Jump to content


Photo
- - - - -

Happili.com redirects. Help -- Trojan.Tracur


  • This topic is locked This topic is locked
25 replies to this topic

#1 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 30 April 2012 - 08:40 PM

Getting the Happili.com redirects. Here is my DDS and ATTACH.txt. Thanks in advanced Chris
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Chris at 21:34:00 on 2012-04-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.3727 [GMT -4:00]
.
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Windows\SysWOW64\atashost.exe
C:\Program Files\AVAST Software\Avast\AvastNet.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\SysWOW64\ezSharedSvcHost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Users\Chris\Desktop\OTL.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\setup\avast.setup
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
mWinlogon: Userinit=userinit.exe,
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
dRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
Trusted Zone: intuit.com\ttlc
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://kodak.webex.com/client/T27L10NSP25/support/ieatgpc1.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{9AC693E0-6DB0-488D-B05A-C2C72A854909} : DhcpNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswKbd;aswKbd;C:\Windows\system32\drivers\aswKbd.sys --> C:\Windows\system32\drivers\aswKbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-6 89600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2012-4-23 133944]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-4-18 44768]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2012-4-18 134920]
R2 avast! Net Client Service;avast! Net Client Service;C:\Program Files\AVAST Software\Avast\AvastNet.exe [2012-4-18 195160]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-1-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-1-24 991296]
R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-6-21 514232]
R2 FPLService;TrueSuiteService;C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-8-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13592]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-6 2413056]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-30 654408]
R2 MotoHelper;MotoHelper Service;C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-2-1 214896]
R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-24 2656280]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-1-24 1298496]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\system32\DRIVERS\btmaux.sys --> C:\Windows\system32\DRIVERS\btmaux.sys [?]
R3 btmhsf;btmhsf;C:\Windows\system32\DRIVERS\btmhsf.sys --> C:\Windows\system32\DRIVERS\btmhsf.sys [?]
R3 HP8207_8307;HP-HP8207_8307;C:\Windows\system32\DRIVERS\HP8207_8307.sys --> C:\Windows\system32\DRIVERS\HP8207_8307.sys [?]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\system32\DRIVERS\iBtFltCoex.sys --> C:\Windows\system32\DRIVERS\iBtFltCoex.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 intelkmd;intelkmd;C:\Windows\system32\DRIVERS\igdpmd64.sys --> C:\Windows\system32\DRIVERS\igdpmd64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-12-11 24176]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
R3 wdkmd;Intel WiDi KMD;C:\Windows\system32\DRIVERS\WDKMD.sys --> C:\Windows\system32\DRIVERS\WDKMD.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-9 253088]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?]
S3 BTCFilterService;USB Networking Driver Filter Service;C:\Windows\system32\DRIVERS\motfilt.sys --> C:\Windows\system32\DRIVERS\motfilt.sys [?]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2011-12-30 14216]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2011-12-30 8456]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-3-3 136176]
S3 hpCMSrv;HP Connection Manager 4.0 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-2-15 1071160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
S3 motandroidusb;Mot ADB Interface Driver;C:\Windows\system32\Drivers\motoandroid.sys --> C:\Windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;C:\Windows\system32\DRIVERS\Motousbnet.sys --> C:\Windows\system32\DRIVERS\Motousbnet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-7-27 340240]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\system32\DRIVERS\RsFx0103.sys --> C:\Windows\system32\DRIVERS\RsFx0103.sys [?]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2012-05-01 00:25:32 -------- d-----w- C:\Windows\pss
2012-04-29 20:09:17 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DFBC3D13-B080-45CB-ABE6-5EF0955FC533}\mpengine.dll
2012-04-24 00:26:16 232960 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2012-04-24 00:17:49 -------- d-----w- C:\Windows\SysWow64\kodak
2012-04-24 00:15:54 -------- d-----w- C:\Windows\SysWow64\spool
2012-04-24 00:02:30 -------- d-----w- C:\ProgramData\Eastman Kodak Company
2012-04-24 00:01:46 -------- d-----w- C:\Program Files (x86)\Kodak
2012-04-24 00:01:34 -------- d-----w- C:\Program Files\Bonjour
2012-04-24 00:01:34 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-04-23 23:32:52 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe
2012-04-23 23:32:51 133944 ----a-w- C:\Windows\SysWow64\atashost.exe
2012-04-23 23:32:22 -------- d-----w- C:\ProgramData\WebEx
2012-04-22 20:45:38 495104 ----a-w- C:\Windows\puppy.exe
2012-04-22 20:45:37 903680 ----a-w- C:\Windows\puppy.scr
2012-04-22 20:45:37 -------- d-----w- C:\Windows\puppy Uninstaller
2012-04-19 00:37:05 141144 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2012-04-19 00:36:42 258904 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2012-04-12 07:02:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-04-12 07:02:50 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:02:49 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:02:48 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00:37 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:00:37 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:00:36 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-12 07:00:33 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:00:33 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:00:33 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:00:33 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-09 17:44:03 8741536 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 17:19:43 418464 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-04-01 13:20:52 -------- d-----w- C:\Program Files (x86)\LSoft Technologies
2012-04-01 02:01:25 -------- d-----w- C:\Program Files\Xilisoft
.
==================== Find3M ====================
.
2012-05-01 00:32:58 78848 ----a-w- C:\Windows\KMSEmulator.exe
2012-04-13 22:44:08 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56:40 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-03-06 23:15:19 41184 ----a-w- C:\Windows\avastSS.scr
2012-03-06 23:04:06 819032 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-03-06 23:02:45 28504 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2012-03-06 23:02:20 53080 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2012-03-06 23:01:52 69976 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-27 21:04:42 153538494 ------w- C:\Users\Chris\HDS_Navionics_Background_Chart_Update.exe
2012-02-23 14:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-02-17 06:38:26 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-02-17 05:34:22 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-02-17 04:58:24 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-02-17 04:57:32 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:36:07 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-10 05:38:43 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-03 04:34:34 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-03 00:46:48 249856 ------w- C:\Windows\Setup1.exe
2012-02-03 00:46:47 73216 ----a-w- C:\Windows\ST6UNST.EXE
2011-03-30 16:40:34 517976 ----a-w- C:\Program Files\DXSETUP.exe
2011-03-30 16:40:32 95576 ----a-w- C:\Program Files\DSETUP.dll
2011-03-30 16:40:32 1566040 ----a-w- C:\Program Files\dsetup32.dll
.
============= FINISH: 21:35:09.60 ===============

Attached Files



#2 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 01:54 PM

Hello Indyultra,

These steps are for IndyUltra only. If you are a casual viewer, do NOT try this on your system!
If you are not IndyUltra and have a similar problem, do NOT post here; start your own topic
The fixes in this Topic are for this system only! Do not apply the fix-instructions from this topic to your System or any other one!

You will want to print out or copy these instructions to Notepad for Safe offline reference!

Please un-install µTorrent and any other peer-to-peer filesharing app, and confirm that for me.

Looks like you have Spybot Search & Destroy installed. Make veru sure that Tea Timer is OFF otherwise it will interfere with cleanup.
Start Spybot-S&D, switch to the Advanced mode via the menu bar item Mode
then select Advanced Mode
On the left hand side, slect Tools
Then click on the Resident icon in the list
Uncheck Resident TeaTimer and OK any prompts.
Now Logoff & Restart your computer fresh.


Step 1
1. Go >> Here << and download ERUNT
(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)
2. Install ERUNT by following the prompts
(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)
3. Start ERUNT
(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)
4. Choose a location for the backup
(the default location is C:\WINDOWS\ERDNT which is acceptable).
5. Make sure that at least the first two check boxes are ticked
6. Press OK
7. Press YES to create the folder.
Step 2
To show all files:
  • Go to your Desktop
  • Double-Click the Computer icon.
  • From the menu options, Select Tools, then Folder Options.
  • Next click the View tab.
  • Locate and uncheck Hide file extensions for known file types.
  • Locate and uncheck Hide protected operating system files (Recommended).
  • Locate and click Show hidden files and folders and drives.
  • Click Apply > OK.
Step 3
Download Random's System Information Tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSITx64.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Step 4
Download Security Check by screen317 and save it to your Desktop: here or here
  • Run Security Check
  • Follow the onscreen instructions inside of the command window.
  • A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!
Step 5
Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall
You will want to print out or copy these instructions to Notepad for Safe Mode/offline reference!
I am going to have you get a fresh copy of Combofix, save it first, and then run a special script.

If you have a prior copy of Combofix, delete it now !
Download Combofix from any of the links below. You must rename it before saving it. Save it to your Desktop.
Link 1
Link 2
Link 3
Posted Image

Posted Image

* IMPORTANT !!! SAVE AS Combo-Fix.exe to your Desktop
If your I.E. browser shows a warning message at the top, do a Right-Click on the bar and select Download, saving it to the Desktop.

1. Close any open browsers.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
3. Open notepad and copy/paste the text in the quotebox below into it:

http://forums.malwar...howtopic=109364
KILLALL::
Collect::[4]
C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll
Driver::
Adobe

File::
C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll
DDS::
uRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer
dRun: [Adobe] rundll32.exe "C:\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll",DllRegisterServer

Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.
Step 6
RE-Enable your antivirus program.
Copy & Paste contents of Log.txt & Info.txt & Checkup.txt & C:\Combofix.txt
Use separate replies as needed if logs do not fit into one reply box.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#3 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:00 PM

ComboFix 12-05-01.02 - Chris 05/01/2012 16:45:01.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6092.4062 [GMT -4:00]
Running from: c:\users\Chris\Desktop\Programs\Malware\Combo-Fix.exe
Command switches used :: c:\users\Chris\Desktop\Programs\Malware\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll
c:\users\Chris\HDS_Navionics_Background_Chart_Update.exe
c:\windows\system32\drivers\etc\hosts.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-01 to 2012-05-01 )))))))))))))))))))))))))))))))
.
.
2012-05-01 20:49 . 2012-05-01 20:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-01 20:49 . 2012-05-01 20:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-05-01 20:35 . 2012-05-01 20:35 -------- d-----w- C:\rsit
2012-05-01 20:35 . 2012-05-01 20:35 -------- d-----w- c:\program files\trend micro
2012-05-01 20:33 . 2012-05-01 20:33 -------- d-----w- c:\program files (x86)\ERUNT
2012-05-01 20:16 . 2012-05-01 20:16 -------- d-----w- c:\users\Chris\AppData\Local\Mozilla
2012-05-01 20:16 . 2012-05-01 20:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-01 06:40 . 2012-04-13 08:46 8917360 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0C36FC8E-A6A1-4544-9593-83524605502C}\mpengine.dll
2012-04-24 00:26 . 2011-06-16 21:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2012-04-24 00:17 . 2012-04-24 00:18 -------- d-----w- c:\windows\SysWow64\kodak
2012-04-24 00:15 . 2012-04-24 00:15 -------- d-----w- c:\windows\SysWow64\spool
2012-04-24 00:02 . 2012-04-24 00:02 -------- d-----w- c:\programdata\Eastman Kodak Company
2012-04-24 00:01 . 2012-04-24 00:15 -------- d-----w- c:\program files (x86)\Kodak
2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\programdata\Apple
2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\program files\Bonjour
2012-04-24 00:01 . 2012-04-24 00:01 -------- d-----w- c:\program files (x86)\Bonjour
2012-04-23 23:32 . 2012-04-23 23:32 215864 ----a-w- c:\windows\SysWow64\atsckernel.exe
2012-04-23 23:32 . 2012-04-23 23:32 133944 ----a-w- c:\windows\SysWow64\atashost.exe
2012-04-23 23:32 . 2012-04-23 23:59 -------- d-----w- c:\programdata\WebEx
2012-04-22 20:45 . 2008-02-20 20:49 495104 ----a-w- c:\windows\puppy.exe
2012-04-22 20:45 . 2012-04-22 20:45 -------- d-----w- c:\windows\puppy Uninstaller
2012-04-22 20:45 . 2008-02-20 20:50 903680 ----a-w- c:\windows\puppy.scr
2012-04-12 07:02 . 2012-02-28 06:51 887296 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-04-12 07:02 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:02 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 07:02 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 07:00 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 07:00 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:00 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:00 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:00 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:00 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-09 17:44 . 2012-04-13 22:44 8741536 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-09 17:19 . 2012-04-13 22:44 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-01 20:51 . 2011-12-24 00:02 78848 ----a-w- c:\windows\KMSEmulator.exe
2012-04-13 22:44 . 2011-12-06 21:27 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2011-12-15 19:34 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-06 23:15 . 2011-11-29 00:20 258520 ----a-w- c:\windows\system32\aswBoot.exe
2012-02-25 09:01 . 2012-02-23 22:34 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-02-23 14:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 06:38 . 2012-03-14 09:09 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 09:09 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 09:09 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 09:09 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:36 . 2012-03-14 17:59 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:59 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-03 04:34 . 2012-03-14 17:59 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-03 00:46 . 2012-02-03 00:46 249856 ------w- c:\windows\Setup1.exe
2012-02-03 00:46 . 2012-02-03 00:46 73216 ----a-w- c:\windows\ST6UNST.EXE
2011-03-30 16:40 . 2011-03-30 16:40 517976 ----a-w- c:\program files\DXSETUP.exe
2011-03-30 16:40 . 2011-03-30 16:40 95576 ----a-w- c:\program files\DSETUP.dll
2011-03-30 16:40 . 2011-03-30 16:40 1566040 ----a-w- c:\program files\dsetup32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 2646128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-12-06 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]
"AgentMonitor"="c:\program files (x86)\VTech\DownloadManager\System\AgentMonitor.exe" [2012-02-01 358312]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"KodakHomeCenter"="c:\program files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" [2011-12-12 2234288]
.
c:\users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
R3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys [x]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [x]
R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [x]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-28 340240]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2011-12-06 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2012-04-23 133944]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-06 2413056]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 MotoHelper;MotoHelper Service;c:\program files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 22:44]
.
2012-05-01 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2011-12-24 00:03]
.
2012-05-01 c:\windows\Tasks\AutoKMSDaily.job
- c:\windows\AutoKMS.exe [2011-12-24 00:03]
.
2012-05-01 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-03-26 03:31]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 21:46]
.
2012-05-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 21:46]
.
2012-05-01 c:\windows\Tasks\HPCeeScheduleForChris.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15]
.
2012-05-01 c:\windows\Tasks\PrintProjects Communicator.job
- c:\programdata\PrintProjects\MessageCheck.exe [2011-11-22 10:11]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-01-24 10355200]
"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-07-28 1935120]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-12-06 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-26 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-26 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-26 418840]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzw36e90.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-VB Runtime - c:\windows\System32\UNINSTAL.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2012-05-01 16:55:48 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-01 20:55
.
Pre-Run: 496,853,938,176 bytes free
Post-Run: 496,355,864,576 bytes free
.
- - End Of File - - 2C651CB2D543E86AFDAA5621723B8C58
Upload was successful

#4 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:04 PM

Getting and error message now when I try and open off my desktop, "Illegal operation attempted on a registry that has been marked for deletion"

#5 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:05 PM

Results of screen317's Security Check version 0.99.32
Windows 7 x64 (UAC is enabled)
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Spybot - Search & Destroy
Java™ 6 Update 29
Java version out of date!
Adobe Reader X (10.1.2)
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
``````````End of Log````````````

#6 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:07 PM

Logfile of random's system information tool 1.09 (written by random/random)
Run by Chris at 2012-05-01 16:35:49
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 474 GB (68%) free of 700 GB
Total RAM: 6092 MB (68% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:35:51 PM, on 5/1/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Chris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
O4 - HKCU\..\Run: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files (x86)\Bonjour\ExplorerPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20614.www2.h...hpdetect118.cab
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://kodak.webex....rt/ieatgpc1.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: WebEx Service Host for Support Center (atashost) - Cisco WebEx LLC - C:\Windows\SysWOW64\atashost.exe
O23 - Service: Bluetooth Device Monitor - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth Media Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
O23 - Service: Bluetooth OBEX Service - Intel Corporation - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: TrueSuiteService (FPLService) - HP - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Connection Manager 4.0 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
O23 - Service: Intuit Update Service v4 (IntuitUpdateServiceV4) - Intuit Inc. - C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13216 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files\IDT\WDM\STacSV64.exe"
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
atieclxx
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-894e25b2-a9c7-40de-9702-70c243d197cc -SystemEventPortName:HostProcess-9849f887-0794-4ec6-99fc-c06b1202e592 -IoCancelEventPortName:HostProcess-a80cebd5-c8d7-4154-bc46-f1997285f1e0 -NonStateChangingEventPortName:HostProcess-2fd60b4f-fabf-41f7-b71f-c8e289d49a23 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:338008a3-b323-485e-b52b-f19be93ea841
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe" -Embedding
C:\Windows\system32\WLANExt.exe 3267664
\??\C:\Windows\system32\conhost.exe "3960559547933838931137583175-1790472180-899738330265698301592763011-313570663
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k WbioSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\IDT\WDM\AESTSr64.exe"
"C:\Windows\SysWOW64\atashost.exe"
"C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe"
"C:\Program Files (x86)\Bonjour\mDNSResponder.exe"
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Intel\WiFi\bin\EvtEng.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\rundll32.exe" "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
"C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray
"C:\Program Files\IDT\WDM\sttray64.exe"
C:\Windows\SysWOW64\ezSharedSvcHost.exe
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe"
"C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe"
"C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe"
"C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe"
"C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe"
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe"
"C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe"
"C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
"C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe"
"C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe"
"C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe"
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe" -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe"
"taskhost.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe5_ Global\UsGthrCtrlFltPipeMssGthrPipe5 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Chris\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\AutoKMSDaily.job
C:\Windows\tasks\GlaryInitialize.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForChris.job
C:\Windows\tasks\PrintProjects Communicator.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\fzw36e90.default

prefs.js - "browser.startup.homepage" - "http://www.google.com/"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@canon.com/MycameraPlugin]
"Description"=Canon MycameraPlugin
"Path"=C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.2.202.233 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03 339872]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-12-06 2799912]
"BTMTrayAgent"=C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [2011-01-24 10355200]
"IntelPAN"=C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [2011-07-27 1935120]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2011-12-06 1128448]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-03-25 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-03-25 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-03-25 418840]
"EKIJ5000StatusMonitor"=C:\Windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe [2011-06-16 2922496]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"PeerBlock"=C:\Program Files\PeerBlock\peerblock.exe [2010-11-06 2646128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-01-03 815512]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-01-03 36760]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-01-03 35736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Easybits Recovery]
C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [2011-03-16 61112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes' Anti-Malware]
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2011-06-15 307200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"=C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [2011-05-20 284440]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-03-15 336384]
"NUSB3MON"=C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2011-12-06 113288]
"HPConnectionManager"=C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [2011-02-15 94264]
"HP Quick Launch"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [2010-11-09 586296]
"HPOSD"=C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [2011-01-27 318520]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-01-21 91520]
"AgentMonitor"=C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [2012-02-01 358312]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-04-04 462408]
"EKIJ5000StatusMonitor"=C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2011-06-16 2922496]

C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ERUNT AutoBackup.lnk - C:\Program Files (x86)\ERUNT\AUTOBACK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-03-25 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-01-21 6723984]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E54729E8-BB3D-4270-9D49-7389EA579090}"=C:\Windows\SysWow64\EZUPBH~1.DLL [2011-06-21 52920]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-01-21 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\atashost]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0
"EnableShellExecuteHooks"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-05-01 16:35:49 ----D---- C:\rsit
2012-05-01 16:35:49 ----D---- C:\Program Files\trend micro
2012-05-01 16:34:20 ----D---- C:\Windows\ERDNT
2012-05-01 16:33:45 ----D---- C:\Program Files (x86)\ERUNT
2012-05-01 16:21:12 ----A---- C:\TDSSKiller.2.7.33.0_01.05.2012_16.21.12_log.txt
2012-05-01 16:16:09 ----D---- C:\Users\Chris\AppData\Roaming\Mozilla
2012-05-01 16:16:02 ----D---- C:\ProgramData\Mozilla
2012-05-01 16:16:02 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-05-01 16:16:01 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-05-01 15:57:29 ----A---- C:\TDSSKiller.2.7.33.0_01.05.2012_15.57.29_log.txt
2012-05-01 05:06:16 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-05-01 05:06:11 ----A---- C:\Windows\ntbtlog.txt
2012-04-30 20:42:59 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_20.42.59_log.txt
2012-04-30 20:25:32 ----D---- C:\Windows\pss
2012-04-30 19:36:45 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_19.36.45_log.txt
2012-04-30 19:30:41 ----A---- C:\TDSSKiller.2.7.33.0_30.04.2012_19.30.41_log.txt
2012-04-23 20:17:49 ----D---- C:\Windows\SYSWOW64\kodak
2012-04-23 20:15:54 ----D---- C:\Windows\SYSWOW64\spool
2012-04-23 20:02:30 ----D---- C:\ProgramData\Eastman Kodak Company
2012-04-23 20:01:46 ----D---- C:\Program Files (x86)\Kodak
2012-04-23 20:01:34 ----D---- C:\ProgramData\Apple
2012-04-23 20:01:34 ----D---- C:\Program Files\Bonjour
2012-04-23 20:01:34 ----D---- C:\Program Files (x86)\Bonjour
2012-04-23 19:32:52 ----A---- C:\Windows\SYSWOW64\atsckernel.exe
2012-04-23 19:32:51 ----A---- C:\Windows\SYSWOW64\atashost.exe
2012-04-23 19:32:22 ----D---- C:\ProgramData\WebEx
2012-04-22 16:45:38 ----A---- C:\Windows\puppy.ini
2012-04-22 16:45:38 ----A---- C:\Windows\puppy.exe
2012-04-22 16:45:37 ----D---- C:\Windows\puppy Uninstaller
2012-04-22 16:45:37 ----A---- C:\Windows\puppy.scr
2012-04-12 03:03:04 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-04-12 03:03:04 ----A---- C:\Windows\system32\mshtmled.dll
2012-04-12 03:03:04 ----A---- C:\Windows\system32\iertutil.dll
2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\url.dll
2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-04-12 03:03:03 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-04-12 03:03:03 ----A---- C:\Windows\system32\url.dll
2012-04-12 03:03:03 ----A---- C:\Windows\system32\jscript9.dll
2012-04-12 03:03:02 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-04-12 03:03:02 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-04-12 03:03:02 ----A---- C:\Windows\system32\ieui.dll
2012-04-12 03:03:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-04-12 03:03:01 ----A---- C:\Windows\system32\urlmon.dll
2012-04-12 03:03:01 ----A---- C:\Windows\system32\jsproxy.dll
2012-04-12 03:03:01 ----A---- C:\Windows\system32\jscript.dll
2012-04-12 03:03:00 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-04-12 03:03:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-04-12 03:03:00 ----A---- C:\Windows\system32\wininet.dll
2012-04-12 03:02:59 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-04-12 03:02:58 ----A---- C:\Windows\system32\mshtml.dll
2012-04-12 03:02:57 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-04-12 03:02:56 ----A---- C:\Windows\system32\ieframe.dll
2012-04-12 03:02:50 ----A---- C:\Windows\system32\ntoskrnl.exe
2012-04-12 03:02:49 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2012-04-12 03:02:48 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2012-04-12 03:00:37 ----A---- C:\Windows\system32\imagehlp.dll
2012-04-12 03:00:37 ----A---- C:\Windows\system32\drivers\fs_rec.sys
2012-04-12 03:00:36 ----A---- C:\Windows\SYSWOW64\imagehlp.dll
2012-04-12 03:00:33 ----A---- C:\Windows\SYSWOW64\wmi.dll
2012-04-12 03:00:33 ----A---- C:\Windows\SYSWOW64\wintrust.dll
2012-04-12 03:00:33 ----A---- C:\Windows\system32\wmi.dll
2012-04-12 03:00:33 ----A---- C:\Windows\system32\wintrust.dll
2012-04-09 13:44:03 ----A---- C:\Windows\SYSWOW64\FlashPlayerInstaller.exe
2012-04-09 13:19:43 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe

======List of files/folders modified in the last 1 month======

2012-05-01 16:35:51 ----D---- C:\Windows\Temp
2012-05-01 16:35:49 ----RD---- C:\Program Files
2012-05-01 16:34:20 ----D---- C:\Windows
2012-05-01 16:33:45 ----RD---- C:\Program Files (x86)
2012-05-01 16:21:12 ----D---- C:\Windows\system32\drivers
2012-05-01 16:16:02 ----HD---- C:\ProgramData
2012-05-01 16:16:01 ----D---- C:\Windows\Prefetch
2012-05-01 16:13:34 ----D---- C:\Windows\System32
2012-05-01 16:13:34 ----D---- C:\Windows\inf
2012-05-01 16:13:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-05-01 16:11:12 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-05-01 16:10:10 ----A---- C:\Windows\SYSWOW64\log.txt
2012-05-01 16:08:15 ----D---- C:\Windows\system32\Tasks
2012-05-01 16:08:08 ----D---- C:\Windows\Tasks
2012-05-01 16:08:00 ----A---- C:\Windows\KMSEmulator.exe
2012-05-01 16:07:45 ----D---- C:\ProgramData\Kodak
2012-05-01 16:07:08 ----D---- C:\Temp
2012-05-01 15:55:50 ----D---- C:\Windows\system32\config
2012-05-01 15:54:08 ----D---- C:\Program Files\PeerBlock
2012-05-01 15:46:19 ----D---- C:\Windows\SysWOW64
2012-05-01 15:46:01 ----SHD---- C:\System Volume Information
2012-05-01 11:59:53 ----A---- C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-05-01 08:56:29 ----SHD---- C:\Windows\Installer
2012-05-01 08:56:28 ----SHD---- C:\Config.Msi
2012-04-30 21:18:05 ----D---- C:\Users\Chris\AppData\Roaming\uTorrent
2012-04-30 21:18:05 ----D---- C:\Users\Chris\AppData\Roaming\Media Player Classic
2012-04-30 21:18:01 ----D---- C:\Windows\debug
2012-04-30 20:21:00 ----D---- C:\Windows\system32\drivers\etc
2012-04-30 18:29:27 ----D---- C:\ProgramData\Microsoft Help
2012-04-30 17:26:38 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-04-29 16:47:26 ----D---- C:\Windows\system32\NDF
2012-04-25 07:54:13 ----D---- C:\Windows\system32\catroot
2012-04-23 20:25:24 ----D---- C:\Windows\winsxs
2012-04-23 20:21:32 ----RSD---- C:\Windows\assembly
2012-04-23 20:17:49 ----D---- C:\Windows\twain_32
2012-04-23 20:17:10 ----D---- C:\Windows\system32\DriverStore
2012-04-23 20:17:04 ----D---- C:\Windows\system32\catroot2
2012-04-23 20:07:27 ----D---- C:\Users\Chris\AppData\Roaming\Temp
2012-04-23 19:32:22 ----D---- C:\Windows\Downloaded Program Files
2012-04-22 17:21:06 ----D---- C:\Program Files (x86)\Google
2012-04-18 21:00:30 ----D---- C:\Program Files\PC_link
2012-04-12 03:34:18 ----D---- C:\Windows\Microsoft.NET
2012-04-12 03:21:23 ----D---- C:\Windows\SYSWOW64\migration
2012-04-12 03:21:23 ----D---- C:\Windows\system32\migration
2012-04-12 03:21:23 ----D---- C:\Program Files\Internet Explorer
2012-04-12 03:21:23 ----D---- C:\Program Files (x86)\Internet Explorer
2012-04-12 03:00:56 ----A---- C:\Windows\system32\MRT.exe
2012-04-11 19:34:32 ----D---- C:\Garmin
2012-04-02 16:03:36 ----D---- C:\Windows\registration

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-27 30008]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2011-05-20 557848]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 SCDEmu;SCDEmu; C:\Windows\system32\drivers\SCDEmu.sys [2011-06-15 93240]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-27 43320]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-13 9259520]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-13 301568]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-13 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-13 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-27 80384]
R3 btmaux;Intel Bluetooth Auxiliary Service; C:\Windows\system32\DRIVERS\btmaux.sys [2011-01-24 58128]
R3 btmhsf;btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [2011-11-15 327168]
R3 HP8207_8307;HP-HP8207_8307; C:\Windows\system32\DRIVERS\HP8207_8307.sys [2010-02-05 15360]
R3 iBtFltCoex;iBtFltCoex; C:\Windows\system32\DRIVERS\iBtFltCoex.sys [2011-12-09 60416]
R3 IntcDAud;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd64.sys [2011-03-25 12262336]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 MEIx64;Intel® Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETwNs64.sys [2011-08-03 8604672]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2011-12-06 91648]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2011-12-06 208896]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-13 158720]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver; C:\Windows\system32\DRIVERS\RtsPStor.sys [2011-12-06 338536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136]
R3 STHDA;@%SystemRoot%\system32\stlang64.dll,-10301; C:\Windows\system32\DRIVERS\stwrt64.sys [2011-12-06 528384]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-12-06 1451056]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-13 17920]
R3 wdkmd;Intel WiDi KMD; C:\Windows\system32\DRIVERS\WDKMD.sys [2011-02-16 42392]
S3 AMPPAL;Intel® Centrino® Bluetooth 3.0 + High Speed Virtual Adapter; C:\Windows\system32\DRIVERS\AMPPAL.sys [2011-08-08 299008]
S3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
S3 BTCFilterService;USB Networking Driver Filter Service; C:\Windows\system32\DRIVERS\motfilt.sys [2009-01-29 6144]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-27 552960]
S3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\syswow64\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\syswow64\EuGdiDrv.sys [2011-07-29 8456]
S3 FTDIBUS;USB Serial Converter Driver; C:\Windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\Windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 motandroidusb;Mot ADB Interface Driver; C:\Windows\System32\Drivers\motoandroid.sys [2009-07-10 31744]
S3 motccgp;Motorola USB Composite Device Driver; C:\Windows\system32\DRIVERS\motccgp.sys [2012-01-25 22016]
S3 motccgpfl;MotCcgpFlService; C:\Windows\system32\DRIVERS\motccgpfl.sys [2012-01-25 9728]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2012-01-25 30720]
S3 MotoSwitchService;MotoSwitch Service; C:\Windows\system32\DRIVERS\motswch.sys [2007-11-02 8576]
S3 Motousbnet;Motorola USB Networking Driver Service; C:\Windows\system32\DRIVERS\Motousbnet.sys [2012-01-25 27136]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
S3 sbusb_vista;WMfA SBOOT Host Driver; C:\Windows\system32\DRIVERS\sbusb_vista.sys []
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 usbbus;LGE CDMA Composite USB Device; C:\Windows\system32\DRIVERS\lgx64bus.sys [2008-11-11 17920]
S3 UsbDiag;LGE CDMA USB Serial Port; C:\Windows\system32\DRIVERS\lgx64diag.sys [2008-11-11 27136]
S3 USBModem;LGE CDMA USB Modem; C:\Windows\system32\DRIVERS\lgx64modem.sys [2008-11-11 33792]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-13 41984]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AESTFilters;Andrea ST Filters Service; C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-06 89600]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-13 203776]
R2 atashost;WebEx Service Host for Support Center; C:\Windows\SysWOW64\atashost.exe [2012-04-23 133944]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-01-24 901184]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service; C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-01-24 991296]
R2 Bonjour Service;Bonjour Service; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2008-12-12 238888]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2011-07-27 1517328]
R2 ezSharedSvc;Easybits Services for Windows; C:\Windows\syswow64\ezSharedSvcHost.exe [2010-04-23 514232]
R2 FPLService;TrueSuiteService; C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HPClientSvc;HP Client Services; C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-27 30520]
R2 HPWMISVC;HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
R2 IconMan_R;IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-06 2413056]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service; C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2010-12-22 325656]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R2 MotoHelper;MotoHelper Service; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [2012-02-01 214896]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2011-07-27 844560]
R2 RoxioNow Service;RoxioNow Service; C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 STacSV;@%SystemRoot%\system32\stlang64.dll,-10101; C:\Program Files\IDT\WDM\STacSV64.exe [2011-12-06 301568]
R2 UNS;Intel® Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R3 Bluetooth Media Service;Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-01-24 1298496]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-03-28 799800]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 253088]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-02-22 1044816]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-03-03 136176]
S3 hpCMSrv;HP Connection Manager 4.0 Service; C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-01-21 30963576]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-20 129976]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-07-27 340240]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]

-----------------EOF-----------------

#7 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:09 PM

info.txt logfile of random's system information tool 1.09 2012-05-01 16:35:53

======Uninstall list======

-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - genres\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Game Explorer Categories - main\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Club Penguin\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Crush the Castle 2\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Dark Orbit\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Free Realms\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Habbo Hotel\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Pixie Hollow\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Seafight\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - Shaiya\Uninstall.exe"
-->"C:\Program Files (x86)\HP Games\Web Link - World of Warcraft\Uninstall.exe"
µTorrent-->"C:\Program Files (x86)\uTorrent\uTorrent.exe" /UNINSTALL
7-Zip 9.20 (x64 edition)-->MsiExec.exe /I{23170F69-40C1-2702-0920-000001000000}
7-Zip 9.20-->"C:\Program Files (x86)\7-Zip\Uninstall.exe"
Acoustica MP3 CD Burner-->C:\PROGRA~2\ACOUST~1\UNWISE.EXE C:\PROGRA~2\ACOUST~1\INSTALL.LOG
Active@ KillDisk-->"C:\Program Files (x86)\InstallShield Installation Information\{7A5E940E-017E-47F8-9D0D-62D49C8D18ED}\setup.exe" -runfromtemp -l0x0009 -removeonly
Adobe Acrobat X Pro - English, Français, Deutsch-->MsiExec.exe /I{AC76BA86-1033-F400-7760-000000000005}
Adobe Flash Player 11 ActiveX 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_ActiveX.exe -maintain activex
Adobe Flash Player 11 Plugin 64-bit-->C:\Windows\system32\Macromed\Flash\FlashUtil64_11_2_202_233_Plugin.exe -maintain plugin
Adobe Reader X (10.1.2) MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-AA0000000001}
Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"
Adobe SVG Viewer 3.0-->C:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Winstall.exe -u -fC:\Program Files (x86)\Common Files\Adobe\SVG Viewer 3.0\Uninstall\Install.log
Agatha Christie - Peril at End House-->"C:\Program Files (x86)\HP Games\Agatha Christie - Peril at End House\Uninstall.exe"
aioprnt-->MsiExec.exe /X{0645A454-AD44-4F0D-99CF-6B762735AD1F}
aioscnnr-->MsiExec.exe /X{376348C2-E372-48BC-A138-E896757BD86A}
aioscnnr-->MsiExec.exe /X{EF53BFAB-4C10-40DB-A82D-9B07111715C6}
Aiseesoft Total Video Converter 6.2.20-->"C:\Program Files (x86)\Aiseesoft Studio\Aiseesoft Total Video Converter\unins000.exe"
Any Video Converter Professional 3.3.3-->"C:\Program Files (x86)\AnvSoft\Any Video Converter Professional\unins000.exe"
ATI Catalyst Install Manager-->msiexec /q/x{DA0D8FDA-D538-1145-8BA2-6F22C4EB4F75} REBOOT=ReallySuppress
Auslogics Disk Defrag-->"C:\Program Files (x86)\Auslogics\Auslogics Disk Defrag\unins000.exe"
AuthenTec TrueAPI-->MsiExec.exe /X{054EF02F-95D8-48F4-9EEB-2F9CE3072ED8}
Bejeweled 2 Deluxe-->"C:\Program Files (x86)\HP Games\Bejeweled 2 Deluxe\Uninstall.exe"
Bejeweled 3-->"C:\Program Files (x86)\HP Games\Bejeweled 3\Uninstall.exe"
Blackhawk Striker 2-->"C:\Program Files (x86)\HP Games\Blackhawk Striker 2\Uninstall.exe"
Blasterball 3-->"C:\Program Files (x86)\HP Games\Blasterball 3\Uninstall.exe"
Blio-->MsiExec.exe /X{9368DDD5-CE7F-4BD7-A83A-F00FABE338EC}
Bonjour-->MsiExec.exe /I{DAE239CE-EB9D-4EB3-B0D4-528D6BAA48FD}
Bounce Symphony-->"C:\Program Files (x86)\HP Games\Bounce Symphony\Uninstall.exe"
Build-a-lot 2-->"C:\Program Files (x86)\HP Games\Build-a-lot 2\Uninstall.exe"
C4USelfUpdater-->MsiExec.exe /I{48B41C3A-9A92-4B81-B653-C97FEB85C910}
Cake Mania-->"C:\Program Files (x86)\HP Games\Cake Mania\Uninstall.exe"
Canon Utilities CameraWindow DC 8-->"C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\UnInstaller\UniversalUnInstaller.exe" "C:\Program Files (x86)\Common Files\Canon_Inc_IC\UniversalInstaller\Uninstall\CameraWindowDC\uninstall.xml"
Catalyst Control Center - Branding-->MsiExec.exe /I{1AA895E9-B751-408B-BB9C-527C04E52C91}
CCleaner-->"C:\Program Files\CCleaner\uninst.exe"
center-->MsiExec.exe /I{56BA241F-580C-43D2-8403-947241AAE633}
Chuzzle Deluxe-->"C:\Program Files (x86)\HP Games\Chuzzle Deluxe\Uninstall.exe"
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files (x86)\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
CyberLink YouCam-->"C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\setup.exe" /z-uninstall
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{4FE6ABAF-20F3-4F5F-A966-380FDAE9A31A}" "1033" "0"
DHTML Editing Component-->MsiExec.exe /X{2EA870FA-585F-4187-903D-CB9FFD21E2E0}
Diner Dash 2 Restaurant Rescue-->"C:\Program Files (x86)\HP Games\Diner Dash 2 Restaurant Rescue\Uninstall.exe"
DIY DataRecovery CHK-Mate-->"C:\Program Files (x86)\DIY DataRecovery CHK-Mate\unins000.exe"
Dora's World Adventure-->"C:\Program Files (x86)\HP Games\Dora's World Adventure\Uninstall.exe"
Ductuputer Trial-->C:\WINDOWS\st6unst.exe -n "C:\Program Files (x86)\DuctuputerD\ST6UNST.LOG"
EASEUS Data Recovery Wizard Professional 3.3.4-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{72B23535-8136-4863-965C-33A60FFA3CE7}\setup.exe" -l0x9 -removeonly
EASEUS Partition Master 9.1.0 Home Edition-->"C:\Program Files (x86)\EASEUS\EASEUS Partition Master 9.1.0 Home Edition\unins000.exe"
Energy Star Digital Logo-->MsiExec.exe /I{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}
ERUNT 1.1j-->"C:\Program Files (x86)\ERUNT\unins000.exe"
essentials-->MsiExec.exe /I{BE94C681-68E2-4561-8ABC-8D2E799168B4}
ESU for Microsoft Windows 7-->MsiExec.exe /I{3877C901-7B90-4727-A639-B6ED2DD59D43}
Evernote v. 4.2.2-->MsiExec.exe /X{F761359C-9CED-45AE-9A51-9D6605CD55C4}
Farm Frenzy-->"C:\Program Files (x86)\HP Games\Farm Frenzy\Uninstall.exe"
FATE - The Traitor Soul-->"C:\Program Files (x86)\HP Games\FATE - The Traitor Soul\Uninstall.exe"
Garmin BlueChart Americas 2008.5-->MsiExec.exe /X{AB1019AE-73D6-49BC-9DE7-04F50E3C4D33}
Garmin City Navigator North America NT 2012.30 Update-->MsiExec.exe /X{6F50C41C-6CFB-49E1-AF91-E1AACDE24FBA}
Garmin City Navigator North America NT 2012.40 Update-->MsiExec.exe /X{A0966294-1F16-411F-98BF-AB9FDED7B9C6}
Garmin MapSource-->MsiExec.exe /X{AFBAB9A0-DDE8-49AE-8C17-A01B61BEE64B}
Garmin USB Drivers-->MsiExec.exe /X{510D2239-6C2E-457B-9590-485EC552D94D}
Garmin WebUpdater-->MsiExec.exe /X{6C94A234-CA2C-4D3C-81E6-6AAA8069825D}
Glary Utilities 2.43.0.1419-->"C:\Program Files (x86)\Glary Utilities\unins000.exe"
Google Earth-->MsiExec.exe /X{28E82311-8616-11E1-BEB0-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
GPSBabel 1.4.3-->"C:\Program Files (x86)\GPSBabel\unins000.exe"
HDS_4.1.36.68-->MsiExec.exe /I{E4641F56-8B13-4F9F-8111-648218B40BA3}
HDS_Gen2_1.1.39.38-->MsiExec.exe /I{CEA7950B-D014-4806-B78E-8588E2A0BF39}
Hewlett-Packard ACLM.NET v1.1.2.0-->MsiExec.exe /I{6F340107-F9AA-47C6-B54C-C3A19F11553F}
Hotfix for Microsoft Visual C++ 2010 Express - ENU (KB2542054)-->C:\Windows\SysWOW64\msiexec.exe /package {46F8CF66-AB83-38A7-99B2-A5BE507EE472} /uninstall {3EE9D984-E7A6-30B9-8FF5-A1FE2242440A} /qb+ REBOOTPROMPT=&quot;&quot;
HP 3D DriveGuard-->MsiExec.exe /X{5601F151-A69F-4E30-8C60-37928124CD07}
HP Auto-->MsiExec.exe /I{CC4D56B7-6F18-470B-8734-ABCD75BCF4F1}
HP Client Services-->MsiExec.exe /I{2856A1C2-70C5-4EC3-AFF7-E5B51E5530A2}
HP Connection Manager-->MsiExec.exe /X{795AADBF-58C2-42D0-B779-E730702A247E}
HP Customer Experience Enhancements-->MsiExec.exe /X{07FA4960-B038-49EB-891B-9F95930AA544}
HP Documentation-->MsiExec.exe /X{83A375B6-6FC2-4F8A-948E-E506DB9DCDF0}
HP Games-->"C:\Program Files (x86)\HP Games\Uninstall.exe"
HP MovieStore-->C:\ProgramData\Uninstall\{9008D736-35CA-40DB-A2BE-5F32D954E5AA}\setup.exe /x {9008D736-35CA-40DB-A2BE-5F32D954E5AA}
HP MovieStore-->MsiExec.exe /I{120262A6-7A4B-4889-AE85-F5E5688D3683}
HP On Screen Display-->MsiExec.exe /I{9B9B8EE4-2EDB-41C2-AF2E-63E75D37CDDF}
HP Power Manager-->MsiExec.exe /I{872B1C80-38EC-4A31-A25C-980820593900}
HP Product Detection-->MsiExec.exe /I{A436F67F-687E-4736-BD2B-537121A804CF}
HP Quick Launch-->MsiExec.exe /I{EB58480C-0721-483C-B354-9D35A147999F}
HP Setup Manager-->MsiExec.exe /I{AE856388-AFAD-4753-81DF-D96B19D0A17C}
HP Setup-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{210A03F5-B2ED-4947-B27E-516F50CBB292}\setup.exe" -l0x9 -removeonly
HP SimplePass 2011-->MsiExec.exe /X{4741965C-AFD0-4D00-81D1-1039F96D4DC3}
HP Software Framework-->MsiExec.exe /X{F8070C51-4B1D-430C-8BCF-19696368366F}
IC4 Interface Device by SU Enterprise, Inc.-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{8718A2BC-7E23-4D23-969A-2A2EC9E45B0E}\setup.exe" -l0x9 IC4USB32
IDT Audio-->"C:\Program Files (x86)\InstallShield Installation Information\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}\Setup.exe" -remove -removeonly
Intel PROSet Wireless-->Intel PROSet Wireless
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Control Center-->C:\Program Files (x86)\Intel\Intel Control Center\uninstaller\SetupICC.exe -uninstall -force -confirm
Intel® Display Audio Driver-->C:\Program Files (x86)\Intel\Intel® Display Audio Driver\Uninstall\setup.exe -uninstall
Intel® Management Engine Components-->C:\Program Files (x86)\Intel\Intel® Management Engine Components\Uninstall\setup.exe -uninstall
Intel® PROSet/Wireless WiFi Software-->MsiExec.exe /I{25FBDA9A-E868-4B3B-B9FF-D923818511A1}
Intel® Rapid Storage Technology-->C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\Uninstall\setup.exe -uninstall
Intel® Wireless Display-->MsiExec.exe /X{5B46CEC7-DAD0-46A2-BCD6-B46A3CFD9B61}
Java™ 6 Update 24 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86416024FF}
Java™ 6 Update 29-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Kodak AIO Printer-->MsiExec.exe /X{27EF8E7F-88D1-4ec5-ADE2-7E447FDF114E}
KODAK AiO Software-->C:\ProgramData\Kodak\Installer\Setup.exe /Web /x "{E0F274B7-592B-4669-8FB8-8D9825A09858}" CompanyName="Eastman Kodak Company" /code "1033"
ksDIP-->MsiExec.exe /I{10934A28-0CC6-4B98-A14F-76B3546003AF}
Learning Lodge Navigator-->C:\Program Files (x86)\VTech\DownloadManager\System\Uninstall.exe
LG USB Modem driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{C3ABE126-2BB2-4246-BFE1-6797679B3579}\Setup.exe" -l0x9 LG
Magic Desktop-->C:\Windows\system32\ezMDUninstall.exe
Mah Jong Medley-->"C:\Program Files (x86)\HP Games\Mah Jong Medley\Uninstall.exe"
Malwarebytes Anti-Malware version 1.61.0.1400-->"C:\Program Files (x86)\Malwarebytes' Anti-Malware\unins000.exe"
MapSource - US Rec Lakes with Fishing Hot Spots Central v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{A6B21A2C-9F04-4761-8E85-48BD9BE51E03} /l1033
MapSource - US Rec Lakes with Fishing Hot Spots® East v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{84A757A7-B412-44A0-ADE6-9C0F9E96D84D} /l1033
MapSource - US Rec Lakes with Fishing Hot Spots® West v5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{E56C5937-1BA5-446B-A1DB-3762E763F599} /l1033
MapSource-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{5E3CFCA6-C95A-47CB-A822-7FA80D423AF2}\Setup.exe" -l0x9 AddRemove
Media Player Classic - Home Cinema 1.6.0.4014-->"C:\Program Files (x86)\Media Player Classic - Home Cinema\unins000.exe"
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft .NET Framework 4 Multi-Targeting Pack-->MsiExec.exe /I{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}
Microsoft Help Viewer 1.0-->C:\Program Files\Microsoft Help Viewer\v1.0\Microsoft Help Viewer 1.0\install.exe
Microsoft Help Viewer 1.0-->MsiExec.exe /X{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}
Microsoft Money Plus-->"C:\Program Files (x86)\Microsoft Money Plus\MNYCoreFiles\Setup\uninst.exe" /s:120
Microsoft Money Shared Libraries-->MsiExec.exe /X{7F1B3341-A94E-4F5C-B587-CA0EB964221E}
Microsoft Office 2010-->MsiExec.exe /X{95140000-0070-0000-0000-0000000FF1CE}
Microsoft Office Access MUI (English) 2010-->MsiExec.exe /X{90140000-0015-0409-0000-0000000FF1CE}
Microsoft Office Access Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0117-0409-0000-0000000FF1CE}
Microsoft Office Excel MUI (English) 2010-->MsiExec.exe /X{90140000-0016-0409-0000-0000000FF1CE}
Microsoft Office Groove MUI (English) 2010-->MsiExec.exe /X{90140000-00BA-0409-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (English) 2010-->MsiExec.exe /X{90140000-0044-0409-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (English) 2010-->MsiExec.exe /X{90140000-00A1-0409-0000-0000000FF1CE}
Microsoft Office Outlook MUI (English) 2010-->MsiExec.exe /X{90140000-001A-0409-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (English) 2010-->MsiExec.exe /X{90140000-0018-0409-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{90140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (French) 2010-->MsiExec.exe /X{90140000-001F-040C-0000-0000000FF1CE}
Microsoft Office Proof (Spanish) 2010-->MsiExec.exe /X{90140000-001F-0C0A-0000-0000000FF1CE}
Microsoft Office Proofing (English) 2010-->MsiExec.exe /X{90140000-002C-0409-0000-0000000FF1CE}
Microsoft Office Publisher MUI (English) 2010-->MsiExec.exe /X{90140000-0019-0409-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (English) 2010-->MsiExec.exe /X{90140000-002A-0409-1000-0000000FF1CE}
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0116-0409-1000-0000000FF1CE}
Microsoft Office Shared MUI (English) 2010-->MsiExec.exe /X{90140000-006E-0409-0000-0000000FF1CE}
Microsoft Office Shared Setup Metadata MUI (English) 2010-->MsiExec.exe /X{90140000-0115-0409-0000-0000000FF1CE}
Microsoft Office Word MUI (English) 2010-->MsiExec.exe /X{90140000-001B-0409-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2008 (64-bit)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 (64-bit)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Release\x64\SetupARP.exe"
Microsoft SQL Server 2008 Browser-->MsiExec.exe /X{C688457E-03FD-4941-923B-A27F4D42A7DD}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{5340A3B5-3853-4745-BED2-DD9FF5371331}
Microsoft SQL Server 2008 Common Files-->MsiExec.exe /I{893F27E6-D6BE-4B9F-80E6-0ADA694A31A8}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FA7394B8-CE65-4F9E-AC99-F372AD365424}
Microsoft SQL Server 2008 Database Engine Services-->MsiExec.exe /I{FBD367D1-642F-47CF-B79B-9BE48FB34007}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}
Microsoft SQL Server 2008 Database Engine Shared-->MsiExec.exe /I{DF167CE3-60E7-44EA-99EC-2507C51F37AE}
Microsoft SQL Server 2008 Native Client-->MsiExec.exe /I{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}
Microsoft SQL Server 2008 RsFx Driver-->MsiExec.exe /I{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}
Microsoft SQL Server 2008 Setup Support Files -->MsiExec.exe /X{B40EE88B-400A-4266-A17B-E3DE64E94431}
Microsoft SQL Server Compact 3.5 SP2 ENU-->MsiExec.exe /I{3A9FC03D-C685-4831-94CF-4EDFD3749497}
Microsoft SQL Server Compact 3.5 SP2 x64 ENU-->MsiExec.exe /I{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{0826F9E4-787E-481D-83E0-BC6A57B056D5}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319-->MsiExec.exe /X{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}
Microsoft Visual C++ 2010 Express - ENU-->C:\Program Files (x86)\Microsoft Visual Studio 10.0\Microsoft Visual C++ 2010 Express - ENU\setup.exe
Microsoft Visual C++ 2010 Express - ENU-->MsiExec.exe /X{46F8CF66-AB83-38A7-99B2-A5BE507EE472}
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU-->MsiExec.exe /X{BCA26999-EC22-3007-BB79-638913079C9A}
Microsoft WSE 3.0 Runtime-->MsiExec.exe /X{E3E71D07-CD27-46CB-8448-16D4FB29AA13}
MotoHelper 2.1.40 Driver 5.5.0-->C:\Program Files (x86)\Motorola\MotoHelper\uninstall.exe
MotoHelper MergeModules-->MsiExec.exe /I{94CAC2F1-C856-47F4-AF24-65A1E75AEDB9}
Motorola Datacard Driver Installation 1.5.5-->MsiExec.exe /I{D5370589-3E1E-4689-8045-71493C083E6F}
Motorola Mobile Drivers Installation 5.5.0-->MsiExec.exe /X{61C3230C-D69D-44E7-B974-F8BBADB49EE6}
Mozilla Firefox 12.0 (x86 en-US)-->C:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe
Mozilla Maintenance Service-->"C:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
Mystery P.I. - Stolen in San Francisco-->"C:\Program Files (x86)\HP Games\Mystery P.I. - Stolen in San Francisco\Uninstall.exe"
Namco All-Stars PAC-MAN-->"C:\Program Files (x86)\HP Games\Namco All-Stars PAC-MAN\Uninstall.exe"
ocr-->MsiExec.exe /I{BFBCF96F-7361-486A-965C-54B17AC35421}
PC_link 2.0.0.0.8-->"C:\Program Files\PC_link\uninstall.exe"
PeerBlock 1.1 (r518)-->"C:\Program Files\PeerBlock\unins000.exe"
Penguins!-->"C:\Program Files (x86)\HP Games\Penguins!\Uninstall.exe"
Plants vs. Zombies - Game of the Year-->"C:\Program Files (x86)\HP Games\Plants vs. Zombies - Game of the Year\Uninstall.exe"
PlayReady PC Runtime x86-->MsiExec.exe /X{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}
Poker Superstars III-->"C:\Program Files (x86)\HP Games\Poker Superstars III\Uninstall.exe"
Polar Bowler-->"C:\Program Files (x86)\HP Games\Polar Bowler\Uninstall.exe"
Polar Golfer-->"C:\Program Files (x86)\HP Games\Polar Golfer\Uninstall.exe"
PowerISO-->"C:\Program Files (x86)\PowerISO\uninstall.exe"
PreReq-->MsiExec.exe /I{DA5BDB2A-12F0-4343-8351-21AAEB293990}
PrintProjects-->"C:\Program Files (x86)\PrintProjects\uninst.exe"
puppy-->"C:\Windows\puppy Uninstaller\unins000.exe"
RadioComm v11.11.11-->MsiExec.exe /X{90690334-8BE8-4807-8461-B02E86FD4A37}
Realtek Ethernet Controller Driver-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\setup.exe -runfromtemp -removeonly
Realtek PCIE Card Reader-->"C:\Program Files (x86)\InstallShield Installation Information\{C1594429-8296-4652-BF54-9DBE4932A44C}\Setup.exe" -runfromtemp -removeonly
Recovery Manager-->MsiExec.exe /I{DBCD5E64-7379-4648-9444-8A6558DCB614}
Recuva-->"C:\Program Files\Recuva\uninst.exe"
Renesas Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{5442DAB8-7177-49E1-8B22-09A049EA5996}\Setup.exe" -runfromtemp -l0x0409 -removeonly
Renesas Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /X{5442DAB8-7177-49E1-8B22-09A049EA5996}
RoxioNow Player-->MsiExec.exe /X{0EDEB615-1A60-425E-8306-0E10519C7B55}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {9D621E6E-E010-3C80-A055-135891134750} /parameterfolder Extended
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Extended
Security Update for Microsoft Visual C++ 2010 Express - ENU (KB2251489)-->C:\Windows\SysWOW64\msiexec.exe /package {46F8CF66-AB83-38A7-99B2-A5BE507EE472} /uninstall {F606AC5F-4A30-3D7F-BC43-1200864BD9E5} /qb+ REBOOTPROMPT=&quot;&quot;
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit)-->"C:\Program Files\Microsoft SQL Server\100\Setup Bootstrap\Update Cache\KB968369\ServicePack\setup.exe" /Action=RemovePatch /AllInstances
Sierra I6 Update-->C:\SIERRA~1\UNWISE.EXE
Sierra I6-->C:\SIERRA~1\UNWISE.EXE
Slingo Supreme-->"C:\Program Files (x86)\HP Games\Slingo Supreme\Uninstall.exe"
Spybot - Search & Destroy-->"C:\Program Files (x86)\Spybot - Search & Destroy\unins000.exe"
Sql Server Customer Experience Improvement Program-->MsiExec.exe /I{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}
Synaptics TouchPad Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
Tribler (remove only)-->C:\Program Files (x86)\Tribler\Uninstall.exe
TurboTax 2011 WinPerFedFormset-->MsiExec.exe /I{FAD3D68B-2F9C-459B-AA79-C04B9090FD72}
TurboTax 2011 WinPerReleaseEngine-->MsiExec.exe /I{E463E171-4082-4744-A466-F7CBE8502789}
TurboTax 2011 WinPerTaxSupport-->MsiExec.exe /I{CAF5B770-082F-40C4-853D-3973BB81BDAA}
TurboTax 2011 wmiiper-->MsiExec.exe /I{10DA2BD7-EFFC-420D-8689-CAEA577CAB7C}
TurboTax 2011 wrapper-->MsiExec.exe /I{EE556A3E-EB37-4392-9637-BAA8EC2F47FA}
TurboTax 2011-->C:\Program Files (x86)\TurboTax\Home & Business 2011\Installer\TurboTax 2011 Installer.exe /u /t /a
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Update for Microsoft .NET Framework 4 Extended (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Extended
Update for Microsoft .NET Framework 4 Extended (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Extended
Update for Microsoft Office 2010 (KB2494150)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}" "1033" "0"
Update for Microsoft Office 2010 (KB2553092)-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Oarpmany.exe" /removereleaseinpatch "{90140000-0011-0000-0000-0000000FF1CE}" "{7AC49FC8-F8D2-4DD8-9086-09E52385A21F}" "1033" "0"
Update Installer for WildTangent Games App-->"C:\Program Files (x86)\WildTangent Games\App\Uninstall.exe"
Validity WBF DDK-->MsiExec.exe /X{79174AF2-6CB1-42F5-981E-66DCA49391D0}
VB Runtime-->C:\Windows\System32\UNINSTAL.EXE /A /R C:\Windows\System32\VBRunTme.LOG
Virtual Villagers 4 - The Tree of Life-->"C:\Program Files (x86)\HP Games\Virtual Villagers 4 - The Tree of Life\Uninstall.exe"
VirtualLab Client 6.0.14-->"C:\Program Files (x86)\BinaryBiz\VirtualLab6\unins000.exe"
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
WebEx-->C:\PROGRA~3\webex\atcliun.exe
Wheel of Fortune 2-->"C:\Program Files (x86)\HP Games\Wheel of Fortune 2\Uninstall.exe"
WildTangent Games App (HP Games)-->"C:\Program Files (x86)\WildTangent Games\Touchpoints\hp\Uninstall.exe"
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0)-->rundll32.exe C:\PROGRA~1\DIFX\048B92BA3327CEF8\DIFxAppA.dll, DIFxARPUninstallDriverPackage C:\Windows\System32\DriverStore\FileRepository\grmnusb.inf_amd64_neutral_3e4b654f12f06d57\grmnusb.inf
Windows Live Mesh ActiveX Control for Remote Connections-->MsiExec.exe /I{2902F983-B4C1-44BA-B85D-5C6D52E2C441}
WinRAR 4.10 beta 2 (64-bit)-->C:\Program Files\WinRAR\uninstall.exe
Xilisoft MTS Converter-->C:\Program Files (x86)\Xilisoft\MTS Converter\Uninstall.exe
Xilisoft Video Converter Ultimate-->C:\Program Files (x86)\Xilisoft\Video Converter Ultimate\Uninstall.exe
Yawcam 0.3.7-->"C:\Program Files (x86)\Yawcam\unins000.exe"
Zuma Deluxe-->"C:\Program Files (x86)\HP Games\Zuma Deluxe\Uninstall.exe"

======Hosts File======

127.0.0.1 localhost

======System event log======

Computer Name: Chris-HP
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.
Record Number: 14706
Source Name: Disk
Time Written: 20111223230513.728558-000
Event Type: Warning
User:

Computer Name: Chris-HP
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.
Record Number: 14705
Source Name: Disk
Time Written: 20111223230513.728558-000
Event Type: Warning
User:

Computer Name: Chris-HP
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.
Record Number: 14704
Source Name: Disk
Time Written: 20111223230513.728558-000
Event Type: Warning
User:

Computer Name: Chris-HP
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.
Record Number: 14703
Source Name: Disk
Time Written: 20111223230513.728558-000
Event Type: Warning
User:

Computer Name: Chris-HP
Event Code: 51
Message: An error was detected on device \Device\Harddisk1\DR10 during a paging operation.
Record Number: 14702
Source Name: Disk
Time Written: 20111223230513.728558-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: Chris-HP
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 1805
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111128223347.571948-000
Event Type: Error
User:

Computer Name: Chris-HP
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 1798
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111128222523.135096-000
Event Type: Error
User:

Computer Name: Chris-HP
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 1797
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111128222358.429251-000
Event Type: Error
User:

Computer Name: Chris-HP
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 1796
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111128222358.309245-000
Event Type: Error
User:

Computer Name: Chris-HP
Event Code: 4107
Message: Failed extract of third-party root list from auto update cab at: <http://www.download....uthrootstl.cab> with error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file.
.
Record Number: 1784
Source Name: Microsoft-Windows-CAPI2
Time Written: 20111128221747.143486-000
Event Type: Error
User:

=====Security event log=====

Computer Name: Chris-HP
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x270
Name: C:\Windows\System32\svchost.exe

Previous Time: ‎2011‎-‎11‎-‎28T22:16:06.693798000Z
New Time: ‎2011‎-‎11‎-‎28T22:16:06.693000000Z

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 741
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111128221606.693000-000
Event Type: Audit Success
User:

Computer Name: Chris-HP
Event Code: 4616
Message: The system time was changed.

Subject:
Security ID: S-1-5-19
Account Name: LOCAL SERVICE
Account Domain: NT AUTHORITY
Logon ID: 0x3e5

Process Information:
Process ID: 0x270
Name: C:\Windows\System32\svchost.exe

Previous Time: ‎2011‎-‎11‎-‎28T22:08:16.282755600Z
New Time: ‎2011‎-‎11‎-‎28T22:16:06.577797900Z

This event is generated when the system time is changed. It is normal for the Windows Time Service, which runs with System privilege, to change the system time on a regular basis. Other system time changes may be indicative of attempts to tamper with the computer.
Record Number: 740
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111128221606.591798-000
Event Type: Audit Success
User:

Computer Name: Chris-HP
Event Code: 4905
Message: An attempt was made to unregister a security event source.

Subject
Security ID: S-1-5-18
Account Name: WIN-CQ35SM8F40I$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0xa70
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x14483d
Record Number: 739
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111128220628.782678-000
Event Type: Audit Success
User:

Computer Name: Chris-HP
Event Code: 4904
Message: An attempt was made to register a security event source.

Subject :
Security ID: S-1-5-18
Account Name: WIN-CQ35SM8F40I$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Process:
Process ID: 0xa70
Process Name: C:\Windows\System32\VSSVC.exe

Event Source:
Source Name: VSSAudit
Event Source ID: 0x14483d
Record Number: 738
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20111128220628.782678-000
Event Type: Audit Success
User:

Computer Name: Chris-HP
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-845649588-2443200131-3913574986-1001
Account Name: Chris
Domain Name: Chris-HP
Logon ID: 0xc8cbf
Record Number: 737
Source Name: Microsoft-Windows-Eventlog
Time Written: 20111128220623.197868-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files\CCleaner;C:\Program Files (x86)\Internet Explorer;;C:\Program Files (x86)\HP SimplePass 2011\x64;C:\Program Files (x86)\HP SimplePass 2011\;;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\DLLShared\;C:\Program Files (x86)\Common Files\Roxio Shared\12.0\DLLShared\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\Common Files\Intel\WirelessCommon\;C:\Program Files (x86)\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\Tools\Binn\;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
"PROCESSOR_REVISION"=2a07
"windows_tracing_logfile"=C:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3
"OnlineServices"=Online Services
"Platform"=MCD
"PCBRAND"=Pavilion
"VS100COMNTOOLS"=C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\Tools\
"KDS_LANGUAGE"=13

-----------------EOF-----------------

#8 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 04:19 PM

Figured out how to remove utorrent, had to run it as an administrator

#9 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 04:51 PM

What date did the "Happili" redirect first happen? Do you recall any particular "odd rogue name window" that may have been presented to you?

Is the redirect happening now? In which browser? please be specific. I need to be sure if it happened in Internet Explorer, or Chrome, or Firefox or some other browser; or if all browsers.



From Start button, type in
Program and features
do a Right-Click on it and select Run as Administrator
De-install (remove) Java™ 6 Update 24 (64-bit)
& Java™ 6 Update 29

Posted Image
Your Java runtime is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.
  • Download the latest version of >> Windows 7/XP/Vista/2000/2003/2008 Offline << from here and save it to your desktop.

    IF this is a 64-bit Windows (as is yours), get both the 32-bit & 64-bit Javas & install each.
    DECLINE & do not accept any added "toolbar" either in download or in setup of Java.
  • Close any programs you may have running - especially your web browser.
  • Then from your desktop double-click on jre-6u32-windows-i586-s.exe to install the newest version. If on Windows 7 or Vista, do a RIGHT-Click and Run as Administrator.
    ( jre-6u32-windows-x64.exe if this is a 64-bit Windows o.s.)
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup) Posted Image
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH CheckedApplications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
Small tweaks for Java runtime, since most all users do not need to load Java at each Windows startup:
Click Advanced Tab. Expand the Miscellaneous item.
UN-check the line Java quick starter

Press Apply then OK. Close the applet when done.

To test your Java Run-time, you may go to this page http://www.java.com/...help/testvm.xml
When all is well, you should see Java Version: Java 6 Update 32 from Sun Microsystems Inc.


Use your browser to go here at Virustotal website
Click the Browse button and then navigate to c:\windows\SysWow64\atsckernel.exe, then click the Submit button.
The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

Repeat the same steps for c:\windows\SysWow64\atashost.exe
Save the results, and post back here in a reply.
==
Use your browser to go here at VirSCAN.org website
Click the Browse button and then navigate to c:\windows\SysWow64\atsckernel.exe, then click the Submit button.

Save the results, and post back here in a reply.

Repeat the same steps for c:\windows\SysWow64\atashost.exe
Save the results, and post back here in a reply.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#10 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 06:11 PM

SHA256: 40092deee074dd90de9aab10ab42e09283930def204de725a7c799e0ef9a48ec SHA1: 56ee1f7d0617c5e7e3a3e01c4073808ddb68f93f MD5: b8e5a67fe36a26fe4a22f6ca7161604d File size: 210.8 KB ( 215864 bytes ) File name: 2482816738FA91204BBA03919E0FE400AB67F425.exe File type: Win32 EXE Tags: signed Detection ratio: 0 / 41 Analysis date: 2011-04-23 17:43:49 UTC ( 1 year ago )




0

0
More details Antivirus Result Update AhnLab-V3 - 20110423 AntiVir - 20110423 Antiy-AVL - 20110423 Avast - 20110423 Avast5 - 20110423 AVG - 20110423 BitDefender - 20110423 CAT-QuickHeal - 20110423 ClamAV - 20110421 Commtouch - 20110423 Comodo - 20110423 DrWeb - 20110423 eSafe - 20110422 eTrust-Vet - 20110422 F-Prot - 20110423 F-Secure - 20110423 Fortinet - 20110423 GData - 20110423 Ikarus - 20110423 Jiangmin - 20110423 K7AntiVirus - 20110423 Kaspersky - 20110423 McAfee - 20110423 McAfee-GW-Edition - 20110423 Microsoft - 20110423 NOD32 - 20110423 Norman - 20110423 Panda - 20110423 PCTools - 20110421 Prevx - 20110423 Rising - 20110423 Sophos - 20110423 SUPERAntiSpyware - 20110423 Symantec - 20110423 TheHacker - 20110422 TrendMicro - 20110423 TrendMicro-HouseCall - 20110423 VBA32 - 20110422 VIPRE - 20110423 ViRobot - 20110423 VirusBuster - 20110423

#11 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 06:12 PM

SHA256: 08ec93bc1e2a4281093bca2c9adbbf2915f11af1276a8d7d91199e76686aadac SHA1: 4ca4d125ebd7e2473f39108e3af01678f9dd0ca3 MD5: fcf685f3d5458121c568f268d4d90ee5 File size: 130.8 KB ( 133944 bytes ) File name: /home/freefixer/freefixer.com/uploads/samples/08ec93bc1e2a4281093bca2c9adbbf2915f11af1276a8d7d91199e76686aadac.bin File type: Win32 EXE Tags: signed Detection ratio: 0 / 43 Analysis date: 2012-01-19 22:56:20 UTC ( 3 months, 1 week ago )




0

0
More details Antivirus Result Update AhnLab-V3 - 20120119 AntiVir - 20120119 Antiy-AVL - 20120119 Avast - 20120119 AVG - 20120119 BitDefender - 20120119 ByteHero - 20120116 CAT-QuickHeal - 20120119 ClamAV - 20120119 Commtouch - 20120119 Comodo - 20120119 DrWeb - 20120119 Emsisoft - 20120119 eSafe - 20120117 eTrust-Vet - 20120119 F-Prot - 20120119 F-Secure - 20120119 Fortinet - 20120119 GData - 20120119 Ikarus - 20120119 Jiangmin - 20120119 K7AntiVirus - 20120119 Kaspersky - 20120119 McAfee - 20120119 McAfee-GW-Edition - 20120119 Microsoft - 20120119 NOD32 - 20120119 Norman - 20120119 nProtect - 20120119 Panda - 20120119 PCTools - 20120119 Prevx - 20120119 Rising - 20120118 Sophos - 20120119 SUPERAntiSpyware - 20120119 Symantec - 20120119 TheHacker - 20120119 TrendMicro - 20120119 TrendMicro-HouseCall - 20120119 VBA32 - 20120119 VIPRE - 20120119 ViRobot - 20120119 VirusBuster - 20120119

#12 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 06:13 PM

I am still getting the error message when ever I try to run anything, , "Illegal operation attempted on a registry that has been marked for deletion"

#13 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 06:17 PM

so far no redirects

#14 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 06:25 PM

Restarted my computer and error message went away.

#15 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 06:25 PM

I am still getting the error message when ever I try to run anything, , "Illegal operation attempted on a registry that has been marked for deletion"

Give me an example of what you tried to run & how ....so I can have a better idea.

By the way, we are not done and I have to re-review your logs.
I do not want you to run anything really on your own before we get a better grip.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#16 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 06:27 PM

Restarted my computer and error message went away.


OK. Don't do anything with this system. No websurfing no online stuff.
Wait for my next reply. There is more to do.
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#17 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 06:59 PM

Close all open browsers at this point.

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
Do NOT turn off the firewall

Start Internet Explorer
Using Internet Explorer browser only, go to BitDefender Quickscan website:
http://quickscan.bitdefender.com

and click "Start Scan".
Observe your browser in case it shows a notice/message bar to allow download and installation of a tool.
Allow the download and install of qsax.cab from BitDefender. Right-click the IE info bar and select Install to install the BitDefender quick scan module.
If prompted, reply yes to allow it to run.
Press the Allow button and follow prompts.

Press the "Start Scan" once more.
You'll see the EULA in a pop-up window. Click the I accept & then the OK button

Note: The FAQ is here --> http://quickscan.bitdefender.com/faq/
and that QuickScan has no removal capability.

The site boasts a 60-second scan. Do have patience as it likely will take longer.
It may seem to stall at moments, but have patience; it will move on.
You'll see a progress bar at top right of window.

Hopefully you will see a No infections found in the bar-winddow. Press the View Log button.
The log report will show in your text editor. Save the log.
Do a Select ALL, Copy. Then paste contents into your next reply.

Step 2
Save and close any work documents, close any apps that you started.
Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a FULL Scan.

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Step 3
Re-enable your antivirus program.

Reply with contents (Copy & Paste) of Bitdefender report
and latest MBAM scan log
and tell me, How is your system now ?
Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.

#18 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 07:10 PM

QuickScan 32-bit v0.9.9.114
---------------------------
Scan date: Tue May 01 20:09:48 2012
Machine ID: 28B56AB9

No infection found.
-------------------

Processes
---------
(unsigned) Intel PROSet\Wireless Bluetooth 2396 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(unsigned) Intel PROSet\Wireless Bluetooth 2616 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(unsigned) Intel PROSet\Wireless Bluetooth 5044 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(unsigned) Intel PROSet\Wireless Bluetooth 3112 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(verified) Adobe Acrobat Update Service 2516 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
(verified) AgentMonitor Application 3308 C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(verified) avast! Antivirus 4320 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified) avast! Antivirus 5304 C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) Bonjour 2676 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(verified) CommandService Application 6132 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(verified) EKAiOHostService Module 3060 C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
(verified) HP On Screen Display 3288 C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(verified) HP Quick Launch 3276 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(verified) HP Quick Launch 3008 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(verified) HP Quick Synchronization Service 2960 C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(verified) hpqwmiex Module 4512 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(verified) IAStorDataSvc 5508 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(verified) IAStorIcon 3212 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) Intel® Active Management Technology L 6060 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(verified) Intel® Management and Security Applic 6168 C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(verified) Intuit Update Service 3084 C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(verified) Java™ Platform SE Auto Updater 2 0 3340 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) Malwarebytes Anti-Malware 3252 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(verified) Monitor Application 2492 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(verified) MotoHelper 3388 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(verified) MotoHelper Service 2304 C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(verified) RoxioNow Player 4048 C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
(verified) Shared EasyBits services for Windows 2808 C:\Windows\SysWOW64\ezSharedSvcHost.exe
(verified) Simple Pass 2011 1784 C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(verified) Simple Pass 2011 992 C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(verified) SimplePass 2011 1724 C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(verified) USB 3.0 Monitor 3228 C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(verified) WebEx Support Center 2588 C:\Windows\SysWOW64\atashost.exe
(verified) Windows® Internet Explorer 7140 C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(verified) Windows® Internet Explorer 4568 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 6540 C:\Program Files (x86)\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 692 C:\Program Files (x86)\Internet Explorer\iexplore.exe

Network activity
----------------
Process AgentMonitor.exe (3308) connected on port 80 (HTTP) --> 58.177.240.88
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 23.15.7.18
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 23.15.7.51
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 194.7.155.82
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 66.235.142.20
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 74.125.225.37
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 74.125.225.37
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 64.94.107.56
Process iexplore.exe (4568) connected on port 80 (HTTP) --> 66.235.142.20
Process EKAiOHostService.exe (3060) listens on ports: 9322

Autoruns and critical files
---------------------------
(unsigned) AutoKMS C:\Windows\AutoKMS.exe
(unsigned) Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
(verified) Adobe® Flash® Player Update Service C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) AgentMonitor Application C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe
(verified) AUTOBACK.EXE C:\Program Files (x86)\ERUNT\AUTOBACK.EXE
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastUI.exe
(verified) EasyBits Magic Desktop c:\windows\syswow64\ezupbhook.dll
(verified) Glary Utilities C:\Program Files (x86)\Glary Utilities\initialize.exe
(verified) Google Update C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
(verified) HP Ceement C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
(verified) HP On Screen Display C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(verified) HP Quick Launch C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(verified) HPCMDelayStart Application C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
(verified) IAStorIcon C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(verified) Java™ Platform SE Auto Updater 2 0 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(verified) KODAK AiO Printer Driver C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(verified) Malwarebytes Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(verified) MessageCheck.exe C:\ProgramData\PrintProjects\MessageCheck.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Monitor Application C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(verified) PeerBlock C:\Program Files\PeerBlock\peerblock.exe
(verified) USB 3.0 Monitor C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(verified) Windows® Internet Explorer c:\windows\syswow64\webcheck.dll

Browser plugins
---------------
(unsigned) Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
(unsigned) Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
(unsigned) Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
(unsigned) Simple Pass 2011 C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
(verified) Adobe PDF Toolbar for IE c:\program files (x86)\common files\adobe\acrobat\activex\acroiefavclient.dll
(verified) avast! WebRep c:\program files\avast software\avast\aswwebrepie.dll
(verified) Bitdefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Google Update C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
(verified) Java™ Platform SE 6 U31 c:\program files (x86)\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U31 C:\Program Files (x86)\Java\jre6\bin\ssv.dll
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL
(verified) Microsoft Office 2010 C:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
(verified) NP_wtapp.dll C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll
(verified) NPCIG.dll C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
(verified) NPSWF32_11_2_202_233.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll
(verified) Silverlight Plug-In C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
(verified) WebEx Download Module C:\Windows\Downloaded Program Files\ieatgpc.dll
(verified) Windows® Internet Explorer c:\windows\syswow64\ieframe.dll

Missing files
-------------
File not found: c:\windows\system32\logon.scr
--> HKCU\Control Panel\Desktop\"SCRNSAVE.EXE"

Scan
----
MD5: a0c65ea48c515771f29915c221e51908 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: b78f4c2c592c87df54e8e0c6aaef3874 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
MD5: f893e691690cb722404fa94d1d499f72 C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
MD5: c440483a5ce0e0ab03a79a33ace35d91 C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
MD5: c8ab8ca3557cce041ac4c88e76afbad0 C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
MD5: df83fb0eb35c91339f1c84c6cf426100 C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
MD5: eade68c6f9875614568a5d1ca32b892b C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUIHelper.dll
MD5: 19adef26d3d4efdd2e5e2759a43ec5ee C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IntelVisualDesign.dll
MD5: 16136783dd2c6d210bf8514379678f70 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\ISDI.dll
MD5: e008cb84d5c9c130316b9fe0ae33f1d8 C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
MD5: 34e3709244736b8976820f730e5a8815 C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
MD5: 9a224a2ae159ff3064b0ace1bb18d728 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtCore4.dll
MD5: 7bffc28a55c6b4ef8b41d07102ce3863 C:\Program Files (x86)\LeapFrog\LeapFrog Connect\QtGui4.dll
MD5: b990cb9e77e4a0a41281b263c055dfc8 C:\Program Files (x86)\Motorola\MotoHelper\PST.dll
MD5: d72bf0ae484f88399e8343e821c10d6a C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
MD5: 22ee4e35db025257d906ed07b422377e C:\Program Files (x86)\VTech\DownloadManager\System\DACommCenter.dll
MD5: 30554926f79c2d4239e1be1f6b2fb5df C:\Program Files (x86)\VTech\DownloadManager\System\LIBEAY32.dll
MD5: aba05033f8ad4a728d343d55bdb04886 C:\Program Files (x86)\VTech\DownloadManager\System\phonon4.dll
MD5: 6a9b0092b5f795804d30fc92897e6496 C:\Program Files (x86)\VTech\DownloadManager\System\QtCore4.dll
MD5: 8f00403f4b043ee27ff1f917eb8b1a3a C:\Program Files (x86)\VTech\DownloadManager\System\QtGui4.dll
MD5: a1bff6cb34ddd32cc2c8604fcabec9b1 C:\Program Files (x86)\VTech\DownloadManager\System\QtSolutions_SOAP-2.7.dll
MD5: 4292be540dea4f147edf2e27847ba915 C:\Program Files (x86)\VTech\DownloadManager\System\QtXmlPatterns4.dll
MD5: c7d500e6a1fcbb066a95daff4bb1f30e C:\Program Files\AVAST Software\Avast\defs\12050101\algo.dll
MD5: bb3dbcb6d3e67d53af8d9cf394bf7179 C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll
MD5: c1db1653fce908731b8ae57f5b9503f0 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\39549af0784a97cb71719926653641d3\IAStorCommon.ni.dll
MD5: 1cbc8fcff6ae1194ff8f5f18793d43cc C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgr\bacddd12b0bfa7018fd35b70aad27bc3\IAStorDataMgr.ni.dll
MD5: ec19ebdd816919b48d106d3fd80df952 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorDataMgrSvc\2aed6722dddcd5cef9067994fe938215\IAStorDataMgrSvc.ni.exe
MD5: abe352631d0dfb6820d85e3887e50f09 C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2cd634e28c8cccf05d6f65c85890f721\IAStorUtil.ni.dll
MD5: a9d51725bc95b74453d4a878328bba75 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Automation\564cdcb532033cc930eb36fb66656850\Inkjet.Automation.ni.dll
MD5: c1a04b707f98f950f2c015dc977e4729 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Configuration\83450f3271225f55c528f126bd6e7060\Inkjet.Configuration.ni.dll
MD5: 8fedfb0825f725b29a94042411c211fd C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.DeviceSettin#\a6b61ac5bb712bb586473195119bb416\Inkjet.DeviceSettings.ni.dll
MD5: 4951640e404e0ed43ce79323cea909a5 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Diagnostics\f63f0f6ab1ffd7f69f0c1577767f7c56\Inkjet.Diagnostics.ni.dll
MD5: 822a64b433a7774877fd517ff6a557ea C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Hardware\a6243fee6afa3d07ad1b2c07d2bdfb4c\Inkjet.Hardware.ni.dll
MD5: 9c89001365e322ba8c78bf0c06943e25 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Localization\6e896f2476d7d6b2c8c391d4be5b20af\Inkjet.Localization.ni.dll
MD5: 75e52baf247835cabbac17733fba0c11 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Statistics\daf91889d0f1aa8d3f0ec09cabd4ee93\Inkjet.Statistics.ni.dll
MD5: 2da2fb86441e87937e425548f5b98a51 C:\Windows\assembly\NativeImages_v2.0.50727_32\Inkjet.Utilities\b15675ca45b342eb43fd1a5aac92834b\Inkjet.Utilities.ni.dll
MD5: 1374611adab399df9e9e425a0cda21a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\4f7f892b4ccf813ddfb45220157f01d0\IsdiInterop.ni.dll
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 95e8d9c0e865ead5a440c91d933b7d60 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MD5: 9368bac6d09b20ca367b13c5ce02730e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll
MD5: a2c3f8e5ac37dbee96c563606f710fe3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MD5: 960e6974343d0903de3b5607e200c94c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\c2c7f68605a42caef1b7a19c51de58b4\System.ServiceProcess.ni.dll
MD5: 746d8a021ebb45b2602d33c2fe2c0420 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll
MD5: 673c39ec95b3623f198e8eed3f97f80c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll
MD5: dcc1ac29aa8d2ce725cc86a626cec360 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MD5: 3d725c257ea3952158fffbb5874896da C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MD5: d3ba339de4c1c7082e815ad49a41cd38 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MD5: 1cc5608535a2c80d7b07ec8e72cdb14b C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\e3e1fd8ccf76e9eb0147484fb8dd773a\CustomMarshalers.ni.dll
MD5: f9a16e4f8bb1542f93d23506b9e867fd C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\44ae9f9afb2373055136d57ac6db3f96\mscorlib.ni.dll
MD5: 252b2a8212be315d8e39f29a439c2678 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\bab886a18699bab842769c5ce486c332\System.Configuration.ni.dll
MD5: a8d7bd72a01b3196eee0eb50c699ed0d C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7292b3e639a6202cf7eaf1f7ed271249\System.Core.ni.dll
MD5: 0bf75aaaafc3b76eadf6b839761cd806 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\4a1e0e4ec906686357466a5881de605e\System.Data.ni.dll
MD5: 287d59e447865ec564aead7ccf448bb1 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\c02325260bdcecd695a87bbb24547df2\System.Drawing.ni.dll
MD5: 90cb7e41713c0fa4e25d1ec8c8b1ff49 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\d0d8c27be9116224e42260292e21cad5\System.EnterpriseServices.ni.dll
MD5: 3ef3cf1e699d27f8cf524dea3a3ca66b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e86e6094904541b5f9cf7df0709349d2\System.Runtime.Remoting.ni.dll
MD5: d8ac96b9364cf1d77fee81ec2d45c2e8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\9cabbb335fc6dff10392376707a4d0a2\System.ServiceProcess.ni.dll
MD5: 5539b06e27e2520b62fc629aea19eae4 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\5e3cf00b80c0aecd8392f1702d2d0f28\System.Transactions.ni.dll
MD5: 12948dcc0823638f0cac990d5866700b C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\0b36565a61f83137806e71b287d81042\System.Windows.Forms.ni.dll
MD5: 2cd98c8367653750b9e84b3cdfc1cec8 C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\19e79fc0f95c93b0244c7b287e254871\System.Xml.ni.dll
MD5: 3a9c70a5b5a1b9302e4a1029582242ca C:\Windows\assembly\NativeImages_v4.0.30319_32\System\2c59490afc22def906d3ca96e1207ff9\System.ni.dll
MD5: e529a1ba814ab5afa5068db7e487b4ba C:\Windows\AutoKMS.exe
MD5: 855b79451ecf62602f20eb4d5c71f99b C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 1f5afd468eb5e09e9ed75a087529eab5 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_cbf5e994470a1a8f\MFC80.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\Windows\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.6195_none_03ce2c72205943d3\MFC80ENU.DLL
MD5: d34a527493f39af4491b3e909dc697ca C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\msvcm90.dll

No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.00 MB sent, 0.21 KB recvd
Scanned 509 files and modules - 3 seconds
==============================================================================

#19 Indyultra

Indyultra

    New Member

  • Members
  • Pip
  • 18 posts

Posted 01 May 2012 - 08:10 PM

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org
Database version: v2012.05.01.11
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Chris :: CHRIS-HP [administrator]
Protection: Disabled
5/1/2012 8:11:57 PM
mbam-log-2012-05-01 (20-11-57).txt
Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 406331
Time elapsed: 48 minute(s), 21 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 3
C:\Qoobox\Quarantine\C\Users\Chris\AppData\Local\ATI\Adobe\xdlqzl.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Chris\AppData\Local\ATI\Adobe\dyddza.dll (Trojan.Tracur) -> Quarantined and deleted successfully.
C:\Users\Chris\Desktop\Programs\Malware\RK_Quarantine\xdlqzl.dll.vir (Trojan.Tracur) -> Quarantined and deleted successfully.
(end)

#20 Maurice Naggar

Maurice Naggar

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 14,550 posts
  • Gender:Male
  • Location:USA
  • Interests:Security, Windows, Windows Update, malware prevention

Posted 01 May 2012 - 08:39 PM

MBAM just found & removed 1 new trojan (as well as deleting 2 from previous quarantines).

Chris,
Did you get help elsewhere before posting here?
You ran RogueKiller before posting this Topic here ? when ?

I need a new log for review.

Please close any of your open windows/programs and exit; saving any open work you have.

Go slow and careful. This is a Custom scan. Have infinite patience while it runs.

Temporarily turn OFF your antivirus program so that it does not interfere. Leave the firewall on
For a how-to-reference, see this How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

I'd like to have you do a special run of OTL to generate some searches & a new log-report.

Download OTL by OldTimer to your desktop: http://oldtimer.geekstogo.com/OTL.exe

  • Please double-click OTL.exe Posted Image to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  • Copy all the lines in between the **** stars lines **** below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    *****************************************************************
    netsvcs
    msconfig
    safebootminimal
    safebootnetwork
    activex
    drivers32
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %ALLUSERSPROFILE%\Application Data\*.dll /s
    C:\Users\Chris\AppData\Local\ATI\Adobe\*.* /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    c:|Fun4IM;true;true;true; /FP
    c:|Bandoo;true;true;true; /FP
    c:|Searchn;true;true;true; /FP
    c:|Searchq;true;true;true; /FP
    c:|datamngr;true;true;true; /FP
    c:|iLivid;true;true;true; /FP
    c:|whitesmoke;true;true;true; /FP
    %USERPROFILE%\..|smtmp;true;true;true /FP
    %systemroot%\*. /mp /s
    CLEARALLRESTOREPOINTS

    *****************************************************************
  • Return to OTL. Right click in the "Custom Scans/Fixes" window (under the aqua-blue bar) and choose Paste.
  • :excl: Close any browser(s) windows that may be open.
  • Using your mouse, click on Run Scan.
  • The scan won't take long. Have inifinite patience. OTL may appear to stall but it will finish.
    When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
    These are saved in the same location as OTL.
  • Please Copy and Paste the OTL log(s) . Do not enclose in Code or Quote.

Maurice Naggar
Product Support

staff.png

Follow us: Twitter, Become a fan: Facebook

I close my threads if there is 5 days without a response.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users