Computer Hope
Software => Computer viruses and spyware => Virus and spyware removal => Topic started by: codeslayer2010 on February 13, 2013, 08:28:39 PM
-
First of all, I'd like to thank all the volunteers on this forum who offer technical assistance. Many of us would be completely lost without your guidance! :)
===============================================
MY STORY:
===============================================
I'm a web developer and my laptop started experiencing strange symptoms, originally in November 2012 (3 months ago). The first sign of problems was when a coworker at work complained that my yahoo account had sent him some spam. Upon logging in to my YMail, I discovered that several contacts had been messaged from my account. I immediately ran MalWareBytes and a scan with MS Security Essentials (after successfully updating, of course). To my recollection, between MBAM and SE they found 2-3 malicious softwares (sorry, don't remember what it was). I selected to removed the offenders in both programs, rebooted, re-scanned -- nothing found. I concluded at the that point that all the malware was gone and then proceeded to change my YMail password. Everything seemed fine.
For the record, I wasn't ever able to identify what freeware/website/email was the actual trojan that opened the door for the baddies. I'm aware of security issues as a developer and rarely get infected because I have SE and MalwareBytes. But, ever since some profit-seeking corporation bought MBAM and converted to a pay-model, it seems like the converted once free functionality (like real-time protection) to a premium option. OTOH, the fact that I'm frustrated and upset from chasing this for over a week now on my only computer may be clouding my memory. Perhaps real-time malware protection WAS ALWAYS A PREMIUM OPTION?
Moving on then, we forward to about 2 weeks ago when out of the blue the mass spamming from my email account starts up again. At this point, I've already changed my email password, so the only way I can think they would have gotten access to my account are these:
1) Facebook Games -- nope - I don't allow or install or participate in facebook games or apps.
2) Clicking on a suspicious email -- maybe, but I consistently delete without reading, and never click on links, suspicious emails including ones with no header, adult content, foreign characters (it'd be nice if Yahoo could figure out how to filter emails with kanji in the title and send it to spam for me! -- I did some cursory research into matching kanji/hirigana to ASCII characters, but didn't find any clear answers), and "Spanish Prisoner" please. I'm not sure what else I might be doing wrong? Perhaps what I used to do in the past that worked is not sufficient for the new ITW viruses and malware methods??
3) Freeware -- I'm a strong believer in open source, so I do download a lot of free softwares. I do a significant amount of due diligence reading reviews of the product, then researching the credibility of the site that published the review, then searching for what users are saying about similar softwares, etc. Needless to say I am VERY THOROUGH in my research. I'm aware that sometime freeware is supported by adware piggybacked on and I ALWAYS PAY ATTENTION to any toolbars or "partner" software it wants to install. I ALWAYS uncheck any toolbars or partner softwares and also any "product improvement" participation options.
Within the last 2 weeks I can identify several freewares that I have downloaded:
* I've used Shareaza for P2P for years, but due to recent sluggish performance I investigated other clients. I installed and tested FrostWire and subsequently removed it, because it was seriously lacking for my purposes.
* For some reason, MagicISO wouln't decompress a .bin file so I researched and installed IZArc. I noticed it had a significant amount of adwares it tried to download, but I've always looked at that as an idiot-tax (if you don't read the instructions/fine print and just click next then you deserve what you get) so I always avoid the idiot tax by paying careful attention and as I said previously, uncheck all the spywares and partner options. Which I did in this case. I'd like to note however, that process on this was more convoluted than on most -- like they weren't just trying to get the ones who just clicked next, but rather like they were actually trying to be deceptive with their wording and such ... "QUIT" instead of "SKIP" for optional components (adware), etc. However, my issues with the email spamming occured weeks before and the program performed perfectly, decompressing my .bin file.
* Rar/Zip password crackers -- Though I usually keep track of my passwords, I unfortunately have some important archives that I can't access anymore. So I researched "password cracker"/"Password recovery" and tested a few of the softwares. I removed them all because they either relied on a dictionary or did a brute force attack and either way, over a day later password still not found, so I gave up on that whole concept.
* Last week a bought a USB Blu-Ray burner and was unable to burn several files due to Windows XP long file names. I subsequently researched and installed several freewares to shorten long file names. Unfortunately, none of them worked, and one was a pay tool, "*SPAM*" which was advertised as free and fully-functionioning, but it wasn't fully-functioning -- they had hobbled it so that you only get to edit the files found by paying for a key. Psssh. Most of these were .exe files and I scanned them all with MSSE before actually launching.
* Downloaded and installed **Torch** web browser, which I discovered while researching how to speed up torrents. That may have been a mistake. It seemed to work fine for about a week, but now the only indication that it could contain malware is that I was unable to remove it from ADD REMOVE PROGRAMS, nor from CCLEANER's uninstall feature. When trying from cCleaner got "Error: 193-" message.
* BTW: What's this I hear about 'Everything.exe' being malware? There are no ads, no popus, scans fine with security software, and is one of the most useful free tools I have. I'd hate to have to dump it if is a false positive. The log analyzer told me it was malware here:
My HijackThis report (http://www.computerhope.com/cgi-bin/process.pl?o=13161448)
4) Cracked Wares with evil payloads -- I don't believe I have any illegal software on my system. My OS is OEM I would guess because it is an HP-Employees-Only branded image.
===============================================
SYSTEM INFO:
===============================================
os: WIN XP SP3
Main Browsers: Firefox & Chrome (rarely use IE)
Security Software Used Before Coming To Computer Hope:
- MalwareBytes Anti-Malware (free)
- MS Security Essentials
- HijackThis
- PeerBlock
- I had windows firewall on, but it seems to have gotten shut off somehow
===============================================
LOGS:
===============================================
*****************************************
AdwCleaner
*****************************************
# AdwCleaner v2.112 - Logfile created 02/13/2013 at 14:10:43
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : nunya - NC6120
# Boot Mode : Normal
# Running from : C:\Documents and Settings\nunya\Desktop\PIRIFORM FORUM AV-AS Tools\adwcleaner0.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\END
Folder Found : C:\Documents and Settings\All Users\Application Data\APN
Folder Found : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\35d77rst.fffb\extensions\staged
Folder Found : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\4o9bu7p8.Rahul\extensions\staged
Folder Found : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8tbqrp6l.ericTest\extensions\staged
Folder Found : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\sn1z9clt.myTest\extensions\staged
Folder Found : C:\Documents and Settings\nunya\Local Settings\Application Data\APN
Folder Found : C:\Program Files\WebEnhancements
***** [Registry] *****
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Zugo
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\Software\eRightSoft\OpenCandy
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\TENCENT
Value Found : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\35d77rst.fffb\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\4o9bu7p8.Rahul\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\prefs.js
Found : user_pref("browser.search.defaultenginename", "Funmoods");
Found : user_pref("[email protected]", true);
Found : user_pref("extensions.funmoods.aflt", "download");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", true);
Found : user_pref("extensions.funmoods.hmpg", false);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Found : user_pref("extensions.funmoods.id", "001F3B94FEBBD1E1");
Found : user_pref("extensions.funmoods.instlDay", "15631");
Found : user_pref("extensions.funmoods.instlRef", "download");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:27:49");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", false);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:27:49");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", false);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:27:49");
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8tbqrp6l.ericTest\prefs.js
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\sn1z9clt.myTest\prefs.js
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Documents and Settings\nunya\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.61.1250.0
File : C:\Documents and Settings\nunya\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [5493 octets] - [13/02/2013 14:10:43]
########## EOF - C:\AdwCleaner[R1].txt - [5553 octets] ##########
*****************************************
MBAM
*****************************************
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org
Database version: v2013.02.13.09
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
nunya :: NC6120 [administrator]
2/13/2013 2:18:55 PM
mbam-log-2013-02-13 (14-18-55).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 255037
Time elapsed: 4 minute(s), 43 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
*****************************************
DDS - dds.txt
*****************************************
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_37
Run by nunya at 14:31:01 on 2013-02-13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.753 [GMT -8:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\msdtc.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Audacity\audacity.exe
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k HPService
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uWindow Title = Microsoft Internet Explorer provided by Hewlett-Packard
uSearch Bar = hxxp://search.portal.hp.com/search/
uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Google Update] "c:\documents and settings\nunya\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [OV2_Monitor] "c:\program files\olympus\olympus viewer 2\OV2Monitor.exe" -NoStart
uRun: [HP Officejet Pro 8600 (NET)] "c:\program files\hp\hp officejet pro 8600\bin\ScanToPCActivationApp.exe" -deviceID "CN298BWHSY05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Power2GoExpress] NA
mRun: [WatchDog] c:\program files\intervideo\dvd check\DVDCheck.exe
mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r
mRun: [TrueImageMonitor.exe] "c:\program files\acronis\trueimagehome\TrueImageMonitor.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [OODefragTray] c:\windows\system32\oodtray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [IDA] c:\program files\hewlett-packard\pc coe\IDA.EXE
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [hpqSRMon] <no file>
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\nunya\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\nunya\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\nunya\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dvdche~1.lnk - c:\program files\intervideo\dvd check\DVDCheck.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoWindowsUpdate = dword:0
mPolicies-Explorer: NoMSAppLogo5ChannelNotify = dword:1
mPolicies-System: legalnoticecaption = Hewlett-Packard Internal Use Only
mPolicies-System: legalnoticetext = This is a private system operated for Hewlett-Packard company business. Authorization from HP management is required to use this system. The HP Standards of Business Conduct and all HP Information Security policies and standards must be strictly followed. Use by unauthorized persons is prohibited and may result in civil and/or criminal liability and prosecution.
mPolicies-System: SynchronousMachineGroupPolicy = dword:0
mPolicies-System: SynchronousUserGroupPolicy = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {21196042-830F-419f-A594-F9D456A6C29A} - c:\program files\timeleft3\TLIntergIE.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - c:\program files\amazon\add to wish list ie extension\run.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/Windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287624190687
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{5989A3F4-5CEB-4375-9AA8-88F391614391} : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pcc.edu/admissions/dual/|http://www.hawkeyecollege.edu/academics/programs/information-technology/web-design-and-development/default.aspx|http://www.google.com/#q=just+checking&hl=en&safe=off&biw=1440&bih=727&fp=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&cad=b|http://hotspot.ovatn.net/airlock/login/?gw_address=10.7.52.1&gw_port=2060&gw_id=752&gw_mac=00-12-17-CA-0A-FB&mac=00:1F:3B:94:FE:BB&url=http%3A//www.speakeasy.net/&__c9auth=1&__c9dis=1|http://www.hawkeyecollege.edu/academics/default.aspx|http://learnpythonthehardway.org/|http://www.python.org/download/|http://www.google.com/search?q=how+to+buy+a+car+on+craigslist&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a|http://www.google.com/search?q=why+is+mcdonalds+closed%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a|http://news.yahoo.com/huge-ancient-civilization-collapse-explained-123449804.html|http://www.newser.com/story/146834/cops-shoot-naked-guy-eating-mans-face-on-highway.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\nunya\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\olympus\ib utilities\firefox plugin\npIbInst.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_149.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-30 20:50; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-01-07 21:57; [email protected]; c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-09 09:41; [email protected]; c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-14 15:51; [email protected]; c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-24 21:18; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\documents and settings\nunya\application data\mozilla\firefox\profiles\8r59xdmj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.funmoods.hmpg - false
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0BzyyE0F0E0B0B0DtC0EtCtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=85030786
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - false
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0BzyyE0F0E0B0B0DtC0EtCtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=85030786
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=download&chnl=download&cd=2XzuyEtN2Y1L1QzutDtDtC0FtA0BzyyE0F0E0B0B0DtC0EtCtN0D0Tzu0CtBzytCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=85030786&q=
FF - user.js: extensions.funmoods.id - 001F3B94FEBBD1E1
FF - user.js: extensions.funmoods.instlDay - 15631
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.228:27:49
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - download
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef - download
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - true
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2013-2-6 752128]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165648]
R1 MpKsla4bec46e;MpKsla4bec46e;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3266e5f-4fa1-41a6-8dc9-9a79cdb300ed}\MpKsla4bec46e.sys [2013-2-13 29904]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [2011-9-13 65856]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2013-2-6 3246040]
R2 msralinkmonitor;MSRA Link Monitor;c:\program files\remote tools\msraLinkMonitor.exe [2007-8-28 147456]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2012-7-13 769432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 radexecd;Radia Notify Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radexecd.exe [2005-5-4 217268]
R2 radsched;Radia Scheduler Daemon;c:\program files\hewlett-packard\pc coe 3\ov cms\radsched.exe [2004-8-25 245940]
R2 Radstgms;Radia MSI Redirector;c:\program files\hewlett-packard\pc coe 3\ov cms\Radstgms.exe [2004-10-22 327860]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2013-2-6 167968]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [2007-4-6 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [2007-6-27 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [2007-4-6 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [2007-6-27 10193]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-13 32896]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2007-5-14 36608]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-5-25 19056]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [2004-9-10 21504]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2007-5-14 47616]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2013/02/10 16:29:55;c:\program files\cyberlink\powerdvd10\navfilter\kmsvc.exe [2012-5-9 242664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\drivers\actccid.sys --> c:\windows\system32\drivers\actccid.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-3-1 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-3-1 3072]
S3 magaService;Lan Discover Agent;c:\program files\sygate\ssa\maga\maga.exe --> c:\program files\sygate\ssa\maga\maga.exe [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [2011-11-26 21648]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [1979-12-31 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-7-22 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-29 239336]
S4 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-11-22 3290304]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2010-9-17 370008]
.
=============== Created Last 30 ================
.
2013-02-13 18:04:43 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3266e5f-4fa1-41a6-8dc9-9a79cdb300ed}\MpKsla4bec46e.sys
2013-02-13 18:01:42 -------- d-----w- C:\registryBkp_2013
2013-02-13 17:32:29 -------- d-----w- C:\EEEPCFR
2013-02-13 17:00:50 6991832 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{b3266e5f-4fa1-41a6-8dc9-9a79cdb300ed}\mpengine.dll
2013-02-11 21:59:19 -------- d-----w- c:\program files\IZArc
2013-02-11 03:25:56 -------- d-----w- c:\program files\Unlocker
2013-02-11 02:39:08 -------- d-----w- c:\documents and settings\all users\application data\LightScribe
2013-02-11 02:31:07 -------- d-----w- c:\program files\Nero
2013-02-11 02:30:57 -------- d-----w- c:\documents and settings\all users\application data\Nero
2013-02-08 19:29:53 -------- d-----w- c:\documents and settings\nunya\local settings\application data\Power2Go
2013-02-08 19:08:03 115016 ----a-w- c:\windows\system32\MSINET.OCX
2013-02-08 19:08:03 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2013-02-08 19:08:03 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2013-02-08 19:08:02 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2013-02-08 18:51:16 29480 ----a-w- c:\windows\system32\msxml3a.dll
2013-02-08 18:45:23 -------- d-----w- c:\documents and settings\nunya\local settings\application data\CyberLink
2013-02-08 18:43:39 -------- d-----w- c:\documents and settings\all users\application data\install_clap
2013-02-08 18:42:19 -------- d-----w- c:\documents and settings\all users\application data\CLSK
2013-02-07 01:27:30 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-02-07 01:27:19 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2013-02-07 01:01:05 -------- d-----w- C:\A11
2013-02-06 19:54:59 854016 ----a-w- c:\program files\mozilla firefox\plugins\webex\500\nmac.dll
2013-02-06 17:26:02 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-02-03 22:21:29 -------- d-----w- C:\UTORRENT DOWNLOADS
2013-02-03 17:13:01 -------- d-----w- C:\UTORRENT TORRENTS
2013-01-26 04:39:10 51712 ----a-w- c:\windows\wc98pp.dll
2013-01-17 21:59:52 -------- d-----w- c:\program files\Lame For Audacity
2013-01-17 21:55:39 -------- d-----w- c:\program files\Audacity
2013-01-17 03:30:47 -------- d-----w- c:\documents and settings\all users\application data\APN
2013-01-17 03:23:11 -------- d-----w- c:\documents and settings\nunya\local settings\application data\Torch
2013-01-16 19:41:58 -------- d-----w- c:\program files\Git
2013-01-15 16:30:16 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2013-01-15 16:30:16 -------- d-----w- c:\program files\Belarc
.
==================== Find3M ====================
.
2013-02-12 18:07:41 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 18:07:41 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-11 00:27:58 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-11 00:27:58 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-02-07 01:27:16 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-07 01:27:04 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-01-30 10:53:21 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-31 05:47:29 50938 ----a-w- C:\registryBkp_2012.12.30_01.reg
2012-12-28 08:07:02 185066414 ----a-w- C:\registryBkp_2012.12.27_01.reg
2012-12-15 00:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2006-05-03 17:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
============= FINISH: 14:37:16.14 ===============
*****************************************
DDS - Attach.txt
*****************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 1:59:26 AM
System Uptime: 2/13/2013 10:03:17 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30C1
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U10 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 60.48 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Wireless WiFi Link 4965AG
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_10008086&REV_61\4&EB37384&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AG
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_10008086&REV_61\4&EB37384&0&00E1
Service: NETw5x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Plus B210 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart Plus B210 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart 7510 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Photosmart 7510 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
6400_Help
A+ 2006 Demo
Acronis True Image Home 2011
ActivCard Initialization Utility
ActivePerl 5.12.3 Build 1204
ActiveState Komodo IDE 6.0.1
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Reader Japanese Fonts
Adobe Reader Korean Fonts
Adobe Reader X (10.1.5)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack 2010
Amazon Add to Wish List IE Extension 1.1
AmoK Playlist Copy 2.04
AMP Font Viewer
Any Video Converter 2.6.7
Any Video Converter Ultimate 4.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
ATI Display Driver
Audacity 2.0.2
Auto Gordian Knot 2.55
AviSynth 2.5
Belarc Advisor 8.3
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Bulk Rename Utility 2.7.1.1
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Color Cop 5.4.3
Compatibility Pack for the 2007 Office system
CyberLink BD_3D Advisor 2.0
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink MediaEspresso 6.5
CyberLink MediaShow 6
CyberLink Power2Go 7
CyberLink PowerDVD 10
CyberLink PowerProducer 5.5
Debugging Tools for Windows (x86)
diskMETA-Lite 1.0.1 (remove only)
DivineCoders Free PC Bible Code Software
DivX Setup
DocFetcher
doPDF 7.1 printer
Dropbox
dtSearch
DzSoft Perl Editor 5.8.3
EASEUS Data Recovery Wizard Professional 5.5.1
EASEUS Partition Master 3.0.2 Professional
EditPlus 3
Everything 1.2.1.371
Extreme Picture Finder 3.16
Ezvid
Fast Duplicate File Finder 1.1.0.0
Fax
FileZilla Client 3.5.3
Fix Player
Folder Size for Windows
FretPro V.2.00
GIF Movie Gear 4.2.3
Git version 1.8.0-preview20121022
Google Chrome
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Graboid Video 3.05
Guitar Pro 5.2
HGTV Home & Landscape Platinum Suite
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
HP Client Management Interface 1.00 D8
HP Integrated Module with Bluetooth wireless technology
HP Officejet J6400 Series
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8600 Basic Device Software
HP Photosmart Essential 2.5
HP Photosmart Essential 3.5
HP Update
HP Wireless Assistant
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
I.R.I.S. OCR
InfoTag Magic 1.0
Inspyder Web2Disk Trial
Intel(R) PRO Network Connections Drivers
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
iTunes
IZArc 4.1.7
J6400
Java Auto Updater
Java(TM) 6 Update 37
JimsList
Junk Mail filter update
Lagarith lossless video codec (Remove Only)
LAME v3.99.3 (for Windows)
LightScribe 1.4.136.1
LMMS 0.4.13
Logitech Vid HD
Logitech Webcam Software
Logitech® Camera Driver
Magic ISO Maker v5.5 (build 0276)
Malwarebytes Anti-Malware version 1.70.0.1100
MDI Viewer for Microsoft Office 2.0
Microangelo Toolset 6
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Access database engine 2010 (English)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2011
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
MobileMe Control Panel
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero SharedVideoCodecs
Nero Update
Network
Network Recording Player
Notepad++
novaPDF Professional Desktop 7.7 printer
O&O Defrag Professional
OLYMPUS Digital Camera Updater
Olympus ib
OLYMPUS Viewer 2
Opera 11.61
PAL
PC COE
PC COE Required Settings
PDF Settings
PeerBlock 1.1 (r518)
Perl Express 2.5
PFPortChecker 1.0.39
Pixel Ruler
Prerequisite installer
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
PSSWCORE
Python 2.7.3
QuickTime
Quintessential Media Player
Radia Client
RAR Password Recovery 1.7
Real Alternative 2.0.2
Remote Access to HP Network (MSRA-Installer suite)
Remote Access to HP Network (MSRA 4.1 DigitalBadge Client)
Safari
SAPI Wrapper
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Service Pack 2 for SQL Server 2008 (KB2285068)
SFVManager
Shareaza 2.4.0.0
Skype Click to Call
Skype™ 6.1
Snagit 11
SnatchIt! Video Screen Capture
Soft Data Fax Modem with SmartCP
Sonic RecordNow!
Sonic Update Manager
Sql Server Customer Experience Improvement Program
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
Synaptics Pointing Device Driver
The Weather Channel App
Thunder Screenreader
TimeLeft
Toolbox
Torch
TreeSize Free V2.7
TTS Wrapper
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup S
-
(This part got cut off on my first post)
*****************************************
DDS - Attach.txt
*****************************************
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 10/20/2010 1:59:26 AM
System Uptime: 2/13/2013 10:03:17 AM (4 hours ago)
.
Motherboard: Hewlett-Packard | | 30C1
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | U10 | 1995/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 60.48 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) Wireless WiFi Link 4965AG
Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_10008086&REV_61\4&EB37384&0&00E1
Manufacturer: Intel Corporation
Name: Intel(R) Wireless WiFi Link 4965AG
PNP Device ID: PCI\VEN_8086&DEV_4229&SUBSYS_10008086&REV_61\4&EB37384&0&00E1
Service: NETw5x32
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Bluetooth LAN Access Server Driver
Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Manufacturer: Broadcom
Name: Bluetooth LAN Access Server Driver
PNP Device ID: {95C7A0A0-3094-11D7-A202-00508B9D7D5A}\BTWDNDIS\1&30EE4AD&0&1000000020000
Service: BTWDNDIS
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8500 A910
Device ID: ROOT\MULTIFUNCTION\0000
Manufacturer: HP
Name: Officejet Pro 8500 A910
PNP Device ID: ROOT\MULTIFUNCTION\0000
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Deskjet 3050 J610 series
Device ID: ROOT\MULTIFUNCTION\0001
Manufacturer: HP
Name: Deskjet 3050 J610 series
PNP Device ID: ROOT\MULTIFUNCTION\0001
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart Plus B210 series
Device ID: ROOT\MULTIFUNCTION\0002
Manufacturer: HP
Name: Photosmart Plus B210 series
PNP Device ID: ROOT\MULTIFUNCTION\0002
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Photosmart 7510 series
Device ID: ROOT\MULTIFUNCTION\0003
Manufacturer: HP
Name: Photosmart 7510 series
PNP Device ID: ROOT\MULTIFUNCTION\0003
Service:
.
Class GUID: {4D36E971-E325-11CE-BFC1-08002BE10318}
Description: Officejet Pro 8600
Device ID: ROOT\MULTIFUNCTION\0004
Manufacturer: HP
Name: Officejet Pro 8600
PNP Device ID: ROOT\MULTIFUNCTION\0004
Service:
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
32 Bit HP CIO Components Installer
6400_Help
A+ 2006 Demo
Acronis True Image Home 2011
ActivCard Initialization Utility
ActivePerl 5.12.3 Build 1204
ActiveState Komodo IDE 6.0.1
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader Chinese Simplified Fonts
Adobe Reader Chinese Traditional Fonts
Adobe Reader Japanese Fonts
Adobe Reader Korean Fonts
Adobe Reader X (10.1.5)
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Agent Ransack 2010
Amazon Add to Wish List IE Extension 1.1
AmoK Playlist Copy 2.04
AMP Font Viewer
Any Video Converter 2.6.7
Any Video Converter Ultimate 4.4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Verifier
ATI Display Driver
Audacity 2.0.2
Auto Gordian Knot 2.55
AviSynth 2.5
Belarc Advisor 8.3
Bonjour
bpd_scan
BPDSoftware
BPDSoftware_Ini
Bulk Rename Utility 2.7.1.1
Cards_Calendar_OrderGift_DoMorePlugout
CCleaner
Color Cop 5.4.3
Compatibility Pack for the 2007 Office system
CyberLink BD_3D Advisor 2.0
CyberLink LabelPrint 2.5
CyberLink Media Suite 10
CyberLink MediaEspresso 6.5
CyberLink MediaShow 6
CyberLink Power2Go 7
CyberLink PowerDVD 10
CyberLink PowerProducer 5.5
Debugging Tools for Windows (x86)
diskMETA-Lite 1.0.1 (remove only)
DivineCoders Free PC Bible Code Software
DivX Setup
DocFetcher
doPDF 7.1 printer
Dropbox
dtSearch
DzSoft Perl Editor 5.8.3
EASEUS Data Recovery Wizard Professional 5.5.1
EASEUS Partition Master 3.0.2 Professional
EditPlus 3
Everything 1.2.1.371
Extreme Picture Finder 3.16
Ezvid
Fast Duplicate File Finder 1.1.0.0
Fax
FileZilla Client 3.5.3
Fix Player
Folder Size for Windows
FretPro V.2.00
GIF Movie Gear 4.2.3
Git version 1.8.0-preview20121022
Google Chrome
Google Talk (remove only)
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
GoToMeeting 4.5.0.457
Graboid Video 3.05
Guitar Pro 5.2
HGTV Home & Landscape Platinum Suite
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958655-v2)
Hotfix for Windows XP (KB959765)
Hotfix for Windows XP (KB961118)
HP Client Management Interface 1.00 D8
HP Integrated Module with Bluetooth wireless technology
HP Officejet J6400 Series
HP Officejet Pro 8500 A910 Basic Device Software
HP Officejet Pro 8500 A910 Help
HP Officejet Pro 8600 Basic Device Software
HP Photosmart Essential 2.5
HP Photosmart Essential 3.5
HP Update
HP Wireless Assistant
HPDiagnosticAlert
HPPhotoSmartDiscLabel_PaperLabel
HPPhotoSmartDiscLabel_PrintOnDisc
HPPhotoSmartDiscLabelContent1
hpphotosmartdisclabelplugin
HPPhotoSmartPhotobookWebPack1
I.R.I.S. OCR
InfoTag Magic 1.0
Inspyder Web2Disk Trial
Intel(R) PRO Network Connections Drivers
InterVideo DVD Check
InterVideo Register Manager
InterVideo WinDVD
IrfanView (remove only)
iTunes
IZArc 4.1.7
J6400
Java Auto Updater
Java(TM) 6 Update 37
JimsList
Junk Mail filter update
Lagarith lossless video codec (Remove Only)
LAME v3.99.3 (for Windows)
LightScribe 1.4.136.1
LMMS 0.4.13
Logitech Vid HD
Logitech Webcam Software
Logitech® Camera Driver
Magic ISO Maker v5.5 (build 0276)
Malwarebytes Anti-Malware version 1.70.0.1100
MDI Viewer for Microsoft Office 2.0
Microangelo Toolset 6
Microsoft .NET Framework (English)
Microsoft .NET Framework (English) v1.0.3705
Microsoft .NET Framework 1.0 Hotfix (KB928367)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Access database engine 2010 (English)
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft ASP.NET MVC 2
Microsoft ASP.NET MVC 2 - VWD Express 2010 Tools
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft English TTS Engine
Microsoft Help Viewer 1.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office 2003 Web Components
Microsoft Office File Validation Add-In
Microsoft Office FrontPage 2003
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Silverlight 3 SDK
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Database Publishing Wizard 1.4
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Streets & Trips 2011
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ Compilers 2010 Standard - enu - x86
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Runtime
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Web Developer 2010 Express - ENU
Microsoft Windows Performance Toolkit
Microsoft Windows SDK .NET Framework Tools (30514)
Microsoft Windows SDK for Visual Studio .NET 4.0 Framework Tools
Microsoft Windows SDK for Windows 7 (7.1)
Microsoft Windows SDK for Windows 7 Common Utilities (30514)
Microsoft Windows SDK for Windows 7 Headers and Libraries (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Application Verifier (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Common Tools (30514)
Microsoft Windows SDK for Windows 7 Redistributable Components for Windows Debugging Tools (30514)
Microsoft Windows SDK for Windows 7 Samples (30514)
Microsoft Windows SDK for Windows 7 Utilities for Win32 Development (30514)
Microsoft Windows SDK Intellisense and Reference Assemblies (30514)
Microsoft Windows SDK MSHelp (30514)
Microsoft Windows SDK Net Fx Interop Headers And Libraries (30514)
MobileMe Control Panel
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML 6.0 Parser (KB933579)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero BurningROM 12
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero SharedVideoCodecs
Nero Update
Network
Network Recording Player
Notepad++
novaPDF Professional Desktop 7.7 printer
O&O Defrag Professional
OLYMPUS Digital Camera Updater
Olympus ib
OLYMPUS Viewer 2
Opera 11.61
PAL
PC COE
PC COE Required Settings
PDF Settings
PeerBlock 1.1 (r518)
Perl Express 2.5
PFPortChecker 1.0.39
Pixel Ruler
Prerequisite installer
PrimoPDF -- brought to you by Nitro PDF Software
ProductContext
PSSWCORE
Python 2.7.3
QuickTime
Quintessential Media Player
Radia Client
RAR Password Recovery 1.7
Real Alternative 2.0.2
Remote Access to HP Network (MSRA-Installer suite)
Remote Access to HP Network (MSRA 4.1 DigitalBadge Client)
Safari
SAPI Wrapper
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Visual Web Developer 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2482017)
Security Update for Windows Internet Explorer 7 (KB2497640)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2124261)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2290570)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB970483)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976323)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
Service Pack 2 for SQL Server 2008 (KB2285068)
SFVManager
Shareaza 2.4.0.0
Skype Click to Call
Skype™ 6.1
Snagit 11
SnatchIt! Video Screen Capture
Soft Data Fax Modem with SmartCP
Sonic RecordNow!
Sonic Update Manager
Sql Server Customer Experience Improvement Program
SUPER © v2011.build.49 (July 1st, 2011) version v2011.build.49
Synaptics Pointing Device Driver
The Weather Channel App
Thunder Screenreader
TimeLeft
Toolbox
Torch
TreeSize Free V2.7
TTS Wrapper
UnloadSupport
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2447568)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
User Profile Hive Cleanup Service
VC80CRTRedist - 8.0.50727.4053
Vegas Pro 10.0
VideoToolkit01
Visual Studio C++ 10.0 Runtime
VLC media player 1.1.11
WampServer 2.1
Web Deployment Tool
WebbIE and Accessible Programs
WebFldrs XP
WebReg
Windows Driver Package - OLYMPUS IMAGING CORP. Camera Communication Driver Package (09/09/2009 1.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Live Writer
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
Windows SDK IntellisenseNFX
Windows XP Service Pack 3
WinMount V3.5.0913
WinPcap 4.1.2
WinRAR archiver
WinZip
Wireshark 1.2.17
Xvid 1.2.2 final uninstall
XviD MPEG4 Video Codec (remove only)
.
==== Event Viewer Messages From Past Week ========
.
2/8/2013 9:38:12 PM, error: System Error [1003] - Error code 10000050, parameter1 ec493c84, parameter2 00000008, parameter3 ec493c84, parameter4 00000000.
2/8/2013 8:59:50 AM, error: Print [19] - Sharing printer failed + 1722, Printer PrimoPDF share name Printer2.
2/13/2013 8:50:08 AM, error: Dhcp [1002] - The IP address lease 192.168.1.118 for the Network Card with network address 001F3B94FEBB has been denied by the DHCP server 10.0.0.1 (The DHCP Server sent a DHCPNACK message).
2/10/2013 7:43:48 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD BANTExt Fips intelppm IPSec MpFilter MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip WMDrive
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:43:48 PM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
2/10/2013 7:35:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: BANTExt Fips intelppm MpFilter WMDrive
2/10/2013 7:35:54 PM, error: Service Control Manager [7001] - The Message Queuing Triggers service depends on the Message Queuing service which failed to start because of the following error: The dependency service or group failed to start.
2/10/2013 7:35:54 PM, error: Service Control Manager [7001] - The Message Queuing service depends on the Distributed Transaction Coordinator service which failed to start because of the following error: The dependency service or group failed to start.
2/10/2013 7:35:31 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
2/10/2013 3:27:23 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================
*****************************************
HijackThis
*****************************************
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:17:58 PM, on 2/13/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Remote tools\msraLinkMonitor.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\mqtgsvc.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\oodtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files\Cyberlink\Shared files\brs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\RunDll32.exe
c:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
C:\Program Files\Audacity\audacity.exe
C:\Program Files\Everything\Everything.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\Program Files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.portal.hp.com/search/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://technet.microsoft.com/en-us/scriptcenter/dd742419.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=56626&homepage=http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Hewlett-Packard
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://autocache.hp.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [OODefragTray] C:\WINDOWS\system32\oodtray.exe
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [IDA] C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [MsmqIntCert] regsvr32 /s mqrt.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files\CyberLink\MediaEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\MediaEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaEspresso\6.5"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\7.0"
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\nunya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [OV2_Monitor] "C:\Program Files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" -NoStart
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN298BWHSY05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - S-1-5-18 Startup: Dropbox.lnk = C:\Documents and Settings\nunya\Application Data\Dropbox\bin\Dropbox.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ? (User 'SYSTEM')
O4 - .DEFAULT Startup: Dropbox.lnk = C:\Documents and Settings\nunya\Application Data\Dropbox\bin\Dropbox.exe (User 'Default user')
O4 - .DEFAULT Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ? (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Documents and Settings\nunya\Application Data\Dropbox\bin\Dropbox.exe
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - Global Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra 'Tools' menuitem: Add to TimeLeft Auction Watch - {21196042-830F-419f-A594-F9D456A6C29A} - C:\Program Files\TimeLeft3\TLIntergIE.html
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://athp.hp.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: www.select2perform.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/Windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1287624190687
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Acronis Nonstop Backup Service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: CyberLink Product - 2013/02/10 16:29:55 (CLKMSVC10_B91CB6D3) - CyberLink - C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: Lan Discover Agent (magaService) - Unknown owner - C:\Program Files\Sygate\SSA\maga\maga.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSRA Link Monitor (msralinkmonitor) - Unknown owner - C:\Program Files\Remote tools\msraLinkMonitor.exe
O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files\Nero\Update\NASvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\system32\PCTKRNT.SYS
O23 - Service: Radia Notify Daemon (radexecd) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
O23 - Service: Radia Scheduler Daemon (radsched) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
O23 - Service: Radia MSI Redirector (Radstgms) - Hewlett-Packard - C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.17\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.8\bin\mysqld.exe
--
End of file - 18452 bytes
===============================================
SUMMARY:
===============================================
I have tried to be very thorough and have provided the information, as requested at www.computerhope.com/forum/index.php/topic,46313.0.html (http://www.computerhope.com/forum/index.php/topic,46313.0.html). Please advise if you require any other information from me.
Thanks in advance for you assistance and I look forward to hearing from you soon!
- CodeSlayer2010
(2013.02.13)
-
Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.
1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.
If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Perhaps real-time malware protection WAS ALWAYS A PREMIUM OPTION?
It was only for a trial period.
Moving on then, we forward to about 2 weeks ago when out of the blue the mass spamming from my email account starts up again.
Your account is being hacked. You will need a stronger password; one that can't be hacked.
I've used Shareaza for P2P for years, but due to recent sluggish performance I investigated other clients. I installed and tested FrostWire and subsequently removed it, because it was seriously lacking for my purposes.
P2P - We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.
Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
*****************************************************
Most of the freeware usually comes with some baggage. If you want safe freeware Majorgeeks (http://www.majorgeeks.com/) is the place to find it.
*****************************************************
BTW: What's this I hear about 'Everything.exe' being malware? There are no ads, no popus, scans fine with security software, and is one of the most useful free tools I have. I'd hate to have to dump it if is a false positive. The log analyzer told me it was malware here:
It can be or can't be according to this. (http://www.bing.com/search?q=%27Everything.exe%27&src=IE-SearchBox&FORM=IE8SRC)
**************************************************
Remove the Adware:
- Please close all open programs and internet browsers.
- Double click on adwcleaner.exe to run the tool.
- Click on Delete.
- Confirm each time with OK
- Your computer will be rebooted automatically. A text file will open after the restart.
- Please post the content of that logfile in your reply.
- You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
************************************************
Open HijackThis and select Do a system scan only
Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please do the following.Please place a check mark next to this/these line/lines.
Place a check mark next to the following entries: (if there)
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: www.select2perform.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
Important: Close all open windows except for HijackThis and then click Fix checked.
Once completed, exit HijackThis.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)
To prevent your anti-virus application interfering with ComboFix we need to disable it. See here (http://www.pchelpforum.com/anti-virus/110194-how-disable-your-security-applications-4.html) for a tutorial regarding how to do so if you are unsure.
- Close any open windows and double click ComboFix.exe to run it.
You will see the following image:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png)
Click I Agree to start the program.
ComboFix will then extract the necessary files and you will see this:
(http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png)
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7
It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
If you did not have it installed, you will see the prompt below. Choose YES.
(http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif)
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
(http://i424.photobucket.com/albums/pp322/digistar/whatnext.png)
Click on Yes, to continue scanning for malware.
When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.
Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
-
Hi Dave. Thanks for the quick response! I will uninstall Shareaza and then follow your other steps and report back when complete. :)
-
Ok I completed all the steps you advised including removing the O15 "Trusted Zone" items. I hope you don't mind, I have developed a short list of questions based on the results of the scans and such. I'm hoping you can shed some light on the items and either verify my concerns or put my mind at ease, where applicable.
********************* QUESTIONS ***********************
Q:
"Your account is being hacked. You will need a stronger password; one that can't be hacked."
Thanks for that explanation. Can you recommend a good online service or tool that uses a consistent metrics system for analyzing the strength of a password? I have used online password generator sites, so that's not what I'm talking about. For instance, how do i compare a 16 character alphanumeric password to an 8 character lowercase alpha password that has a $ in it somewhere? Further, my confusion also stems from the fact that when I created my new Yahoo password in October, their interactive form said my password is strong. So if the form app says my password is strong, how much stronger does it need to be? How do I know when it is strong enough? I think I read a generic statement that passwords need to get stronger every time processor speed doubles, or something similar. If you could clarify these things that would help greatly! :)
Q:
"Most of the freeware usually comes with some baggage. If you want safe freeware Majorgeeks is the place to find it."
Thanks for the tip on Majorgeeks. Can I ask you about Firewalls? I used to use COMODO around 2007 to 2009, which I learned about from MajorGeeks, but then I started having issues with it being too restrictive and causing crashes and hangs. I did some research and learned many people had experienced similar problems so I abandoned COMODO. I thought I had a firewall on here, not counting Windows firewall, but It's actually been over a year, I now realize, since I can remember having any sort of firewall.
I got this PeerBlock program which I understood (perhaps erroneously) was a "light" firewall and kept certain malicious and other IP's from connecting to my machine. I've always been much better at understanding the programming vs. the network aspect of things, so when it comes to ports, TCP/IP, firewalls, OSI models, and how network security works I'm basically clueless.
Therefore, I guess it boils down to I'm aware of firewalls ... do I really need one? Are they actually another form of rogue spyware? Is there a particular brand or title that you would recommend?
Q:
In the AdwCleaner log from yesterday, it detected a bunch of "Funmoods" items. I'm pretty sure I researched that issue last July because somehow it installed itself on my laptop in the form of an unwanted toolbar, and I ended up either doing Add/Remove Programs, or downloading a specific 'funmoods remover' executable ... I'm not entirely certain which it was. I thought I had eradicated it. Is this log indicating that is still on my computer? Is it just harmless remnants, or is it still active but dormant, striking whenever it wants?
Q:
Can hackers enter my machine through Dropbox, and if so, can I prevent that without removing Dropbox?
Q:
What is "Microsoft Security Client"? Is that an actual MS program, or some fake thing calling itself that so I'll think its official? If MS Security Client is a good thing, how do I use it, or is it passive?
Q:
Is bttray.exe allowing hackers access to my laptop via bluetooth somehow?
Q:
Finally, here are some items that I noticed from today's scans that seem suspicious. Can you advise on which of these if any are harmful and what further action to take?
- Click Coupon\BrowseCoupons
- Unlocker
- install_clap
- U3
- Torch
- FlashPlayerApp.exe
- FlashPlayerCPLApp.cpl
- snapman.sys
- PFPortChecker.exe
- TorchTorrent.exe
- UnlockerAssistant.exe
Thanks again for your help Dave.
-
So if the form app says my password is strong, how much stronger does it need to be? How do I know when it is strong enough?
If your password is being hacked then the only thing I can suggest is another type of mail account.
do I really need one? Are they actually another form of rogue spyware? Is there a particular brand or title that you would recommend?
Yes, you should have a firewall in place. I'm using Comodo with no problems. Third-party firewalls such as Comodo can be a bit overbearing but it's something we have to put up with to have that extra protection.
Is this log indicating that is still on my computer? Is it just harmless remnants, or is it still active but dormant, striking whenever it wants?
It's mostly harmless remnants.
Can hackers enter my machine through Dropbox, and if so, can I prevent that without removing Dropbox?
Most programs are susceptible if not kept up-to-date.
What is "Microsoft Security Client"?
You can find out more about it here. (http://www.microsoft.com/en-us/download/details.aspx?id=18660)
Is bttray.exe allowing hackers access to my laptop via bluetooth somehow?
It is considered safe.
-
Q:
If your password is being hacked then the only thing I can suggest is another type of mail account.
What do you mean by "another type of mail account"? Could you please elaborate on what you mean by "type" and what options are available? What type of mail setup do savvy ComputerHope volunteers employ to protect their systems?
I forgot to post the logs from the last set of scans you had me do, so here they are (below). Please let me know if my system is now clean or if there are any further steps I still need to do. Thanks.
************************ LOGS *************************
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
AdwCleaner - Results After Cleaning
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
# AdwCleaner v2.112 - Logfile created 02/15/2013 at 09:31:58
# Updated 10/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : nunya - NC6120
# Boot Mode : Normal
# Running from : C:\Documents and Settings\nunya\Desktop\ComputerHopeForumMalwareRemoval2013\adwcleaner0.exe
# Option [Delete]
***** [Services] *****
***** [Files / Folders] *****
File Deleted : C:\END
Folder Deleted : C:\Documents and Settings\All Users\Application Data\APN
Folder Deleted : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\35d77rst.fffb\extensions\staged
Folder Deleted : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\4o9bu7p8.Rahul\extensions\staged
Folder Deleted : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8tbqrp6l.ericTest\extensions\staged
Folder Deleted : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\sn1z9clt.myTest\extensions\staged
Folder Deleted : C:\Documents and Settings\nunya\Local Settings\Application Data\APN
Folder Deleted : C:\Program Files\WebEnhancements
***** [Registry] *****
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\Software\eRightSoft\OpenCandy
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v18.0.2 (en-US)
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\35d77rst.fffb\prefs.js
C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\35d77rst.fffb\user.js ... Deleted !
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\4o9bu7p8.Rahul\prefs.js
C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\4o9bu7p8.Rahul\user.js ... Deleted !
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\prefs.js
C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\user.js ... Deleted !
Deleted : user_pref("browser.search.defaultenginename", "Funmoods");
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.funmoods.aflt", "download");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", true);
Deleted : user_pref("extensions.funmoods.hmpg", false);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=download&chnl=download&cd[...]
Deleted : user_pref("extensions.funmoods.id", "001F3B94FEBBD1E1");
Deleted : user_pref("extensions.funmoods.instlDay", "15631");
Deleted : user_pref("extensions.funmoods.instlRef", "download");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.228:27:49");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", false);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=download&chnl=download&[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=download&chnl=downloa[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.228:27:49");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods_i.newTab", false);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.228:27:49");
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8tbqrp6l.ericTest\prefs.js
C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\8tbqrp6l.ericTest\user.js ... Deleted !
[OK] File is clean.
File : C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\sn1z9clt.myTest\prefs.js
C:\Documents and Settings\nunya\Application Data\Mozilla\Firefox\Profiles\sn1z9clt.myTest\user.js ... Deleted !
[OK] File is clean.
-\\ Google Chrome v24.0.1312.57
File : C:\Documents and Settings\nunya\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
-\\ Opera v11.61.1250.0
File : C:\Documents and Settings\nunya\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[S1].txt - [6187 octets] - [15/02/2013 09:31:58]
########## EOF - C:\AdwCleaner[S1].txt - [6247 octets] ##########
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ComboFix - Results After Cleaning
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ComboFix 13-02-15.01 - nunya 02/15/2013 10:26:15.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1327 [GMT -8:00]
Running from: c:\documents and settings\nunya\Desktop\ComputerHopeForumMalwareRemoval2013\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Documents
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}\Setup.ilg
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{889C6F39-241F-4119-8026-1B2F4A124839}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{89A43E80-AC6C-4DA8-9800-F4B30ED577C0}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{8FCCB703-3FBF-49e7-A43F-A81E27D9B07E}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.ilg
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe
c:\documents and settings\All Users\Application Data\TEMP\{E438759B-A7A1-4073-AD33-3C7C1DE0B65A}\PostBuild.exe
c:\documents and settings\nunya\Local Settings\Application Data\assembly\tmp
c:\program files\Click Coupon
c:\program files\Click Coupon\BrowserCoupons.crx
c:\program files\Click Coupon\BrowserCoupons.safariextz
c:\program files\Click Coupon\BrowserCoupons.xpi
c:\windows\iun6002.exe
c:\windows\system32\Cache
c:\windows\system32\Device.dll
c:\windows\system32\SET93.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\wc98pp.dll
.
----- File Replicators -----
.
c:\program files\Git\bin\git.exe
c:\program files\Git\libexec\git-core\git-add.exe
c:\program files\Git\libexec\git-core\git-annotate.exe
c:\program files\Git\libexec\git-core\git-apply.exe
c:\program files\Git\libexec\git-core\git-archive.exe
c:\program files\Git\libexec\git-core\git-bisect--helper.exe
c:\program files\Git\libexec\git-core\git-blame.exe
c:\program files\Git\libexec\git-core\git-branch.exe
c:\program files\Git\libexec\git-core\git-bundle.exe
c:\program files\Git\libexec\git-core\git-cat-file.exe
c:\program files\Git\libexec\git-core\git-check-attr.exe
c:\program files\Git\libexec\git-core\git-check-ref-format.exe
c:\program files\Git\libexec\git-core\git-checkout-index.exe
c:\program files\Git\libexec\git-core\git-checkout.exe
c:\program files\Git\libexec\git-core\git-cherry-pick.exe
c:\program files\Git\libexec\git-core\git-cherry.exe
c:\program files\Git\libexec\git-core\git-clean.exe
c:\program files\Git\libexec\git-core\git-clone.exe
c:\program files\Git\libexec\git-core\git-column.exe
c:\program files\Git\libexec\git-core\git-commit-tree.exe
c:\program files\Git\libexec\git-core\git-commit.exe
c:\program files\Git\libexec\git-core\git-config.exe
c:\program files\Git\libexec\git-core\git-count-objects.exe
c:\program files\Git\libexec\git-core\git-credential.exe
c:\program files\Git\libexec\git-core\git-describe.exe
c:\program files\Git\libexec\git-core\git-diff-files.exe
c:\program files\Git\libexec\git-core\git-diff-index.exe
c:\program files\Git\libexec\git-core\git-diff-tree.exe
c:\program files\Git\libexec\git-core\git-diff.exe
c:\program files\Git\libexec\git-core\git-fast-export.exe
c:\program files\Git\libexec\git-core\git-fetch-pack.exe
c:\program files\Git\libexec\git-core\git-fetch.exe
c:\program files\Git\libexec\git-core\git-fmt-merge-msg.exe
c:\program files\Git\libexec\git-core\git-for-each-ref.exe
c:\program files\Git\libexec\git-core\git-format-patch.exe
c:\program files\Git\libexec\git-core\git-fsck-objects.exe
c:\program files\Git\libexec\git-core\git-fsck.exe
c:\program files\Git\libexec\git-core\git-gc.exe
c:\program files\Git\libexec\git-core\git-get-tar-commit-id.exe
c:\program files\Git\libexec\git-core\git-grep.exe
c:\program files\Git\libexec\git-core\git-hash-object.exe
c:\program files\Git\libexec\git-core\git-help.exe
c:\program files\Git\libexec\git-core\git-index-pack.exe
c:\program files\Git\libexec\git-core\git-init-db.exe
c:\program files\Git\libexec\git-core\git-init.exe
c:\program files\Git\libexec\git-core\git-log.exe
c:\program files\Git\libexec\git-core\git-ls-files.exe
c:\program files\Git\libexec\git-core\git-ls-remote.exe
c:\program files\Git\libexec\git-core\git-ls-tree.exe
c:\program files\Git\libexec\git-core\git-mailinfo.exe
c:\program files\Git\libexec\git-core\git-mailsplit.exe
c:\program files\Git\libexec\git-core\git-merge-base.exe
c:\program files\Git\libexec\git-core\git-merge-file.exe
c:\program files\Git\libexec\git-core\git-merge-index.exe
c:\program files\Git\libexec\git-core\git-merge-ours.exe
c:\program files\Git\libexec\git-core\git-merge-recursive.exe
c:\program files\Git\libexec\git-core\git-merge-subtree.exe
c:\program files\Git\libexec\git-core\git-merge-tree.exe
c:\program files\Git\libexec\git-core\git-merge.exe
c:\program files\Git\libexec\git-core\git-mktag.exe
c:\program files\Git\libexec\git-core\git-mktree.exe
c:\program files\Git\libexec\git-core\git-mv.exe
c:\program files\Git\libexec\git-core\git-name-rev.exe
c:\program files\Git\libexec\git-core\git-notes.exe
c:\program files\Git\libexec\git-core\git-pack-objects.exe
c:\program files\Git\libexec\git-core\git-pack-redundant.exe
c:\program files\Git\libexec\git-core\git-pack-refs.exe
c:\program files\Git\libexec\git-core\git-patch-id.exe
c:\program files\Git\libexec\git-core\git-peek-remote.exe
c:\program files\Git\libexec\git-core\git-prune-packed.exe
c:\program files\Git\libexec\git-core\git-prune.exe
c:\program files\Git\libexec\git-core\git-push.exe
c:\program files\Git\libexec\git-core\git-read-tree.exe
c:\program files\Git\libexec\git-core\git-receive-pack.exe
c:\program files\Git\libexec\git-core\git-reflog.exe
c:\program files\Git\libexec\git-core\git-remote-ext.exe
c:\program files\Git\libexec\git-core\git-remote-fd.exe
c:\program files\Git\libexec\git-core\git-remote.exe
c:\program files\Git\libexec\git-core\git-replace.exe
c:\program files\Git\libexec\git-core\git-repo-config.exe
c:\program files\Git\libexec\git-core\git-rerere.exe
c:\program files\Git\libexec\git-core\git-reset.exe
c:\program files\Git\libexec\git-core\git-rev-list.exe
c:\program files\Git\libexec\git-core\git-rev-parse.exe
c:\program files\Git\libexec\git-core\git-revert.exe
c:\program files\Git\libexec\git-core\git-rm.exe
c:\program files\Git\libexec\git-core\git-send-pack.exe
c:\program files\Git\libexec\git-core\git-shortlog.exe
c:\program files\Git\libexec\git-core\git-show-branch.exe
c:\program files\Git\libexec\git-core\git-show-ref.exe
c:\program files\Git\libexec\git-core\git-show.exe
c:\program files\Git\libexec\git-core\git-stage.exe
c:\program files\Git\libexec\git-core\git-status.exe
c:\program files\Git\libexec\git-core\git-stripspace.exe
c:\program files\Git\libexec\git-core\git-symbolic-ref.exe
c:\program files\Git\libexec\git-core\git-tag.exe
c:\program files\Git\libexec\git-core\git-tar-tree.exe
c:\program files\Git\libexec\git-core\git-unpack-file.exe
c:\program files\Git\libexec\git-core\git-unpack-objects.exe
c:\program files\Git\libexec\git-core\git-update-index.exe
c:\program files\Git\libexec\git-core\git-update-ref.exe
c:\program files\Git\libexec\git-core\git-update-server-info.exe
c:\program files\Git\libexec\git-core\git-upload-archive.exe
c:\program files\Git\libexec\git-core\git-var.exe
c:\program files\Git\libexec\git-core\git-verify-pack.exe
c:\program files\Git\libexec\git-core\git-verify-tag.exe
c:\program files\Git\libexec\git-core\git-whatchanged.exe
c:\program files\Git\libexec\git-core\git-write-tree.exe
c:\program files\Git\libexec\git-core\git.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_Skype_C2C_Service
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Files Created from 2013-01-15 to 2013-02-15 )))))))))))))))))))))))))))))))
.
.
2013-02-15 17:55 . 2013-01-08 04:57 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B863154-74C0-4755-B756-5DA6729A0488}\mpengine.dll
2013-02-14 18:40 . 2013-02-14 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\NovaTech Network
2013-02-14 18:39 . 2009-09-05 01:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2013-02-14 18:39 . 2009-09-05 01:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2013-02-14 18:39 . 2013-02-14 18:39 -------- d-----w- c:\windows\Logs
2013-02-14 18:39 . 2013-02-14 18:39 -------- d-----w- c:\program files\Novawave
2013-02-13 18:01 . 2013-02-13 18:01 -------- d-----w- C:\registryBkp_2013
2013-02-13 17:32 . 2013-02-13 17:33 -------- d-----w- C:\EEEPCFR
2013-02-11 21:59 . 2013-02-11 22:01 -------- d-----w- c:\program files\IZArc
2013-02-11 03:25 . 2013-02-11 03:32 -------- d-----w- c:\program files\Unlocker
2013-02-11 02:39 . 2013-02-11 02:39 -------- d-----w- c:\documents and settings\All Users\Application Data\LightScribe
2013-02-11 02:37 . 2013-02-11 02:39 -------- d-----w- c:\documents and settings\nunya\Application Data\Nero
2013-02-11 02:31 . 2013-02-11 02:32 -------- d-----w- c:\program files\Common Files\Nero
2013-02-11 02:31 . 2013-02-11 02:32 -------- d-----w- c:\program files\Nero
2013-02-11 02:30 . 2013-02-11 02:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Nero
2013-02-08 19:29 . 2013-02-08 19:29 -------- d-----w- c:\documents and settings\nunya\Local Settings\Application Data\Power2Go
2013-02-08 19:08 . 1998-07-22 08:00 102912 ----a-w- c:\windows\system32\Vb6stkit.dll
2013-02-08 19:08 . 1998-07-22 08:00 102160 ----a-w- c:\windows\system32\VB6KO.DLL
2013-02-08 19:08 . 1998-06-24 08:00 115016 ----a-w- c:\windows\system32\MSINET.OCX
2013-02-08 19:08 . 2001-08-30 05:00 59904 ----a-w- c:\windows\system32\wbemdisp.tlb
2013-02-08 18:51 . 2013-02-11 00:27 29480 ----a-w- c:\windows\system32\msxml3a.dll
2013-02-08 18:45 . 2013-02-08 18:48 -------- d-----w- c:\documents and settings\nunya\Local Settings\Application Data\CyberLink
2013-02-08 18:43 . 2013-02-08 18:43 -------- d-----w- c:\documents and settings\All Users\Application Data\install_clap
2013-02-08 18:42 . 2013-02-11 00:27 -------- d-----w- c:\program files\CyberLink
2013-02-08 18:42 . 2013-02-11 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\CLSK
2013-02-07 01:51 . 2013-02-07 02:08 -------- d-----w- c:\documents and settings\nunya\Application Data\U3
2013-02-07 01:27 . 2013-02-07 01:27 167968 ----a-w- c:\windows\system32\drivers\afcdp.sys
2013-02-07 01:27 . 2013-02-07 01:27 752128 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2013-02-07 01:01 . 2013-02-07 01:01 -------- d-----w- C:\A11
2013-02-06 17:26 . 2013-02-06 17:41 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-02-03 22:21 . 2013-02-13 20:16 -------- d-----w- C:\UTORRENT DOWNLOADS
2013-02-03 17:13 . 2013-02-11 22:08 -------- d-----w- C:\UTORRENT TORRENTS
2013-01-25 04:45 . 2013-01-25 04:45 -------- d-----w- c:\program files\Common Files\Skype
2013-01-17 21:59 . 2013-01-17 21:59 -------- d-----w- c:\program files\Lame For Audacity
2013-01-17 21:56 . 2013-02-13 19:46 -------- d-----w- c:\documents and settings\nunya\Application Data\Audacity
2013-01-17 21:55 . 2013-01-17 21:55 -------- d-----w- c:\program files\Audacity
2013-01-17 03:23 . 2013-01-17 03:24 -------- d-----w- c:\documents and settings\nunya\Local Settings\Application Data\Torch
2013-01-16 19:41 . 2013-01-16 20:03 -------- d-----w- c:\program files\Git
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-12 18:07 . 2012-04-02 12:44 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-12 18:07 . 2011-05-19 23:06 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-11 00:27 . 2003-03-19 01:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2013-02-11 00:27 . 2003-02-21 09:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-02-07 01:27 . 2010-10-26 22:00 600928 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-02-07 01:27 . 2010-10-26 22:00 170528 ----a-w- c:\windows\system32\drivers\snapman.sys
2013-01-30 10:53 . 2011-02-14 16:41 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-16 00:56 . 2012-07-11 22:10 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-16 00:56 . 2011-04-24 02:51 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-15 23:14 . 2012-07-11 22:10 73728 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-08 04:57 . 2011-02-14 16:42 6991832 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-31 05:47 . 2012-12-31 05:47 50938 ----a-w- C:\registryBkp_2012.12.30_01.reg
2012-12-28 08:07 . 2012-12-28 08:06 185066414 ----a-w- C:\registryBkp_2012.12.27_01.reg
2012-12-15 00:49 . 2011-04-19 04:48 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 19:32 . 2012-12-07 19:32 61440 ----a-r- c:\documents and settings\nunya\Application Data\Microsoft\Installer\{1073E172-6264-4E2C-B48D-C4886A45EA13}\NewShortcut2_A266A88AF1414FE7A460298E36082F45.exe
2012-10-08 14:41 . 2013-02-06 19:54 305744 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
2013-02-06 19:55 . 2013-02-06 19:54 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2006-05-03 17:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 18:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 20:30 216064 --sha-r- c:\windows\system32\nbDX.dll
2010-01-07 05:00 107520 --sha-r- c:\windows\system32\TAKDSDecoder.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2011-11-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\TCPIP.SYS
[-] 2011-11-01 . D24EA301E2B36C4E975FD216CA85D8E7 . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\TCPIP.SYS
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[7] 2004-08-03 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\nunya\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\nunya\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\nunya\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\nunya\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MountOverlayIcon]
@="{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}"
[HKEY_CLASSES_ROOT\CLSID\{0F49CF41-FD97-4942-9F2A-35E8B489E7FB}]
2010-10-20 18:22 257024 ----a-w- c:\program files\WinMount\WinMTExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-02-14 39408]
"OV2_Monitor"="c:\program files\OLYMPUS\OLYMPUS Viewer 2\OV2Monitor.exe" [2010-11-19 230776]
"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-10 1804648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WatchDog"="c:\program files\InterVideo\DVD Check\DVDCheck.exe" [2006-09-06 184320]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-08-18 110592]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-02-02 5546376]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2009-02-26 2553088]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"IDA"="c:\program files\Hewlett-Packard\PC COE\IDA.EXE" [2007-07-11 176128]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-03-01 472776]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-02-02 390720]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
"Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"MDS_Menu"="c:\program files\CyberLink\MediaEspresso\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2011-03-09 107816]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2012-07-25 223128]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-03-28 91432]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2012-05-09 78312]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2012-04-17 223096]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
c:\documents and settings\nunya\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\nunya\Application Data\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [1979-12-31 33280]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]
DVD Check.lnk - c:\program files\InterVideo\DVD Check\DVDCheck.exe [2010-10-20 184320]
Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [1979-12-31 33280]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\r:\0autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Thunder Screenreader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Thunder Screenreader.lnk
backup=c:\windows\pss\Thunder Screenreader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\COEMsgDisplay]
2007-04-11 19:44 26624 ----a-w- c:\program files\Hewlett-Packard\PC COE\COEMsgDisplay.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW7]
2012-08-03 00:58 13003448 ----a-w- c:\program files\The Weather Channel\The Weather Channel App\TWCApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]
2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 10:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2009-10-14 17:36 2793304 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Olympus ib]
2011-08-18 22:42 93880 ------w- c:\program files\OLYMPUS\ib\olycamdetect.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OV2_Monitor]
2010-11-19 17:54 54648 ----a-w- c:\program files\OLYMPUS\OLYMPUS Viewer 2\FirstStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 20:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Skype C2C Service"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\ActiveState Komodo IDE 6\\lib\\mozilla\\komodo.exe"=
"c:\\Documents and Settings\\nunya\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\wamp\\tools\\xdc\\xdc.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\PFPortChecker\\PFPortChecker.exe"=
"c:\\Program Files\\Logitech\\Vid HD\\Vid.exe"=
"c:\\Documents and Settings\\nunya\\Local Settings\\Application Data\\Torch\\Plugins\\Torrent\\TorchTorrent.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
.
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\drivers\tdrpm273.sys [2/6/2013 5:27 PM 752128]
R1 WMDrive;WMDrive;c:\windows\system32\drivers\WMDrive.sys [9/13/2011 6:05 PM 65856]
R2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2/6/2013 5:27 PM 3246040]
R2 msralinkmonitor;MSRA Link Monitor;c:\program files\Remote tools\msraLinkMonitor.exe [8/28/2007 6:28 AM 147456]
R2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [7/13/2012 4:27 PM 769432]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 9:07 AM 35088]
R2 radexecd;Radia Notify Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe [5/4/2005 6:35 AM 217268]
R2 radsched;Radia Scheduler Daemon;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe [8/25/2004 3:05 AM 245940]
R2 Radstgms;Radia MSI Redirector;c:\program files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe [10/22/2004 6:53 AM 327860]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2/6/2013 5:27 PM 167968]
R3 akbus;ActivCard Virtual Reader Enumerator;c:\windows\system32\drivers\akbus.sys [4/6/2007 1:46 AM 13619]
R3 akpcsc;ActivCard Virtual PC/SC Device Driver;c:\windows\system32\drivers\akpcsc.sys [6/27/2007 7:10 AM 9493]
R3 aksbus;ActivIdentity Virtual Reader Enumerator;c:\windows\system32\drivers\aksbus.sys [4/6/2007 1:46 AM 13647]
R3 akspcsc;ActivIdentity Virtual PC/SC Device Driver;c:\windows\system32\drivers\akspcsc.sys [6/27/2007 7:10 AM 10193]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [7/13/2012 7:51 AM 32896]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [5/14/2007 6:30 AM 36608]
R3 RadiaMsi;RadiaMsi;c:\windows\system32\drivers\radiamsi.sys [9/10/2004 5:45 AM 21504]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [5/14/2007 6:09 AM 47616]
S2 CLKMSVC10_B91CB6D3;CyberLink Product - 2013/02/10 16:29;c:\program files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [5/9/2012 4:03 PM 242664]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [1/8/2013 12:55 PM 161536]
S3 actccid;ActivCard USB Reader V2;c:\windows\system32\DRIVERS\actccid.sys --> c:\windows\system32\DRIVERS\actccid.sys [?]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [3/1/2011 11:46 AM 8704]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [3/1/2011 11:46 AM 3072]
S3 magaService;Lan Discover Agent;c:\program files\Sygate\SSA\maga\maga.exe --> c:\program files\Sygate\SSA\maga\maga.exe [?]
S3 OlyCamComm;OLYMPUS USB Communication Device;c:\windows\system32\drivers\OlyCamComm.sys [11/26/2011 8:14 AM 21648]
S3 PLTurbh;Prolific turbo filter driver for hdd;c:\windows\system32\drivers\plturbh.sys --> c:\windows\system32\drivers\plturbh.sys [?]
S3 PLTurbo;Prolific turbo filter driver for odd;c:\windows\system32\drivers\plturbo.sys --> c:\windows\system32\drivers\plturbo.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 2:06 PM 11520]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [7/22/2009 7:08 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [3/29/2009 11:09 PM 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [9/17/2010 6:14 AM 370008]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_B91CB6D3
*Deregistered* - uphcleanhlp
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-02 18:07]
.
2013-02-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 22:54]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-14 22:54]
.
2013-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133856451-2078020282-1861488433-1007Core.job
- c:\documents and settings\nunya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 08:05]
.
2013-02-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2133856451-2078020282-1861488433-1007UA.job
- c:\documents and settings\nunya\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-07-03 08:05]
.
2013-02-15 c:\windows\Tasks\IDA{5B940D5F-0A3F-11D2-95B5-080009DC8202}001.job
- c:\program files\Hewlett-Packard\PC COE\coetl32.exe [2007-06-23 22:27]
.
2013-02-15 c:\windows\Tasks\IDA{884F3959-E5F7-11D1-9B15-080009F878E4}000.job
- c:\progra~1\HEWLET~1\PCCOE~1\reltrksi.dll [2006-07-20 14:14]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pcc.edu/admissions/dual/|http://www.hawkeyecollege.edu/academics/programs/information-technology/web-design-and-development/default.aspx|http://www.google.com/#q=just+checking&hl=en&safe=off&biw=1440&bih=727&fp=1&bav=on.2,or.r_gc.r_pw.r_qf.,cf.osb&cad=b|http://hotspot.ovatn.net/airlock/login/?gw_address=10.7.52.1&gw_port=2060&gw_id=752&gw_mac=00-12-17-CA-0A-FB&mac=00:1F:94:FE:BB&url=http%3A//www.speakeasy.net/&__c9auth=1&__c9dis=1|http://www.hawkeyecollege.edu/academics/default.aspx|http://learnpythonthehardway.org/|http://www.python.org/download/|http://www.google.com/search?q=how+to+buy+a+car+on+craigslist&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a|http://www.google.com/search?q=why+is+mcdonalds+closed%3F&ie=utf-8&oe=utf-8&aq=t&rls=org.mozilla:en-US:official&client=firefox-a|http://news.yahoo.com/huge-ancient-civilization-collapse-explained-123449804.html|http://www.newser.com/story/146834/cops-shoot-naked-guy-eating-mans-face-on-highway.html
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-12-30 20:50; {bee6eb20-01e0-ebd1-da83-080329fb9a3a}; c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
FF - ExtSQL: 2013-01-07 21:57; [email protected]; c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-09 09:41; [email protected]; c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-14 15:51; [email protected]; c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\extensions\[email protected]
FF - ExtSQL: 2013-01-24 21:18; {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}; c:\documents and settings\nunya\Application Data\Mozilla\Firefox\Profiles\8r59xdmj.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - ExtSQL: 2013-02-14 10:02; {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}; c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
HKLM-Run-hpqSRMon - (no file)
HKLM-Run-UnlockerAssistant - c:\program files\Unlocker\UnlockerAssistant.exe
Notify-NavLogon - (no file)
MSConfigStartUp-Spotify - c:\documents and settings\nunya\Application Data\Spotify\Spotify.exe
MSConfigStartUp-Spotify Web Helper - c:\documents and settings\nunya\Application Data\Spotify\Data\SpotifyWebHelper.exe
AddRemove-Perl_Express_2.5 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-15 10:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\SetID\Internal]
@Denied: (A 2) (LocalSystem)
"DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />"
"Device"="yM29zbvPzMnLvrm+x8fPzce+zro="
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="6EEC9605A444FAFEBC9E127BECC74CFEBC9E127 BECC74CFEBC9E127BECC74CFEBC9E127BECC74C FEBC9E127BECC74CFEBC9E127BECC74C5D575E7 D6A3B98089DB7CE019D40AA5C8EDD5E5BE2F6E6 67C038D530D6EB34521F3EF2DB8991BAF47BF96 6465B56FCB84D57BCC11FE06B8C8A3AFBA027E2 6D48776A10D8E6088EA9B6E2DC4B22477A5F2C2 EA0147CD448A3AA59AA6B510D1964F36D609BDA 01047E8E811002260D4F0BE056959F65FC03362 289D23F02C33FAD9DCD6D250341ED1440BDE552 4D1B3C15FD3A81D7242067F8F8D576B606BE5A5 08E5775D8D411962F1DC5FB0A4EE979FBA885FB 9053063B404C8C4AD2FE395A9B7A986BFE163A3 B3A8A86205A3577ADE01C2ACF8764FD3587C93E B8F4E371A383A2657646608D8C3F803757D7624 3FA0A27DC00D91BD97FEFB442DD667D290FA060 D470BB23DDAFF18D4E587E87D16FE12B173F099 2ED39B964B28CD0E9A867AEA0C1E7D6A1043C25 D2088E2A2FAB14F61F95F77CB515F44DC46ECA4 51AB96E0DE14A206D71DB415385E4191C335FE0 F80D5A447EC52C3B345416CF35D5A95541BA548 EBDFE43BF186FA9CC79447AC4BE12A9F63ED715 841F26110B7AB44EC670D1835EE7871F2A356C5 DB0CBE494A2C3E10D14CBD4B4C36063099DCEA5 7B5E6964C66DEF1F566C8F6E4C0001EE434F23C 252531FF776586D45EB5DD1EA8D2A19C1494F3D ABD5E12F7C08A9EA0C2794A18E89A193D3471B6 39BEB53071961B0164F02CA1EE88BDCC12CE252 3D3EDDB1A3B2881FE4CC18D67F4A7FBC561BDB6 99604A55842E36CA198AE75D193570CD732B3E7 A1389B5FCAA5C7E08B0AAD613E77ECAF28BD816 FE828439CB1697FDB2DFCA50530124D16295C20 0EE552E2DE12B82B619C09F611DF88BEF7B321B 3F94CD4B301875E423A994EF14924C2A0C0B67D F03ACB81CFD028F78BEBC980C19541B09CC1996 A2E4D36CAF018D452A1FA760E888380E56A3156 57A6A01D2FCF64112932EF88689B55104464453 85C72058B564DC8395B793BF3A9210287BCD39E 2F7CD978AF6F665C2853A65FC42174D726E52F5 9A96B84F97C9920C019199A81878D0F8C197ABF EEF63029B725C25FF1EAF033C6358065FC62F3D D50169A42CDF6E0DF210766AC9EE5BBEC64354A BA58714F71E879EBCB578BA8266974F94147CF2 16E70ECF6050255770AC08621E58F46FC165B44 E2B9224E4D5B0862D4DC36589B71F574D1F5B29 80BACE8DE981122E99AE1FC96FC06F7F99BF26C 3CAC32684A44B2F3788181CDF44213C137E1C42 0CD6AA7F029B55CF94F6F7599976631AED42E10 EE8B74F9F5270B116FBE96D71BDCD4D09EE46F3 AC802C87FD8BB4D1DDC17957C3170FD8A50DCF6 8CDBD6B1792A7267DA30696D730F3C4EC3B6230 C0DCB2A56FD47A052AE85BABF82B69291ABE8DC CFD2968858AEF69B4807"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(752)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(4176)
c:\windows\system32\WININET.dll
c:\documents and settings\nunya\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\WinMount\WinMTExt.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\msdtc.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\FolderSize\FolderSizeSvc.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\oodag.exe
c:\windows\System32\snmp.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\mqsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\system32\mqtgsvc.exe
c:\windows\system32\wscntfy.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\program files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
c:\program files\HP\HP Officejet Pro 8600\bin\HPNetworkCommunicator.exe
c:\program files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
.
**************************************************************************
.
Completion time: 2013-02-15 10:55:35 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-15 18:55
.
Pre-Run: 64,804,786,176 bytes free
Post-Run: 64,591,220,736 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptOut
.
- - End Of File - - CB1E262A03AA328C6261A44248DD1490
Thanks again for your help. :)
-
What do you mean by "another type of mail account"? Could you please elaborate on what you mean by "type" and what options are available?
You can learn more here. (http://www.bing.com/search?q=types+of+e-mail&src=IE-SearchBox&FORM=IE8SRC)
I use Outlook express and never get hacked but perhaps, it's not for everyone.
****************************************************
SysProt Antirootkit
Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).
http://sites.google.com/site/sysprotantirootkit/ (http://sites.google.com/site/sysprotantirootkit/)
Unzip it into a folder on your desktop.
- Double click Sysprot.exe to start the program.
- Click on the Log tab.
- In the Write to log box select the following items.
- Process << Selected
- Kernel Modules << Selected
- SSDT << Selected
- Kernel Hooks << Selected
- IRP Hooks << NOT Selected
- Ports << NOT Selected
- Hidden Files << Selected
- At the bottom of the page
- Hidden Objects Only << Selected
- Click on the Create Log button on the bottom right.
- After a few seconds a new window should appear.
- Select Scan Root Drive. Click on the Start button.
- When it is complete a new window will appear to indicate that the scan is finished.
- The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.
************************************************
- Download RogueKiller (http://tigzy.geekstogo.com/Tools/RogueKiller.exe) on the desktop
- Close all the running programs
- Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
- Otherwise just double-click on RogueKiller.exe
- Pre-scan will start. Let it finish.
- Click on SCAN button.
- A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
- If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
-
Thanks for your quick response! Here are the logs you requested:
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
SysProt - Scan Log
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
SysProt AntiRootkit v1.0.1.0
by swatkat
******************************************************************************************
******************************************************************************************
Process:
Name: C:\Program Files\Mozilla Firefox\plugin-container.exe
PID: 4
Hidden: Yes
Window Visible: No
******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: F1445000
Module End: F145D000
Hidden: Yes
Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: F7997000
Module End: F7999000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\rikvm_B91CB6D3.sys
Service Name: ---
Module Base: EE442000
Module End: EEAAA000
Hidden: Yes
Module Name: \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
Service Name: ---
Module Base: EB394000
Module End: EB397000
Hidden: Yes
******************************************************************************************
******************************************************************************************
SSDT:
Function Name: ZwUnloadKey
Address: EB3946D0
Driver Base: EB394000
Driver End: EB397000
Driver Name: \??\C:\WINDOWS\system32\Drivers\uphcleanhlp.sys
******************************************************************************************
******************************************************************************************
No Kernel Hooks found
******************************************************************************************
******************************************************************************************
Hidden files/folders:
Object: C:\Documents and Settings\nunya\Favorites\Unsorted Bookmarks\Box-shadow, one of CSS3's best new features - CSS3 . Info.URL
Status: Hidden
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\Close2Exp
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\Expired
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\Invalid
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\media\images\counter_solo.png.gzip
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\media\images\counter_solo.png.upd
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\media\images
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\media
Status: Access denied
Object: C:\Program Files\BitDefender\BitDefender 2010\NAG\Trial
Status: Access denied
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied
Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
RogueKiller - Scan Log
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
RogueKiller V8.5.1 [Feb 12 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : nunya [Admin rights]
Mode : Scan -- Date : 02/16/2013 12:54:31
| ARK || FAK || MBR |
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 2 ¤¤¤
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver : [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS722012K9A300 +++++
--- User ---
[MBR] 349c6827858e4dbb409978280bec0284
[BSP] 9090d7728f2bdb75430ebd274c071262 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 114463 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_02162013_02d1254.txt >>
RKreport[1]_S_02162013_02d1254.txt
-
How's your computer running now? Any other issues?
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
Q:
How's your computer running now? Any other issues?
The one thing that I have noticed is the Windows XP busy signal (hourglass) has been blinking off and on consistently. My research indicates that the root cause of this is usually some malware/keylogger "phoning home". I am afraid to change my passwords, until I am sure the malware has been removed from my computer.
By the same token, I have avoided installing any other protectors or removers since my original post, as per your instructions, though I have read about other targeted tools, including something called TSSDKiller??. Because this hourglass keeps blinking, though nothing is even on that should be causing that, I believe wholeheartedly that my machine is still infected with what I would call a "Smart Virus". Also, this last log set seems to indeed point toward the Torch browser as being AN ISSUE, but I would say, not necessarily the only issue. I have also downloaded the latest version of Comodo Personal Firwall, but have not installed it as I am trying to follow your instructions to the letter and avoid corrupting the results of the scans by adding more factors.
Here are the logs (note for anyone else finding this post in a google search, this last scan took over 4 hours, so you might want to grab some popcorn a couple movies, depending on your processor speed):
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ESET - Log 1
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
C:\Documents and Settings\nunya\Local Settings\Application Data\Torch\User Data\Default\Cache\f_00027a a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ESET - Log 2
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7360696be743834ca7b04e16797a258f
# engine=13173
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-17 07:17:43
# local_time=2013-02-16 11:17:43 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 100 100 46606333 57851933 0 0
# scanned=214652
# found=1
# cleaned=1
# scan_time=21132
sh=FD78AF82E44B36A450941C6F012D79E0181874FA ft=1 fh=f4d2224747b5a87e vn="a variant of Win32/Adware.iBryte.D application (cleaned by deleting - quarantined)" ac=C fn="C:\Documents and Settings\nunya\Local Settings\Application Data\Torch\User Data\Default\Cache\f_00027a"
-
My research indicates that the root cause of this is usually some malware/keylogger "phoning home".
Or, it could be some programs updating. The next time the computer does that, please check your taskmanager to see what's running. You can experiment by closing each task except explorer to see if that fixes the problem.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
- If an infected file is detected, the default action will be Cure, click on Continue.
- If a suspicious file is detected, the default action will be Skip, click on Continue.
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
- Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory..
-
Perhaps this is jumping the gun, but I think my issue is solved, which I will explain momentarily. First, however, let me enumerate the main symptoms of my issue:
SYMPTOMS OF MY ISSUE:
- Spam mass-mailed to my entire Yahoo Email contact list at random intervals
- Constant blinking hourglass cursor
- Popups launched urging me to click (rogue installers including "remove spyware" and "update Flash', and obligatory adult/porn pages) when cut-pasting from Firefox address bar to Chrome address bar
- Unable to uninstall Torch browser (from either Add/Remove Programs or cCleaner's uninstall)
*** [SOLVED] Constant blinking hourglass cursor ***
Following your last response I ran TDSSKiller and it found nothing (log below). Subsequently, I ran msconfig, to try and get the hourglass to go away. I started to think maybe it was related to HP scanner driver software installed which has a resident process in the taskbar. Said process will frequently pop-up a tooltip when I'm not even accessing it which says something like "Scan to Computer is no longer activated".
I rebooted in diagnostic mode first ... EUREEKA! -- Flashing hourglass gone! Then I tried with just startup items (not processes or ini files) checked -- successful!, and finally in "Normal Mode", which loaded all system tray TSR's (terminate and stay resident, a term we used to use when I started at Mattel Software in 1998), and was also successful.
Q:
So, it would appear from my estimation, that the root cause of the blinking hourglass pointer, may have been that a particular set of "startup items" and startup processes needed to be enabled in tandem, otherwise the main application which they belong to would not work properly ... I'm not sure if that's within the scope of your expertise, but I'll ask anyway -- does that sound like a correct analysis?
At least that's my best guess, because in my previous configuration I had limited what would startup with msconfig to keep processor from spiking to 100% usage due to too many background processes running. It is possible that, in the past, I unchecked something that should have been checked or vice-versa. In any case, the SOLUTION to this symptom was to enable all processes to load in msconfig.
*** [SOLVED] -- Firefox to Chrome rogue popups when cut-pasting ***
This effect has disappeared. I wonder if this is due to the removal of "Win32/Adware.iBryte.D" by yesterday's ESET scan? That was the only actual malware that I can recall seeing in any of the logs.
*** [SOLVED] -- Unable to uninstall Torch browser ***
Today was able to uninstall Torch browser from CCleaner just fine! :) No issues whatsoever. Before, no uninstall dialog ever popped up, but this time one did.
*** Spam sent to my entire Yahoo Email contact list ***
This is the one I'm still unsure how to solve. I've dumped public mail addresses in the past, but I really can't afford to do that with this one. On searching my Yahoo Mail for "[email protected]", (which is the response indicated some failure to deliver message), I found that the hacker spammed my contacts Jan 30 & Feb 3, 4, 8, & 9. The last time a spam happened was last Saturday (Feb 9), and coincidence or not, that is also the most recent date that i changed my yahoo password, days before I requested help on this forum. In other words, it would appear that changing my password stopped the mailer daemon messages, and by extension, the spamming ... but
Q:
how can I be sure it's finally over and that the hacker isn't still hacked in (I'm not sure how it works from the villain's end) to my system, and maybe just went on vacation or something?
Q:
I have since backed-up up to an xml file all my yahoo contacts, and then deleted all my yahoo contacts. Is that a sufficient method to stop the spamming of my contacts?
Q:
Previously you said
I use Outlook express and never get hacked but perhaps, it's not for everyone.
It seems like what is being implied, though not explicitly stated, is that by using a "non-cloud-based" email client, one is less likely to have their password hacked. Is that right? If so, I would consider switching to Mozilla Thunderbird (since it is multi-platform), but since you are familiar with Outlook Express, can you tell me if there is an easy way that I could have people still email my same Yahoo email account, but have it forwarded and filtered through the local email client (Outlook, Thunderbird, etc.)?
Q:
Certainly, there must be a technical term for what I'm asking right now, but I haven't a clue what it would be ... something to do with POP3 or SMTP (I don't know what those are, just heard the terms associated with email config before)? If there's anyway you could either give me a simple, immediately-useful, turnkey answer that would be amazing, or if you could tell me the term/phrase that I need to google that would also put me a step ahead. I realize you are very busy helping many folks like me to clean their systems of malware, and any help you can give me in this area will be greatly appreciated!
Q:
Windows Firewall is currently enabled, but based on your earlier counsel I am eager to get Comodo installed. Is it ok to do that yet?
Thanks again for your time and assistance on this issue so far Dave. The TDSSKiller log is posted below. I look forward to your next response. ;D
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
TDSSKiller Log
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
12:04:06.0187 5560 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
12:04:06.0187 5560 ============================================================
12:04:06.0187 5560 Current date / time: 2013/02/17 12:04:06.0187
12:04:06.0187 5560 SystemInfo:
12:04:06.0187 5560
12:04:06.0187 5560 OS Version: 5.1.2600 ServicePack: 3.0
12:04:06.0187 5560 Product type: Workstation
12:04:06.0187 5560 ComputerName: NC6120
12:04:06.0187 5560 UserName: nunya
12:04:06.0187 5560 Windows directory: C:\WINDOWS
12:04:06.0187 5560 System windows directory: C:\WINDOWS
12:04:06.0187 5560 Processor architecture: Intel x86
12:04:06.0187 5560 Number of processors: 2
12:04:06.0187 5560 Page size: 0x1000
12:04:06.0187 5560 Boot type: Normal boot
12:04:06.0187 5560 ============================================================
12:04:08.0125 5560 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
12:04:08.0140 5560 ============================================================
12:04:08.0140 5560 \Device\Harddisk0\DR0:
12:04:08.0140 5560 MBR partitions:
12:04:08.0140 5560 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xDF8F8C1
12:04:08.0140 5560 ============================================================
12:04:08.0171 5560 C: <-> \Device\Harddisk0\DR0\Partition1
12:04:08.0171 5560 ============================================================
12:04:08.0171 5560 Initialize success
12:04:08.0171 5560 ============================================================
12:04:25.0734 5684 ============================================================
12:04:25.0734 5684 Scan started
12:04:25.0734 5684 Mode: Manual;
12:04:25.0734 5684 ============================================================
12:04:27.0312 5684 ================ Scan system memory ========================
12:04:27.0328 5684 System memory - ok
12:04:27.0328 5684 ================ Scan services =============================
12:04:27.0453 5684 Abiosdsk - ok
12:04:27.0468 5684 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
12:04:27.0468 5684 abp480n5 - ok
12:04:27.0515 5684 [ 8356DD18DA15D9C42A8584E1841844FE ] Accelerometer C:\WINDOWS\system32\DRIVERS\Accelerometer.sys
12:04:27.0515 5684 Accelerometer - ok
12:04:27.0546 5684 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
12:04:27.0546 5684 ACPI - ok
12:04:27.0562 5684 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12:04:27.0562 5684 ACPIEC - ok
12:04:27.0687 5684 [ 6CD368F2F066DFC507A7477F15B75EB6 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
12:04:27.0687 5684 AcrSch2Svc - ok
12:04:27.0703 5684 actccid - ok
12:04:27.0734 5684 [ 1600CB3056C984AF1987627128874E39 ] ADIHdAudAddService C:\WINDOWS\system32\drivers\ADIHdAud.sys
12:04:27.0750 5684 ADIHdAudAddService - ok
12:04:27.0812 5684 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
12:04:27.0828 5684 AdobeFlashPlayerUpdateSvc - ok
12:04:27.0843 5684 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
12:04:27.0843 5684 adpu160m - ok
12:04:27.0843 5684 [ 358063AB6C1C4173B735525CDFA65F94 ] AEAudio C:\WINDOWS\system32\drivers\AEAudio.sys
12:04:27.0843 5684 AEAudio - ok
12:04:27.0906 5684 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
12:04:27.0906 5684 aec - ok
12:04:27.0937 5684 [ 53696AD8FFC5FAC51949A525FF65A689 ] afcdp C:\WINDOWS\system32\DRIVERS\afcdp.sys
12:04:27.0937 5684 afcdp - ok
12:04:28.0250 5684 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
12:04:28.0734 5684 afcdpsrv - ok
12:04:28.0796 5684 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
12:04:28.0828 5684 AFD - ok
12:04:28.0875 5684 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
12:04:28.0875 5684 agp440 - ok
12:04:28.0875 5684 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
12:04:28.0875 5684 agpCPQ - ok
12:04:28.0890 5684 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
12:04:28.0890 5684 Aha154x - ok
12:04:28.0890 5684 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
12:04:28.0890 5684 aic78u2 - ok
12:04:28.0906 5684 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
12:04:28.0906 5684 aic78xx - ok
12:04:28.0921 5684 [ CABD827DC83A3F973787787329B7A3F2 ] akbus C:\WINDOWS\system32\DRIVERS\akbus.sys
12:04:28.0921 5684 akbus - ok
12:04:28.0937 5684 [ AD26519941B17242379AF9BA2EA15EBD ] akpcsc C:\WINDOWS\system32\DRIVERS\akpcsc.sys
12:04:28.0937 5684 akpcsc - ok
12:04:28.0953 5684 [ E8066CB9C7317CF5AF6DA04106453890 ] aksbus C:\WINDOWS\system32\DRIVERS\aksbus.sys
12:04:28.0953 5684 aksbus - ok
12:04:28.0968 5684 [ 71F54CEB96D8A0CECAFB008008618962 ] akspcsc C:\WINDOWS\system32\DRIVERS\akspcsc.sys
12:04:28.0968 5684 akspcsc - ok
12:04:28.0984 5684 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
12:04:28.0984 5684 Alerter - ok
12:04:29.0000 5684 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
12:04:29.0015 5684 ALG - ok
12:04:29.0046 5684 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
12:04:29.0046 5684 AliIde - ok
12:04:29.0062 5684 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
12:04:29.0062 5684 alim1541 - ok
12:04:29.0062 5684 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
12:04:29.0062 5684 amdagp - ok
12:04:29.0078 5684 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
12:04:29.0078 5684 amsint - ok
12:04:29.0109 5684 [ EFA78DCA6DE1B9E5DFA1834AD9DD6B20 ] anvsnddrv C:\WINDOWS\system32\drivers\anvsnddrv.sys
12:04:29.0109 5684 anvsnddrv - ok
12:04:29.0171 5684 [ 7EF47644B74EBE721CC32211D3C35E76 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
12:04:29.0171 5684 Apple Mobile Device - ok
12:04:29.0218 5684 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
12:04:29.0218 5684 AppMgmt - ok
12:04:29.0234 5684 [ B5B8A80875C1DEDEDA8B02765642C32F ] Arp1394 C:\WINDOWS\system32\DRIVERS\arp1394.sys
12:04:29.0234 5684 Arp1394 - ok
12:04:29.0250 5684 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
12:04:29.0250 5684 asc - ok
12:04:29.0250 5684 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
12:04:29.0250 5684 asc3350p - ok
12:04:29.0250 5684 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
12:04:29.0250 5684 asc3550 - ok
12:04:29.0390 5684 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
12:04:29.0390 5684 aspnet_state - ok
12:04:29.0406 5684 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
12:04:29.0406 5684 AsyncMac - ok
12:04:29.0437 5684 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
12:04:29.0437 5684 atapi - ok
12:04:29.0437 5684 Atdisk - ok
12:04:29.0484 5684 [ 2F3D8FD5605D0195D072AF3E1EB2B262 ] Ati HotKey Poller C:\WINDOWS\system32\Ati2evxx.exe
12:04:29.0484 5684 Ati HotKey Poller - ok
12:04:29.0578 5684 [ EA0139D1673F0DB5EC9BC0EB9994CBB2 ] ati2mtag C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
12:04:29.0578 5684 ati2mtag - ok
12:04:29.0609 5684 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
12:04:29.0609 5684 Atmarpc - ok
12:04:29.0625 5684 [ B92864FE3C6E7D8D0A6B5603DEF691FD ] ATSWPDRV C:\WINDOWS\system32\DRIVERS\ATSwpDrv.sys
12:04:29.0625 5684 ATSWPDRV - ok
12:04:29.0671 5684 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
12:04:29.0671 5684 AudioSrv - ok
12:04:29.0703 5684 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
12:04:29.0703 5684 audstub - ok
12:04:29.0734 5684 [ 4826FCF97C47B361A2E2F68CD487A19E ] b57w2k C:\WINDOWS\system32\DRIVERS\b57xp32.sys
12:04:29.0734 5684 b57w2k - ok
12:04:29.0765 5684 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
12:04:29.0765 5684 BANTExt - ok
12:04:29.0781 5684 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
12:04:29.0781 5684 Beep - ok
12:04:29.0812 5684 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
12:04:29.0828 5684 BITS - ok
12:04:29.0906 5684 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
12:04:29.0906 5684 Bonjour Service - ok
12:04:29.0937 5684 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
12:04:29.0937 5684 Browser - ok
12:04:29.0984 5684 [ 3AA4BF555C00C5B87FD48DD7BDBD4E97 ] btaudio C:\WINDOWS\system32\drivers\btaudio.sys
12:04:29.0984 5684 btaudio - ok
12:04:30.0000 5684 [ 07F0A66CFA550B13AD0674AE09E3CBA0 ] BTDriver C:\WINDOWS\system32\DRIVERS\btport.sys
12:04:30.0000 5684 BTDriver - ok
12:04:30.0046 5684 [ BA57F31EAB93DC597D772F6F5B9ED54F ] BTKRNL C:\WINDOWS\system32\DRIVERS\btkrnl.sys
12:04:30.0046 5684 BTKRNL - ok
12:04:30.0125 5684 [ 0ECE2B1910527AE85691151D56621891 ] btwdins c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
12:04:30.0125 5684 btwdins - ok
12:04:30.0156 5684 [ B1D350F3F13CF340FCE93912D2BA1EBF ] BTWDNDIS C:\WINDOWS\system32\DRIVERS\btwdndis.sys
12:04:30.0156 5684 BTWDNDIS - ok
12:04:30.0171 5684 [ 57E91E9925976BBC98984EEBAAF1D84C ] BTWUSB C:\WINDOWS\system32\Drivers\btwusb.sys
12:04:30.0171 5684 BTWUSB - ok
12:04:30.0171 5684 catchme - ok
12:04:30.0218 5684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
12:04:30.0218 5684 cbidf - ok
12:04:30.0218 5684 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
12:04:30.0218 5684 cbidf2k - ok
12:04:30.0250 5684 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
12:04:30.0250 5684 CCDECODE - ok
12:04:30.0265 5684 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
12:04:30.0265 5684 cd20xrnt - ok
12:04:30.0265 5684 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
12:04:30.0265 5684 Cdaudio - ok
12:04:30.0296 5684 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
12:04:30.0296 5684 Cdfs - ok
12:04:30.0312 5684 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
12:04:30.0312 5684 Cdrom - ok
12:04:30.0343 5684 [ 30B37C18E1725EB9F25039E9A1FB9B7E ] CDRPDACC C:\Program Files\Quintessential Media Player\cdrpdacc.sys
12:04:30.0343 5684 CDRPDACC - ok
12:04:30.0359 5684 Changer - ok
12:04:30.0375 5684 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
12:04:30.0375 5684 CiSvc - ok
12:04:30.0390 5684 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
12:04:30.0390 5684 ClipSrv - ok
12:04:30.0468 5684 [ CB7140527636EE97CAD55C999FBCF636 ] CLKMSVC10_B91CB6D3 C:\Program Files\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
12:04:30.0468 5684 CLKMSVC10_B91CB6D3 - ok
12:04:30.0546 5684 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:04:30.0546 5684 clr_optimization_v2.0.50727_32 - ok
12:04:30.0562 5684 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:04:30.0562 5684 clr_optimization_v4.0.30319_32 - ok
12:04:30.0609 5684 [ 0F6C187D38D98F8DF904589A5F94D411 ] CmBatt C:\WINDOWS\system32\DRIVERS\CmBatt.sys
12:04:30.0609 5684 CmBatt - ok
12:04:30.0625 5684 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
12:04:30.0625 5684 CmdIde - ok
12:04:30.0640 5684 [ 6E4C9F21F0FAE8940661144F41B13203 ] Compbatt C:\WINDOWS\system32\DRIVERS\compbatt.sys
12:04:30.0640 5684 Compbatt - ok
12:04:30.0640 5684 COMSysApp - ok
12:04:30.0640 5684 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
12:04:30.0640 5684 Cpqarray - ok
12:04:30.0656 5684 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
12:04:30.0656 5684 CryptSvc - ok
12:04:30.0671 5684 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
12:04:30.0687 5684 dac2w2k - ok
12:04:30.0687 5684 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
12:04:30.0687 5684 dac960nt - ok
12:04:30.0750 5684 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
12:04:30.0750 5684 DcomLaunch - ok
12:04:30.0765 5684 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
12:04:30.0765 5684 Dhcp - ok
12:04:30.0812 5684 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
12:04:30.0812 5684 Disk - ok
12:04:30.0812 5684 dmadmin - ok
12:04:30.0843 5684 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
12:04:30.0859 5684 dmboot - ok
12:04:30.0859 5684 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
12:04:30.0859 5684 dmio - ok
12:04:30.0890 5684 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
12:04:30.0890 5684 dmload - ok
12:04:30.0906 5684 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
12:04:30.0906 5684 dmserver - ok
12:04:30.0921 5684 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
12:04:30.0921 5684 DMusic - ok
12:04:30.0953 5684 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
12:04:30.0953 5684 Dnscache - ok
12:04:30.0984 5684 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
12:04:30.0984 5684 Dot3svc - ok
12:04:30.0984 5684 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
12:04:30.0984 5684 dpti2o - ok
12:04:31.0031 5684 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
12:04:31.0031 5684 drmkaud - ok
12:04:31.0062 5684 [ 8942419786970ADB32B05BB7950AEE72 ] e1express C:\WINDOWS\system32\DRIVERS\e1e5132.sys
12:04:31.0062 5684 e1express - ok
12:04:31.0093 5684 [ B5CB3084046146FD2587D8C9B219FEB4 ] eabfiltr C:\WINDOWS\system32\DRIVERS\eabfiltr.sys
12:04:31.0093 5684 eabfiltr - ok
12:04:31.0109 5684 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
12:04:31.0109 5684 EapHost - ok
12:04:31.0140 5684 [ 57CC1BF06C159DFBB989F5783C0E6A50 ] epmntdrv C:\WINDOWS\system32\epmntdrv.sys
12:04:31.0140 5684 epmntdrv - ok
12:04:31.0140 5684 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
12:04:31.0140 5684 ERSvc - ok
12:04:31.0156 5684 [ 5F779F5EDAB787F2D090C71A9051F365 ] EuGdiDrv C:\WINDOWS\system32\EuGdiDrv.sys
12:04:31.0156 5684 EuGdiDrv - ok
12:04:31.0203 5684 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
12:04:31.0203 5684 Eventlog - ok
12:04:31.0218 5684 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
12:04:31.0218 5684 EventSystem - ok
12:04:31.0265 5684 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
12:04:31.0265 5684 Fastfat - ok
12:04:31.0296 5684 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
12:04:31.0312 5684 FastUserSwitchingCompatibility - ok
12:04:31.0312 5684 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
12:04:31.0312 5684 Fdc - ok
12:04:31.0359 5684 [ A75DDC492D2D1D6558AD8003A4ADB73A ] FilterService C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
12:04:31.0359 5684 FilterService - ok
12:04:31.0375 5684 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
12:04:31.0375 5684 Fips - ok
12:04:31.0421 5684 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
12:04:31.0437 5684 FLEXnet Licensing Service - ok
12:04:31.0453 5684 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
12:04:31.0453 5684 Flpydisk - ok
12:04:31.0468 5684 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
12:04:31.0468 5684 FltMgr - ok
12:04:31.0515 5684 [ 5043F0D9A22AABF550508B3165C5B0FD ] FolderSize C:\Program Files\FolderSize\FolderSizeSvc.exe
12:04:31.0515 5684 FolderSize - ok
12:04:31.0593 5684 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
12:04:31.0593 5684 FontCache3.0.0.0 - ok
12:04:31.0609 5684 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
12:04:31.0609 5684 Fs_Rec - ok
12:04:31.0625 5684 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
12:04:31.0625 5684 Ftdisk - ok
12:04:31.0656 5684 [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
12:04:31.0656 5684 GEARAspiWDM - ok
12:04:31.0671 5684 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
12:04:31.0671 5684 Gpc - ok
12:04:31.0718 5684 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
12:04:31.0718 5684 gupdate - ok
12:04:31.0718 5684 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
12:04:31.0718 5684 gupdatem - ok
12:04:31.0765 5684 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
12:04:31.0781 5684 gusvc - ok
12:04:31.0796 5684 [ CEF316DBBD1B3845A6D53ED620EB1AEB ] HBtnKey C:\WINDOWS\system32\DRIVERS\cpqbttn.sys
12:04:31.0796 5684 HBtnKey - ok
12:04:31.0828 5684 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
12:04:31.0828 5684 HDAudBus - ok
12:04:31.0890 5684 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
12:04:31.0906 5684 helpsvc - ok
12:04:31.0921 5684 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
12:04:31.0921 5684 HidServ - ok
12:04:31.0937 5684 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
12:04:31.0937 5684 HidUsb - ok
12:04:31.0984 5684 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
12:04:31.0984 5684 hkmsvc - ok
12:04:32.0000 5684 [ C1AE4BC866AAF10D8BBB182B35C14986 ] hpdskflt C:\WINDOWS\system32\DRIVERS\hpdskflt.sys
12:04:32.0000 5684 hpdskflt - ok
12:04:32.0015 5684 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
12:04:32.0015 5684 hpn - ok
12:04:32.0093 5684 [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
12:04:32.0093 5684 hpqcxs08 - ok
12:04:32.0140 5684 [ 04C1DCBB226C6AE647B794833CE3CEB6 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
12:04:32.0140 5684 hpqwmiex - ok
12:04:32.0187 5684 [ 568E44F6DCFA173F3670172B69379891 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
12:04:32.0203 5684 HPSLPSVC - ok
12:04:32.0218 5684 [ D03D10F7DED688FECF50F8FBF1EA9B8A ] HPZid412 C:\WINDOWS\system32\DRIVERS\HPZid412.sys
12:04:32.0218 5684 HPZid412 - ok
12:04:32.0234 5684 [ 89F41658929393487B6B7D13C8528CE3 ] HPZipr12 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
12:04:32.0234 5684 HPZipr12 - ok
12:04:32.0250 5684 [ ABCB05CCDBF03000354B9553820E39F8 ] HPZius12 C:\WINDOWS\system32\DRIVERS\HPZius12.sys
12:04:32.0250 5684 HPZius12 - ok
12:04:32.0281 5684 [ 3C01C18B866488FB6CC4E7D5472986A0 ] HSFHWAZL C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
12:04:32.0281 5684 HSFHWAZL - ok
12:04:32.0359 5684 [ 0D7D34441E37E4A41B61CFF0CBCA1E3D ] HSF_DPV C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
12:04:32.0375 5684 HSF_DPV - ok
12:04:32.0406 5684 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
12:04:32.0421 5684 HTTP - ok
12:04:32.0468 5684 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
12:04:32.0468 5684 HTTPFilter - ok
12:04:32.0484 5684 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
12:04:32.0484 5684 i2omgmt - ok
12:04:32.0500 5684 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
12:04:32.0500 5684 i2omp - ok
12:04:32.0546 5684 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
12:04:32.0546 5684 i8042prt - ok
12:04:32.0578 5684 [ DC3B6AD2EAA99C53B82E6FBCA3630138 ] iaStor C:\WINDOWS\system32\DRIVERS\iaStor.sys
12:04:32.0578 5684 iaStor - ok
12:04:32.0640 5684 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
12:04:32.0656 5684 idsvc - ok
12:04:32.0671 5684 [ F67554DA27D5B55EFCB6C7CB4818FBFD ] IFXTPM C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
12:04:32.0671 5684 IFXTPM - ok
12:04:32.0687 5684 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
12:04:32.0687 5684 Imapi - ok
12:04:32.0734 5684 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
12:04:32.0734 5684 ImapiService - ok
12:04:32.0750 5684 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
12:04:32.0765 5684 ini910u - ok
12:04:32.0781 5684 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
12:04:32.0781 5684 IntelIde - ok
12:04:32.0796 5684 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
12:04:32.0796 5684 intelppm - ok
12:04:32.0812 5684 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
12:04:32.0828 5684 Ip6Fw - ok
12:04:32.0859 5684 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
12:04:32.0859 5684 IpFilterDriver - ok
12:04:32.0859 5684 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
12:04:32.0859 5684 IpInIp - ok
12:04:32.0875 5684 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
12:04:32.0875 5684 IpNat - ok
12:04:32.0921 5684 [ 57EDB35EA2FECA88F8B17C0C095C9A56 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
12:04:32.0937 5684 iPod Service - ok
12:04:32.0968 5684 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
12:04:32.0968 5684 IPSec - ok
12:04:32.0984 5684 [ ACA5E7B54409F9CB5EED97ED0C81120E ] irda C:\WINDOWS\system32\DRIVERS\irda.sys
12:04:32.0984 5684 irda - ok
12:04:33.0000 5684 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
12:04:33.0000 5684 IRENUM - ok
12:04:33.0000 5684 [ 49CC4533CE897CB2E93C1E84A818FDE5 ] Irmon C:\WINDOWS\System32\irmon.dll
12:04:33.0015 5684 Irmon - ok
12:04:33.0046 5684 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
12:04:33.0046 5684 isapnp - ok
12:04:33.0093 5684 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
12:04:33.0109 5684 IviRegMgr - ok
12:04:33.0171 5684 [ A0D14B7538FA3AE9CB771B9E99CECF43 ] JavaQuickStarterService C:\Program Files\Java\jre6\bin\jqs.exe
12:04:33.0187 5684 JavaQuickStarterService - ok
12:04:33.0187 5684 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
12:04:33.0187 5684 Kbdclass - ok
12:04:33.0187 5684 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
12:04:33.0187 5684 kbdhid - ok
12:04:33.0203 5684 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
12:04:33.0218 5684 kmixer - ok
12:04:33.0234 5684 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
12:04:33.0234 5684 KSecDD - ok
12:04:33.0265 5684 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
12:04:33.0265 5684 lanmanserver - ok
12:04:33.0312 5684 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
12:04:33.0328 5684 lanmanworkstation - ok
12:04:33.0328 5684 lbrtfdc - ok
12:04:33.0359 5684 [ 559C9B7800FAC92FC515CD0003D7C631 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
12:04:33.0359 5684 LightScribeService - ok
12:04:33.0390 5684 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
12:04:33.0390 5684 LmHosts - ok
12:04:33.0437 5684 [ 32933B07FC16D9F778BEE12545FA1B1A ] LPDSVC C:\WINDOWS\system32\tcpsvcs.exe
12:04:33.0437 5684 LPDSVC - ok
12:04:33.0468 5684 [ 01F0E010ACB61472163E9D02D3FF531A ] lvpopflt C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
12:04:33.0468 5684 lvpopflt - ok
12:04:33.0500 5684 [ 1A7DB7A00A4B0D8DA24CD691A4547291 ] LVPr2Mon C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
12:04:33.0500 5684 LVPr2Mon - ok
12:04:33.0546 5684 [ 0DDFDCAA92C7F553328DB06BA599BEA9 ] LVPrcSrv C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
12:04:33.0546 5684 LVPrcSrv - ok
12:04:33.0562 5684 [ 87ECCE893D8AEC5A9337B917742D339C ] LVRS C:\WINDOWS\system32\DRIVERS\lvrs.sys
12:04:33.0562 5684 LVRS - ok
12:04:33.0609 5684 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\WINDOWS\system32\drivers\LVUSBSta.sys
12:04:33.0609 5684 LVUSBSta - ok
12:04:33.0796 5684 [ 291F69B3DDA0F033D2490C5BA5179F7C ] LVUVC C:\WINDOWS\system32\DRIVERS\lvuvc.sys
12:04:33.0906 5684 LVUVC - ok
12:04:33.0937 5684 magaService - ok
12:04:33.0984 5684 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
12:04:33.0984 5684 MDM - ok
12:04:34.0046 5684 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
12:04:34.0046 5684 mdmxsdk - ok
12:04:34.0078 5684 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
12:04:34.0078 5684 Messenger - ok
12:04:34.0109 5684 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
12:04:34.0109 5684 mnmdd - ok
12:04:34.0140 5684 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
12:04:34.0156 5684 mnmsrvc - ok
12:04:34.0171 5684 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
12:04:34.0171 5684 Modem - ok
12:04:34.0203 5684 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
12:04:34.0203 5684 Mouclass - ok
12:04:34.0250 5684 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
12:04:34.0250 5684 mouhid - ok
12:04:34.0265 5684 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
12:04:34.0265 5684 MountMgr - ok
12:04:34.0296 5684 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
12:04:34.0296 5684 MozillaMaintenance - ok
12:04:34.0328 5684 [ FEE0BADED54222E9F1DAE9541212AAB1 ] MpFilter C:\WINDOWS\system32\DRIVERS\MpFilter.sys
12:04:34.0328 5684 MpFilter - ok
12:04:34.0453 5684 [ A69630D039C38018689190234F866D77 ] MpKsl602f32b2 C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{ED96AC11-8BED-42C9-9D1C-95F510862430}\MpKsl602f32b2.sys
12:04:34.0453 5684 MpKsl602f32b2 - ok
12:04:34.0468 5684 [ 70C14F5CCA5CF73F8A645C73A01D8726 ] MQAC C:\WINDOWS\system32\drivers\mqac.sys
12:04:34.0484 5684 MQAC - ok
12:04:34.0484 5684 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
12:04:34.0484 5684 mraid35x - ok
12:04:34.0500 5684 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
12:04:34.0500 5684 MRxDAV - ok
12:04:34.0546 5684 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
12:04:34.0546 5684 MRxSmb - ok
12:04:34.0593 5684 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
12:04:34.0593 5684 MSDTC - ok
12:04:34.0593 5684 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
12:04:34.0593 5684 Msfs - ok
12:04:34.0593 5684 MSIServer - ok
12:04:34.0640 5684 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
12:04:34.0640 5684 MSKSSRV - ok
12:04:34.0687 5684 [ CFCE43B70CA0CC4DCC8ADB62B792B173 ] MsMpSvc C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
12:04:34.0687 5684 MsMpSvc - ok
12:04:34.0687 5684 [ AFB909B537AAE1BEAE7BBDB6A36D40B0 ] MSMQ C:\WINDOWS\system32\mqsvc.exe
12:04:34.0687 5684 MSMQ - ok
12:04:34.0703 5684 [ 7F955FF3B1BB93376EBE75D5ACCDC6DB ] MSMQTriggers C:\WINDOWS\system32\mqtgsvc.exe
12:04:34.0703 5684 MSMQTriggers - ok
12:04:34.0718 5684 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
12:04:34.0718 5684 MSPCLOCK - ok
12:04:34.0734 5684 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
12:04:34.0734 5684 MSPQM - ok
12:04:34.0781 5684 [ DC6A032BEB31A6E370F4A26C8964B22A ] msralinkmonitor C:\Program Files\Remote tools\msraLinkMonitor.exe
12:04:34.0781 5684 msralinkmonitor - ok
12:04:34.0781 5684 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
12:04:34.0781 5684 mssmbios - ok
12:04:34.0828 5684 MSSQL$SQLEXPRESS - ok
12:04:34.0859 5684 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
12:04:34.0859 5684 MSSQLServerADHelper100 - ok
12:04:34.0875 5684 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
12:04:34.0875 5684 MSTEE - ok
12:04:34.0890 5684 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
12:04:34.0906 5684 Mup - ok
12:04:34.0921 5684 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
12:04:34.0921 5684 NABTSFEC - ok
12:04:34.0953 5684 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
12:04:34.0968 5684 napagent - ok
12:04:35.0031 5684 [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate C:\Program Files\Nero\Update\NASvc.exe
12:04:35.0046 5684 NAUpdate - ok
12:04:35.0062 5684 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
12:04:35.0062 5684 NDIS - ok
12:04:35.0062 5684 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
12:04:35.0062 5684 NdisIP - ok
12:04:35.0109 5684 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
12:04:35.0109 5684 NdisTapi - ok
12:04:35.0140 5684 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12:04:35.0140 5684 Ndisuio - ok
12:04:35.0156 5684 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
12:04:35.0156 5684 NdisWan - ok
12:04:35.0187 5684 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
12:04:35.0187 5684 NDProxy - ok
12:04:35.0218 5684 [ 510C138564486FF926A3F773205C63D1 ] Net Driver HPZ12 C:\WINDOWS\system32\HPZinw12.dll
12:04:35.0234 5684 Net Driver HPZ12 - ok
12:04:35.0234 5684 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
12:04:35.0234 5684 NetBIOS - ok
12:04:35.0250 5684 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
12:04:35.0250 5684 NetBT - ok
12:04:35.0281 5684 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
12:04:35.0296 5684 NetDDE - ok
12:04:35.0296 5684 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
12:04:35.0296 5684 NetDDEdsdm - ok
12:04:35.0343 5684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
12:04:35.0343 5684 Netlogon - ok
12:04:35.0375 5684 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
12:04:35.0375 5684 Netman - ok
12:04:35.0406 5684 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
12:04:35.0406 5684 NetTcpPortSharing - ok
12:04:35.0484 5684 [ 12B0D99865434387F784268B70E23360 ] NETw4x32 C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
12:04:35.0515 5684 NETw4x32 - ok
12:04:35.0656 5684 [ 05743FFFC2BC88CC8E426321BC6A762E ] NETw5x32 C:\WINDOWS\system32\DRIVERS\NETw5x32.sys
12:04:35.0703 5684 NETw5x32 - ok
12:04:35.0734 5684 [ E9E47CFB2D461FA0FC75B7A74C6383EA ] NIC1394 C:\WINDOWS\system32\DRIVERS\nic1394.sys
12:04:35.0734 5684 NIC1394 - ok
12:04:35.0781 5684 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
12:04:35.0781 5684 Nla - ok
12:04:35.0812 5684 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\WINDOWS\system32\drivers\npf.sys
12:04:35.0812 5684 NPF - ok
12:04:35.0828 5684 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
12:04:35.0828 5684 Npfs - ok
12:04:35.0875 5684 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
12:04:35.0890 5684 Ntfs - ok
12:04:35.0921 5684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
12:04:35.0921 5684 NtLmSsp - ok
12:04:35.0968 5684 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
12:04:35.0968 5684 NtmsSvc - ok
12:04:36.0000 5684 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
12:04:36.0000 5684 Null - ok
12:04:36.0031 5684 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12:04:36.0031 5684 NwlnkFlt - ok
12:04:36.0031 5684 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
12:04:36.0031 5684 NwlnkFwd - ok
12:04:36.0093 5684 [ 18829AA33A092728ECCD5B5F40EE06B0 ] O&O Defrag C:\WINDOWS\system32\oodag.exe
12:04:36.0125 5684 O&O Defrag - ok
12:04:36.0125 5684 [ CA33832DF41AFB202EE7AEB05145922F ] ohci1394 C:\WINDOWS\system32\DRIVERS\ohci1394.sys
12:04:36.0125 5684 ohci1394 - ok
12:04:36.0140 5684 [ F4CB9C1991314B1352DDBD8A968E4471 ] OlyCamComm C:\WINDOWS\system32\DRIVERS\OlyCamComm.sys
12:04:36.0140 5684 OlyCamComm - ok
12:04:36.0187 5684 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:04:36.0187 5684 ose - ok
12:04:36.0218 5684 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
12:04:36.0218 5684 Parport - ok
12:04:36.0218 5684 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
12:04:36.0218 5684 PartMgr - ok
12:04:36.0218 5684 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
12:04:36.0218 5684 ParVdm - ok
12:04:36.0250 5684 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
12:04:36.0250 5684 PCI - ok
12:04:36.0250 5684 PCIDump - ok
12:04:36.0281 5684 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
12:04:36.0281 5684 PCIIde - ok
12:04:36.0281 5684 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\DRIVERS\pcmcia.sys
12:04:36.0296 5684 Pcmcia - ok
12:04:36.0296 5684 PDCOMP - ok
12:04:36.0296 5684 PDFRAME - ok
12:04:36.0296 5684 PDRELI - ok
12:04:36.0296 5684 PDRFRAME - ok
12:04:36.0328 5684 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
12:04:36.0328 5684 perc2 - ok
12:04:36.0343 5684 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
12:04:36.0343 5684 perc2hib - ok
12:04:36.0375 5684 [ FBA08CFA7E378FD0FD7F93AD55F7CF00 ] PictureTaker C:\WINDOWS\system32\PCTKRNT.SYS
12:04:36.0375 5684 PictureTaker - ok
12:04:36.0375 5684 PLTurbh - ok
12:04:36.0390 5684 PLTurbo - ok
12:04:36.0421 5684 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
12:04:36.0421 5684 PlugPlay - ok
12:04:36.0453 5684 [ 37E5E8FFBAD35605DAEEC3224EA0E465 ] Pml Driver HPZ12 C:\WINDOWS\system32\HPZipm12.dll
12:04:36.0453 5684 Pml Driver HPZ12 - ok
12:04:36.0468 5684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
12:04:36.0468 5684 PolicyAgent - ok
12:04:36.0500 5684 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
12:04:36.0500 5684 PptpMiniport - ok
12:04:36.0515 5684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
12:04:36.0515 5684 ProtectedStorage - ok
12:04:36.0515 5684 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
12:04:36.0515 5684 PSched - ok
12:04:36.0531 5684 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
12:04:36.0531 5684 Ptilink - ok
12:04:36.0546 5684 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
12:04:36.0546 5684 PxHelp20 - ok
12:04:36.0578 5684 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
12:04:36.0578 5684 ql1080 - ok
12:04:36.0578 5684 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
12:04:36.0578 5684 Ql10wnt - ok
12:04:36.0578 5684 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
12:04:36.0593 5684 ql12160 - ok
12:04:36.0625 5684 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
12:04:36.0625 5684 ql1240 - ok
12:04:36.0625 5684 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
12:04:36.0625 5684 ql1280 - ok
12:04:36.0671 5684 [ A6C39EEDB4D7E8BF71FE09EC3F2AF7EF ] radexecd C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe
12:04:36.0671 5684 radexecd - ok
12:04:36.0687 5684 [ 179872881D1EAD94CFD4ACDF4982467A ] RadiaMsi C:\WINDOWS\system32\DRIVERS\radiamsi.sys
12:04:36.0687 5684 RadiaMsi - ok
12:04:36.0687 5684 [ 0BFD4472BFEA0EF4CDADE4296AF43E77 ] radsched C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe
12:04:36.0687 5684 radsched - ok
12:04:36.0734 5684 [ F126EB759D1D9B4B8709B0AE261011F5 ] Radstgms C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe
12:04:36.0734 5684 Radstgms - ok
12:04:36.0750 5684 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
12:04:36.0750 5684 RasAcd - ok
12:04:36.0765 5684 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
12:04:36.0765 5684 RasAuto - ok
12:04:36.0796 5684 [ 0207D26DDF796A193CCD9F83047BB5FC ] Rasirda C:\WINDOWS\system32\DRIVERS\rasirda.sys
12:04:36.0796 5684 Rasirda - ok
12:04:36.0796 5684 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
12:04:36.0812 5684 Rasl2tp - ok
12:04:36.0843 5684 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
12:04:36.0843 5684 RasMan - ok
12:04:36.0843 5684 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
12:04:36.0843 5684 RasPppoe - ok
12:04:36.0859 5684 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
12:04:36.0859 5684 Raspti - ok
12:04:36.0890 5684 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
12:04:36.0890 5684 Rdbss - ok
12:04:36.0890 5684 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
12:04:36.0890 5684 RDPCDD - ok
12:04:36.0937 5684 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
12:04:36.0937 5684 rdpdr - ok
12:04:36.0984 5684 [ FC105DD312ED64EB66BFF111E8EC6EAC ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
12:04:37.0000 5684 RDPWD - ok
12:04:37.0015 5684 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
12:04:37.0015 5684 RDSessMgr - ok
12:04:37.0031 5684 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
12:04:37.0031 5684 redbook - ok
12:04:37.0078 5684 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
12:04:37.0078 5684 RemoteAccess - ok
12:04:37.0093 5684 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
12:04:37.0093 5684 RemoteRegistry - ok
12:04:37.0140 5684 [ 355AAC141B214BEF1DBC1483AFD9BD50 ] rimmptsk C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
12:04:37.0140 5684 rimmptsk - ok
12:04:37.0171 5684 [ 7C21554942BEF51CBD84FD7D4E62CB9A ] rismc32 C:\WINDOWS\system32\DRIVERS\rismc32.sys
12:04:37.0171 5684 rismc32 - ok
12:04:37.0203 5684 [ 96F7A9A7BF0C9C0440A967440065D33C ] RMCAST C:\WINDOWS\system32\drivers\RMCast.sys
12:04:37.0203 5684 RMCAST - ok
12:04:37.0250 5684 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
12:04:37.0250 5684 rpcapd - ok
12:04:37.0265 5684 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
12:04:37.0265 5684 RpcLocator - ok
12:04:37.0296 5684 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
12:04:37.0296 5684 RpcSs - ok
12:04:37.0328 5684 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
12:04:37.0328 5684 RsFx0103 - ok
12:04:37.0390 5684 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
12:04:37.0390 5684 RSVP - ok
12:04:37.0406 5684 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
12:04:37.0406 5684 SamSs - ok
12:04:37.0546 5684 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
12:04:37.0546 5684 SCardSvr - ok
12:04:37.0625 5684 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
12:04:37.0671 5684 Schedule - ok
12:04:37.0734 5684 [ 8D04819A3CE51B9EB47E5689B44D43C4 ] sdbus C:\WINDOWS\system32\DRIVERS\sdbus.sys
12:04:37.0765 5684 sdbus - ok
12:04:37.0828 5684 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
12:04:37.0890 5684 Secdrv - ok
12:04:37.0921 5684 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
12:04:37.0968 5684 seclogon - ok
12:04:38.0000 5684 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
12:04:38.0062 5684 SENS - ok
12:04:38.0109 5684 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
12:04:38.0140 5684 serenum - ok
12:04:38.0203 5684 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
12:04:38.0203 5684 Serial - ok
12:04:38.0281 5684 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
12:04:38.0296 5684 Sfloppy - ok
12:04:38.0375 5684 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
12:04:38.0375 5684 SharedAccess - ok
12:04:38.0390 5684 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
12:04:38.0390 5684 ShellHWDetection - ok
12:04:38.0406 5684 Simbad - ok
12:04:38.0406 5684 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
12:04:38.0406 5684 sisagp - ok
12:04:38.0453 5684 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
12:04:38.0453 5684 SkypeUpdate - ok
12:04:38.0468 5684 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP&
-
So, it would appear from my estimation, that the root cause of the blinking hourglass pointer, may have been that a particular set of "startup items" and startup processes needed to be enabled in tandem, otherwise the main application which they belong to would not work properly ... I'm not sure if that's within the scope of your expertise, but I'll ask anyway -- does that sound like a correct analysis?
That difficult to say unless I'm sitting down in front of the computer.
StartupLite
Download StartupLite by MalwareBytes (http://www.malwarebytes.org/StartUpLite.exe) to your Desktop.
Doubleclick StartupLite.exe to launch the program.
Ensure the Disable box is checked.
Click Continue.
A pop up message will tell you the unecessary startup items in your list have been disabled and ask you to restart your computer.
Re-start your computer.
how can I be sure it's finally over and that the hacker isn't still hacked in (I'm not sure how it works from the villain's end) to my system, and maybe just went on vacation or something?
If your account is hacked it's hacked for a reason which will soon make itself apparent.
I have since backed-up up to an xml file all my yahoo contacts, and then deleted all my yahoo contacts. Is that a sufficient method to stop the spamming of my contacts?
I'm not really up-to-date on these sort of issues.
It seems like what is being implied, though not explicitly stated, is that by using a "non-cloud-based" email client, one is less likely to have their password hacked. Is that right? If so, I would consider switching to Mozilla Thunderbird (since it is multi-platform), but since you are familiar with Outlook Express, can you tell me if there is an easy way that I could have people still email my same Yahoo email account, but have it forwarded and filtered through the local email client (Outlook, Thunderbird, etc.)?
As stated before I'm not quite if that is possible but it sounds improbable.
If there's anyway you could either give me a simple, immediately-useful, turnkey answer that would be amazing, or if you could tell me the term/phrase that I need to google that would also put me a step ahead.
Not really as this is out of my pay rate.lol
Windows Firewall is currently enabled, but based on your earlier counsel I am eager to get Comodo installed. Is it ok to do that yet?
Yes, go ahead and do that.
I'd like to scan your machine with ESET OnlineScan
•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetOnline.png) button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstall.png) to download the ESET Smart Installer. Save it to your desktop.
- Double click on the (http://i424.photobucket.com/albums/pp322/digistar/esetSmartInstallDesktopIcon-1.png) icon on your desktop.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetAcceptTerms.png)
•Click the (http://i424.photobucket.com/albums/pp322/digistar/esetStart.png) button.
•Accept any security warnings from your browser.
- Leave the check mark next to Remove found threats.
•Check (http://i424.photobucket.com/albums/pp322/digistar/esetScanArchives.png)
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push (http://i424.photobucket.com/albums/pp322/digistar/esetListThreats.png)
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetExport.png), and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the (http://i424.photobucket.com/albums/pp322/digistar/esetBack.png) button.
•Push (http://i424.photobucket.com/albums/pp322/digistar/esetFinish.png)
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt
-
I ran the ESET scan. It took about 6 hours the first time (the other day) and 3.75 hrs today. Result was nothing found. I suppose that's a good thing. Since last post however, I came up with these items which I have questions about:
QUESTIONS:
Q:
1) I am still getting a strange version of browser hijack. It only happens in Chrome. The hijacks are seemingly random. For instance, a popup to some online game will launch when I click the new tab tab. Then a porn advert will popup when I am clicking the vertical elevator/slider. In all instances, the original page is found and loads fine. It's just these revenue-generating click-scheme popups that I don't understand where they are coming from. Also, I checked the hosts file and nothing malicious has been written there. I doubt this could be dns cache poisoning because I am able to reach the target page fine. I Googled, but the only results are people who have already figured out the name of what is infecting them. But, if all these tools I've implemented have found nothing, or next to nothing, then what is making Chrome exhibit this obscene behavior?? Ideas??
Q:
2) It occurred to me to tell you that I used to run Windows update religiously until a few years ago, but when MS kept trying to force their other malware tool on me and IE 8/9 every time I'd do an update I started to get suspicious that MS could easily install their own BIGBROTHER-WARE (R)(TM)(C) 2013 on my computer. Then about 2 years ago when I learned they were discontinuing support for XP, (which they have since extend the death date to 2014) i considered that perhaps MS would "Auto-Update" a poison pill to break my XP and force me to upgrade to a newer OS. If I'm talking to nerds like me here, I can't be the only one who has considered this, though my fortune did say "you tend to see connections where others do not". ;)
Anyway, I am unsure whether to update windows or to avoid that, or to update windows but only avoid certain update numbers which are listed on a technical web source which you can provide me the address to? This does not seem far-fetched from my perspective.
Q:
3) Can you tell me if there is something malicious in my HijackThis log from earlier?
Q:
4) I've learned that a malware could be removed from the computer, but may leave incorrect browser settings. Could you explain if this would explain why Chrome is giving me revenue-popups from mouse clicking not the content, but the interface? What settings would have changed to cause this and how do I set them back?
NEXT STEPS:
My next steps are to install and configure Comodo Firewall. I feel like maybe Windows update will be beneficial to close security holes. Should I also update drivers of some sort, or is that overkill?? I will wait to hear from you on whether to do Win Update and to what degree.
Below is the log from the second ESET scan I did, (first and only one so far today though). Thanks again for your help and I look forward to your response.
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ESET Scan Log
((((((((((((((((((((((((((((((((((())))))))))))))))))))))))))))))))))))))))
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7360696be743834ca7b04e16797a258f
# engine=13187
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-19 03:29:20
# local_time=2013-02-18 07:29:20 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5892 16777213 100 100 46765430 58011030 0 0
# scanned=211131
# found=0
# cleaned=0
# scan_time=13478
-
I am still getting a strange version of browser hijack. It only happens in Chrome. The hijacks are seemingly random.
Does this happen with other browsers such as FireFox or IE?
It occurred to me to tell you that I used to run Windows update religiously until a few years ago, but when MS kept trying to force their other malware tool on me and IE 8/9 every time I'd do an update I started to get suspicious that MS could easily install their own BIGBROTHER-WARE (R)(TM)(C) 2013 on my computer. Then about 2 years ago when I learned they were discontinuing support for XP, (which they have since extend the death date to 2014) i considered that perhaps MS would "Auto-Update" a poison pill to break my XP and force me to upgrade to a newer OS.
It's important that you get your updates. Malware just love programs that are not kept up-to-date. I use XP and I've never experiened any problems.
Can you tell me if there is something malicious in my HijackThis log from earlier?
Hijack is obsolete and is no longer used by malware experts.
I've learned that a malware could be removed from the computer, but may leave incorrect browser settings.
It's possible. You should uninstall and re-install Chrome.
Should I also update drivers of some sort, or is that overkill??
No, that's not necessary.
-
Does this happen with other browsers such as FireFox or IE?
Not at all.
It's important that you get your updates. Malware just love programs that are not kept up-to-date. I use XP and I've never experiened any problems.
I tried updating my system in IE8 and the browser just hangs. Any ideas? I am not able to download the updater even -- the browser hangs and I have to use taskkill to manually kill the process. Is this a sign of "subtle" malware on my machine interfering with a process that could find and remove it, or is this a more benign yet still disruptive issue? Or put more succinctly -- what is causing this and how can I resolve it so that I can get my updates?
As a reminder, here are my relevant specs:
(generated with Belarc Advisor :)
- Windows XP Professional Service Pack 3 (build 2600)
- 2.00 GHz Intel Core2 Duo
- 2GB RAM
- Internet Explorer Version 8.00.6001.18702
This is what I have tried so far:
- Windows update from Firefox 19 -- Fails with error saying I need to use IE6 or greater to update.
- Windows update from IE8 -- hangs at popup asking permission to install "Windows Update".
- Rebooted and tried update from IE8 again -- failed. Tried a total of 4 times, all to no avail.
- Win Update from IE8 -- On one attempt clicked the "More Info" dropdown arrows and received this error:
The instruction at "0x0fc70068" referenced memory at "0x0fc70068". The memory could not be "written upon clicking "Ok", IE closed.- Checked WindowsUpdate.log. Entries for the first attempt:
2013-02-19 19:56:47:343 3272 1350 Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0800) ===========
2013-02-19 19:56:47:343 3272 1350 Misc = Process: C:\WINDOWS\system32\rundll32.exe
2013-02-19 19:56:47:343 3272 1350 Misc = Module: C:\WINDOWS\system32\wuapi.dll
2013-02-19 19:56:47:343 3272 1350 ARP Connected to update session.
2013-02-19 19:56:47:343 3272 1350 ARP User is allowed to install published content.
2013-02-19 19:56:48:234 3272 1350 ARP Managed service NOT found.I'm unsure how to proceed from here. The Windows Update was a preliminary process I was going to do before installing COMODO, so now it seems I'm stuck until this issue gets resolved.
Hijack is obsolete and is no longer used by malware experts.
Thanks for letting me know that. Can you recommend a good one-stop-shop resource that will inform me on what the current BEST PRACTICES and TOOLS for malware detection and removal are?
You should uninstall and re-install Chrome.
Uninstalled, downloaded & Installed Chrome v. 24 -- Worked! :) Tested and the weird popups issue is now gone. During uninstall I also clicked "delete browsing data", so if anyone if using my steps as an example, that may be a key component to follow. Also, this was the most expedient solution, but I feel like the culprit possibly was a rogue "extension" or "addon" that I downloaded (mostly Firebug add-ons), and in other circumstances I might have investigated that hunch further.
I look forward to your next response and appreciate all your help so far. I know I ask a lot of questions and am pretty tenacious about getting high-granularity answers, which can seem annoying to some. But for me, it's just as important (if not more so) to understand the root cause of an issue as it is to know the best fix. Please don't hesitate to let me know if any of my queries are out of the scope of your expertise. Thanks.
-
Does this happen with other browsers such as FireFox or IE?
Not at all.
Then the problem appears to be with your browser.
Go to Microsoft Windows Update (http://windowsupdate.microsoft.com/) and get all critical updates.
If you still get an error please try this.
•Please download Dial-A-Fix from one of the following mirrors:
Primary mirror (http://djlizard.net.nyud.net:8080/software/Dial-a-fix-v0.60.0.24.zip)
Secondary mirror (http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip)
•Extract the zip file to your desktop.
•Double click Dial-a-Fix.exe to start the program. Dial-A-Fix might give you a lot errors, just ignore them and Click
(http://i424.photobucket.com/albums/pp322/digistar/OK.jpg) to continue.
•Press the green double checkmark box (Looks like this:
(http://i424.photobucket.com/albums/pp322/digistar/checkmark.png)
UNcheck Empty Temp Folders, as well as Adjust Time/Date in the prep section. The prep section should then look like this:
(http://i424.photobucket.com/albums/pp322/digistar/ncheck.png)
(http://i424.photobucket.com/albums/pp322/digistar/Window.png)
•Click on Go
•Wait for Dial-A-Fix to finish (All the checks marks will be all gone)
•Close Dial-A-Fix
-
Go to Microsoft Windows Update and get all critical updates.
Upon navigating to that link a modal window pops up with an option to install "Windows Update". When I click install it fails. However, here's something interesting. I decided to see what would happen if I enabled "Automatic Updates". After about 5-10 minutes AU started downloading. In the end I figured a restart was probably required to make the updates take effect -- I was right! The option "Shutdown After Installing Updates" presented itself when I went to reboot. All told, 82 updates were downloaded.
Upon reboot I noticed that Windows Firewall had been disabled, presumably by one of the updates that automatically installed.
I tried to install Windows Update and it failed/hung again.
Subsequently I ran Dial-A-Fix, as per your instructions. No log was generated that I am aware of, however these errors popped up (to avoid unnecessary repetition I put just the dll name) while during program execution:
Error 127: C:\WINDOWS\system32\iesetup.dll is not registerable or the file is corrupted. Your version of iesetup.dll is 8.00.6001.18702. Please contact [email protected] so that an exception can be made for your version of this file.
.... is not DLLInstall-able or the file is corrupted ...
.... system32\imgutil.dll is not registerable or the file is corrupted. ...
.... system32\inseng.dll ...
.... mshtml.dll ...
.... msrating.dll ...
.... occache.dll ...
.... pngfilt.dll ...
.... webcheck.dll ...
I don't understand it. Does this give a clue as to what is happening? Also, I have begun to notice the busy hourglass again, consistent, like some registry process is continually polling my CPU. I have had "Process Explorer" installed for many months, but I'm not sure I know how use it. Do you think that could help track-down the virus/malware?
I considered uninstalling IE8 because it was installed after SP3, however I noticed there were a lot (20-30) of items that were dependent on or installed after IE8, so I opted against the uninstall at the point. Again, I appreciate your help so far. Any ideas on why it is locking up, or what to do next?
-
Download Process Explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx (http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx)
Unzip ProcessExplorer.zip, and double click on procexp.exe to run the program.
Click on View > Select Colunms.
In addition to already pre-selected options, make sure, the Command Line is selected, and press OK.
Go File>Save As, and save the report as Procexp.txt.
Attach the file to your next reply.
-
Here is the log from running Process Explorer v. 15.3:
Process PID CPU Private Bytes Working Set Description Company Name Command Line
System Idle Process 0 97.69 0 K 28 K
Interrupts n/a 1.54 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 1868 0.77 13,200 K 20,688 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com "C:\Documents and Settings\nunya\My Documents\Downloads\ProcessExplorer\procexp.exe"
WPFFontCache_v0400.exe 6008 2,012 K 4,548 K wpffontcache_v0400.exe Microsoft Corporation C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
wmiprvse.exe 5028 1,964 K 5,072 K WMI Microsoft Corporation C:\WINDOWS\system32\wbem\wmiprvse.exe
winlogon.exe 744 7,292 K 3,056 K Windows NT Logon Application Microsoft Corporation winlogon.exe
uphclean.exe 2996 628 K 1,728 K User Profile Hive Cleanup Service Microsoft Corporation "C:\Program Files\UPHClean\uphclean.exe"
TWCApp.exe 2004 105,572 K 131,476 K The Weather Channel App The Weather Channel "C:\Program Files\The Weather Channel\The Weather Channel App\TWCApp.exe"
TrueImageMonitor.exe 2220 19,468 K 9,784 K Acronis True Image Monitor Acronis "C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe"
System 4 0 K 240 K
svchost.exe 1128 24,944 K 36,852 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe 1048 2,852 K 5,456 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k rpcss
svchost.exe 1976 5,920 K 6,876 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k HPService
svchost.exe 2932 5,020 K 8,332 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k imgsvc
svchost.exe 1360 5,004 K 7,200 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
svchost.exe 1292 1,372 K 3,732 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k NetworkService
svchost.exe 988 3,204 K 5,340 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe 5524 5,448 K 7,440 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe 2432 1,052 K 3,036 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe 4704 1,608 K 3,580 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe 2520 1,044 K 3,008 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\System32\svchost.exe -k HPZ12
svchost.exe 664 1,340 K 3,872 K Generic Host Process for Win32 Services Microsoft Corporation C:\WINDOWS\system32\svchost.exe -k LocalService
sqlwriter.exe 2868 960 K 3,588 K SQL Server VSS Writer Microsoft Corporation "C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
sqlservr.exe 2316 55,964 K 42,260 K SQL Server Windows NT Microsoft Corporation "C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
spoolsv.exe 1748 8,472 K 11,324 K Spooler SubSystem App Microsoft Corporation C:\WINDOWS\system32\spoolsv.exe
snmp.exe 2848 1,532 K 3,976 K SNMP Service Microsoft Corporation C:\WINDOWS\System32\snmp.exe
smss.exe 644 176 K 444 K Windows NT Session Manager Microsoft Corporation \SystemRoot\System32\smss.exe
smax4pnp.exe 2720 2,532 K 4,928 K SMax4PNP Analog Devices, Inc. "C:\Program Files\Analog Devices\Core\smax4pnp.exe"
Skype.exe 2620 55,180 K 60,072 K Skype Skype Technologies S.A. "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
services.exe 788 2,012 K 3,864 K Services and Controller app Microsoft Corporation C:\WINDOWS\system32\services.exe
schedul2.exe 1168 1,072 K 3,360 K Acronis Scheduler 2 Acronis "C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe"
schedhlp.exe 1144 1,092 K 3,664 K Acronis Scheduler Helper Acronis "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
scardsvr.exe 1792 944 K 2,772 K Smart Card Resource Management Server Microsoft Corporation C:\WINDOWS\System32\SCardSvr.exe
ScanToPCActivationApp.exe 1776 2,684 K 8,292 K ScanToPCActivationApp Hewlett-Packard Co. "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN298BWHSY05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
Radstgms.exe 2676 1,252 K 3,136 K radstgms Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\Radstgms.exe"
radsched.exe 2580 856 K 2,752 K radsched Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radsched.exe"
radexecd.exe 2540 572 K 2,080 K radexecd Hewlett-Packard "C:\Program Files\Hewlett-Packard\PC COE 3\OV CMS\radexecd.exe"
PDVD10Serv.exe 2940 1,124 K 4,128 K PowerDVD RC Service CyberLink Corp. "C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe"
oodtray.exe 2992 1,428 K 5,296 K O&O Defrag TrayIcon (Win32) O&O Software GmbH "C:\WINDOWS\system32\oodtray.exe"
oodag.exe 2472 2,732 K 5,824 K O&O Defrag Agent (Win32) O&O Software GmbH C:\WINDOWS\system32\oodag.exe
olycamdetect.exe 3172 1,260 K 4,696 K OLYMPUS ib Resident Program OLYMPUS IMAGING CORP. "C:\Program Files\Olympus\ib\olycamdetect.exe" /Startup
NASvc.exe 2360 2,156 K 4,900 K NeroUpdate Nero AG "C:\Program Files\Nero\Update\NASvc.exe"
msseces.exe 3196 5,724 K 10,532 K Microsoft Security Client User Interface Microsoft Corporation "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
msraLinkMonitor.exe 2248 672 K 2,504 K Quaranti Application "C:\Program Files\Remote tools\msraLinkMonitor.exe"
MsMpEng.exe 1092 55,348 K 60,448 K Antimalware Service Executable Microsoft Corporation "C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
msdtc.exe 708 1,948 K 5,156 K MS DTC console program Microsoft Corporation C:\WINDOWS\system32\msdtc.exe
mqtgsvc.exe 4088 1,428 K 4,028 K Windows NT MSMQ Trigger Service Microsoft Corporation C:\WINDOWS\system32\mqtgsvc.exe
mqsvc.exe 3560 2,160 K 6,232 K Message Queuing Service Microsoft Corporation C:\WINDOWS\system32\mqsvc.exe
mDNSResponder.exe 1540 984 K 3,124 K Bonjour Service Apple Inc. "C:\Program Files\Bonjour\mDNSResponder.exe"
MDM.EXE 2168 1,184 K 3,804 K Machine Debug Manager Microsoft Corporation "C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE"
LWS.exe 3344 8,240 K 13,532 K Camera Software Logitech Inc. "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide
LVPrcSrv.exe 2148 1,232 K 2,912 K Logitech LVPrcSrv Module. Logitech Inc. "C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe"
LSSrvc.exe 2116 684 K 2,620 K Hewlett-Packard Company "C:\Program Files\Common Files\LightScribe\LSSrvc.exe"
lsass.exe 800 5,696 K 8,444 K LSA Shell (Export Version) Microsoft Corporation C:\WINDOWS\system32\lsass.exe
jqs.exe 2084 2,432 K 1,412 K Java(TM) Quick Starter Service Sun Microsystems, Inc. "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
iviRegMgr.exe 2064 584 K 2,324 K RegMgr Module InterVideo "C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe"
iTunesHelper.exe 3376 11,352 K 16,152 K iTunesHelper Apple Inc. "C:\Program Files\iTunes\iTunesHelper.exe"
iPodService.exe 5892 2,448 K 4,160 K iPodService Module (32-bit) Apple Inc. "C:\Program Files\iPod\bin\iPodService.exe"
Ida.exe 3424 2,352 K 6,220 K Intelligent Desktop Assistant (IDA) Hewlett-Packard Company "C:\Program Files\Hewlett-Packard\PC COE\IDA.EXE"
hpqWmiEx.exe 3096 2,012 K 3,540 K hpqwmiex Module Hewlett-Packard Development Company, L.P. "C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe"
HPNetworkCommunicator.exe 4448 4,248 K 6,112 K HPNetworkCommunicator Hewlett-Packard Co. "C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe"
GoogleToolbarNotifier.exe 3304 3,404 K 1,748 K GoogleToolbarNotifier Google Inc. "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
googletalk.exe 3472 11,596 K 18,160 K Google Talk Google "C:\Program Files\Google\Google Talk\googletalk.exe" /autostart
FolderSizeSvc.exe 1884 2,224 K 4,264 K FolderSize Service Brio "C:\Program Files\FolderSize\FolderSizeSvc.exe"
explorer.exe 3912 26,412 K 32,504 K Windows Explorer Microsoft Corporation C:\WINDOWS\Explorer.EXE
Everything.exe 3540 9,124 K 11,588 K Everything "C:\Program Files\Everything\Everything.exe" -startup
Dropbox.exe 4268 47,124 K 53,532 K Dropbox Dropbox, Inc. "C:\Documents and Settings\nunya\Application Data\Dropbox\bin\Dropbox.exe" /systemstartup
ctfmon.exe 3264 948 K 3,912 K CTF Loader Microsoft Corporation "C:\WINDOWS\system32\ctfmon.exe"
csrss.exe 712 1,772 K 4,420 K Client Server Runtime Process Microsoft Corporation C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
COEMsgDisplay.exe 456 1,068 K 4,184 K COEMsgDisplay Utility Hewlett Packard "C:\Program Files\Hewlett-Packard\PC COE\COEMsgDisplay.exe"
COCIManager.exe 3792 2,764 K 5,232 K Camera Control Interface Logitech Inc. "C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe" -Embedding
CLMLSvc.exe 3696 4,184 K 6,888 K CyberLink MediaLibray Service CyberLink "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
btwdins.exe 1156 1,868 K 2,672 K Bluetooth Support Server Broadcom Corporation. "c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe"
BTTray.exe 4168 3,476 K 5,552 K Bluetooth Tray Application Broadcom Corporation. "C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
brs.exe 3832 948 K 3,060 K brs cyberlink "C:\Program Files\Cyberlink\Shared files\brs.exe"
ati2evxx.exe 1220 944 K 3,496 K ATI External Event Utility EXE Module ATI Technologies Inc. Ati2evxx.exe -Client
ati2evxx.exe 956 788 K 3,188 K ATI External Event Utility EXE Module ATI Technologies Inc. C:\WINDOWS\system32\Ati2evxx.exe
AppleMobileDeviceService.exe 1300 10,216 K 13,928 K MobileDeviceService Apple Inc. "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"
alg.exe 6132 1,188 K 3,688 K Application Layer Gateway Service Microsoft Corporation C:\WINDOWS\System32\alg.exe
afcdpsrv.exe 1248 1,600 K 4,712 K File Level CDP Manager Service Acronis "C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe"
Sorry, I've been sick the today. I hope that's what you needed. Let me know if you need anything else. Thanks.
Oh, almost forgot: Since I discovered that shutting my machine off is the way to install new "Automatic-Updates", I've done that 4 times so far. Each time it says there are 6 updates to install. It never gives me any error, but doesn't it seem like too much of a coincidence that it's the exact same number of updates 3 times in a row?
-
Oops. I just realized you ask for the file to be attached, not cut/pasted, so here it is. Thanks.
[recovering disk space, attachment deleted by admin]
-
I can't see anything amiss in the processes. The only thing I can suggest is to use your taskmanager and stop each process except explorer.exe until you find a process that may be causing the hourglass waiting.
-
*** [SOLVED:] ***
Strangely the hourglass issue has disappeared and I can't identify anything that might have made that happen, except possibly allowing auto-update to proceed. Thanks for all your help and patience.
*** FOR ANYONE ELSE READING THIS ***
I don't really know what the exact solution was. What I do know is that it was likely a combination of all the anti-malware tools used and then enabling automatic updates in the end.
The malware prevention steps I will be taking are:
- Download & install Comodo Cleaning Essentials 2.5 (http://www.comodo.com/business-security/network-protection/cleaning_essentials.php)
- Download & install Comodo 5.5 (http://www.oldversion.com/windows/comodo-internet-security-5-5-195786)
NOTE: At the time of this writing, version 6 of Comodo Personal Firewall/Comodo Internet Security was just realeased, and hence there are very little YouTube or web-based instructional DIY tutorials on configuring the new interface, which is significantly different for the first time in half a decade. Therefore, I am installing the 2nd latest version, which is 5.5.
Thanks again and Kudos to you SuperDave, without who's help I would have been quite lost!!! :0)>
* Kudos Given *
* Topic Marked "SOLVED" *
-
Good Job! Let's do some cleanup.
To uninstall ComboFix
- Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
- In the field, type in ComboFix /uninstall
(http://i424.photobucket.com/albums/pp322/digistar/Combofix_uninstall_image.jpg)
(Note: Make sure there's a space between the word ComboFix and the forward-slash.)
- Then, press Enter, or click OK.
- This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.
************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup2.jpg)
Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.
(http://i424.photobucket.com/albums/pp322/digistar/diskcleanup.jpg)
This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*********************************************
I suggest using WOT - Web of Trust (http://www.mywot.com/). WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.
SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer (http://www.bleepingcomputer.com/forums/tutorial49.html) from Spyware and Malware
* If you don't know what ActiveX controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. (http://www.safer-networking.org/en/spybotsd/index.html) Guide: Use Spybot's Immunize Feature (http://www.bleepingcomputer.com/tutorials/tutorial43.html#immunize) to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ (http://www.safer-networking.org/en/faq/index.html)
Check out Keeping Yourself Safe On The Web (http://evilfantasy.wordpress.com/2008/05/20/keeping-yourself-safe-on-the-web/) for tips and free tools to help keep you safe in the future.
Also see Slow Computer? It may not be Malware (http://evilfantasy.wordpress.com/2008/05/24/slow-computer-it-may-not-be-malware/) for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!