\windows live\.cache\f5d64f481ce1ea8\Silverlight.2.0.exe
2013-03-11 22:35:22 74520 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DSETUP.dll
2013-03-11 22:35:22 484632 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\DXSETUP.exe
2013-03-11 22:35:22 1670936 ----a-w- d:\program files\common files\windows live\.cache\b77508841ce1ea8\dsetup32.dll
2013-03-11 22:35:07 1013800 ----a-w- d:\program files\common files\windows live\.cache\aeda0bac1ce1ea8\WindowsXP-KB954708-x86-ENU.exe
2013-03-11 22:01:14 -------- d-----w- d:\program files\common files\Windows Live
2013-03-10 01:32:47 222448 ----a-w- d:\windows\system32\muweb.dll
2013-03-10 01:32:45 275696 ----a-w- d:\windows\system32\mucltui.dll
2013-03-10 01:32:45 17136 ----a-w- d:\windows\system32\mucltui.dll.mui
2013-03-10 00:48:53 232336 ------w- d:\windows\system32\MpSigStub.exe
2013-03-09 06:15:51 -------- d-----w- d:\documents and settings\jeff\.SimXpert
2013-03-09 05:43:25 -------- d-----w- d:\documents and settings\jeff\CDMData
2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\scratch
2013-03-09 05:38:47 -------- d-----w- d:\documents and settings\jeff\Process
2013-03-09 04:53:32 -------- d-----w- D:\MSC Software
2013-03-08 23:04:40 -------- d-----w- D:\SCRATCH
2013-03-08 22:34:54 -------- d-----w- D:\MSC.Software
2013-03-08 06:18:00 80090 ----a-w- d:\documents and settings\jeff\application data\SMBIOSSP.exe
2013-03-07 02:38:09 -------- d-----w- d:\program files\common files\Gretech Corporation
2013-03-07 02:38:08 -------- d-----w- d:\documents and settings\all users\application data\GRETECH
2013-03-07 02:35:32 -------- d-----w- d:\program files\GRETECH
2013-03-07 01:16:06 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Temp
2013-03-04 17:15:23 -------- d-----w- d:\documents and settings\jeff\local settings\application data\Pinnacle
2013-03-04 04:48:11 171520 ----a-w- d:\windows\system32\drivers\MarvinBus.sys
2013-03-04 04:47:54 -------- d-----w- d:\program files\common files\Pinnacle
2013-03-04 04:46:31 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio HD
2013-03-04 04:37:15 -------- d-----w- d:\program files\common files\Pegasus Imaging
2013-03-04 04:37:12 -------- d-----w- d:\program files\common files\Yahoo!
2013-03-04 04:37:11 -------- d-----w- d:\program files\Pinnacle
2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Studio 14
2013-03-04 04:37:11 -------- d-----w- d:\documents and settings\all users\application data\Pinnacle Studio Plus
2013-03-03 23:06:32 -------- d-----w- d:\documents and settings\all users\CyberLink
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin7.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin6.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin5.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin4.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin3.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin2.dll
2013-03-03 23:01:31 159744 ----a-w- d:\program files\internet explorer\plugins\npqtplugin.dll
2013-03-03 22:41:46 447479568 ----a-w- d:\program files\CL.2418_GM4_Trial_VDE121106-02.exe
.
==================== Find3M ====================
.
2013-02-12 00:32:23 12928 ----a-w- d:\windows\system32\drivers\usb8023.sys
2013-02-12 00:32:23 12928 ------w- d:\windows\system32\drivers\usb8023x.sys
2013-02-05 20:05:47 916480 ----a-w- d:\windows\system32\wininet.dll
2013-02-05 20:05:46 43520 ------w- d:\windows\system32\licmgr10.dll
2013-02-05 20:05:46 1469440 ------w- d:\windows\system32\inetcpl.cpl
2013-02-05 05:53:57 385024 ------w- d:\windows\system32\html.iec
2013-01-26 03:55:44 552448 ----a-w- d:\windows\system32\oleaut32.dll
2013-01-25 16:48:32 3915776 ----a-w- d:\windows\system32\ffmpeg.dll
2013-01-25 16:47:32 112640 ----a-w- d:\windows\system32\ff_vfw.dll
2013-01-25 16:47:18 3500544 ----a-w- d:\windows\system32\ffdshow.ax
2013-01-25 16:46:18 271360 ----a-w- d:\windows\system32\TomsMoComp_ff.dll
2013-01-25 16:46:16 99840 ----a-w- d:\windows\system32\ff_wmv9.dll
2013-01-25 16:46:16 157184 ----a-w- d:\windows\system32\ff_unrar.dll
2013-01-25 16:46:12 211968 ----a-w- d:\windows\system32\ff_libdts.dll
2013-01-25 16:46:12 147456 ----a-w- d:\windows\system32\ff_libmad.dll
2013-01-25 16:46:08 1525760 ----a-w- d:\windows\system32\ff_samplerate.dll
2013-01-25 16:46:08 114688 ----a-w- d:\windows\system32\ff_liba52.dll
2013-01-25 16:00:40 420008 ----a-w- d:\windows\system32\LAVSplitter.ax
2013-01-25 16:00:40 384472 ----a-w- d:\windows\system32\swscale-lav-2.dll
2013-01-25 16:00:40 279208 ----a-w- d:\windows\system32\IntelQuickSyncDecoder.dll
2013-01-25 16:00:40 247920 ----a-w- d:\windows\system32\avutil-lav-52.dll
2013-01-25 16:00:40 243880 ----a-w- d:\windows\system32\LAVAudio.ax
2013-01-25 16:00:40 183976 ----a-w- d:\windows\system32\libbluray.dll
2013-01-25 16:00:40 165160 ----a-w- d:\windows\system32\avresample-lav-1.dll
2013-01-25 16:00:40 1186984 ----a-w- d:\windows\system32\LAVVideo.ax
2013-01-25 16:00:38 7833552 ----a-w- d:\windows\system32\avcodec-lav-54.dll
2013-01-25 16:00:38 169888 ----a-w- d:\windows\system32\avfilter-lav-3.dll
2013-01-25 16:00:38 1257464 ----a-w- d:\windows\system32\avformat-lav-54.dll
2013-01-07 01:19:45 2148864 ----a-w- d:\windows\system32\ntoskrnl.exe
2013-01-07 00:37:01 2027520 ----a-w- d:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- d:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- d:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- d:\windows\system32\quartz.dll
.
============= FINISH: 12:20:35.79 ===============

shelf life
2013-03-30, 00:13
hi,

A PUP (Potentially Unwanted Program) is a program that usually comes along as a add on to some other software. The default is to have it install for you unless you uncheck it. Toolbars are good examples. I have some examples on my web page, link in sig. Toolbars can be resource hogs as well as have privacy concerns.
Those 3 antimalware you have installed are plenty.
See if Spybot still flags Win32.downloader now.

roberts1008
2013-03-30, 01:24
Hey 'shelf life',

I just ran Spybot and it did NOT find anything this time! Thanks so much!

I have one more question, but I may have to ask ZoneAlarm. For some reason, I have not been able to run a browser with the ZoneAlarm Browser Virtualization protection "on". Supposedly, it "stops silent drive by web attacks from reaching the computer".

Any idea why that would happen?

:thanks:

shelf life
2013-03-30, 04:06
So if its off your browser functions ok? Is that normally something you would toggle off and on from your browser? Did your browser look any different after you ran Adwcleaner?
In IE check that any browser add ons are enabled.