Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Infected?

Started by grotesque666 , Jun 27 2010 11:25 AM

  • Please log in to reply

#1
grotesque666
Posted 27 June 2010 - 11:25 AM

grotesque666

    New Member

  • Member
  • Pip
  • 4 posts
Usually my PC runs with CPU at 3-5%, and RAM at approx. 47-51% under normal conditions where the computer is not running any applications apart from background processes.

Over the last couple of days the RAM has been sat at almost 100% constantly, under the forementioned conditions, as if something is working heavily in the background.

No new installations have taken place which leads me to believe its a virus/malware/trojan etc.

I have Norton 360 4.0 running, but have had it in "trusted" mode which I have been told can potentially increase the likihood of infection due to truted files not being scanned.

But as stated I can't be 100% sure whether any infection has taken place.

Running W7 (x64)

Any help appreciated.

Edited by grotesque666, 27 June 2010 - 11:28 AM.

  • 0

Advertisements

#2
RKinner
Posted 27 June 2010 - 09:14 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Do as much of

http://www.geekstogo...uide-t2852.html

as you can. If a step won't work, skip to the next one. Copy and paste your gmer, mbam, otl, & extras logs into a reply. Do not attach them.

If you lose internet access after running MBAM or if you are not able to get to the downloads:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.

In FireFox, Tools, Options, Advanced, Settings, check No Proxy then OK. Close Firefox and restart Firefox.

In Chrome, Wrench, Options, Under the Hood, Change Proxy Settings, uncheck all boxes, OK.

Ron
  • 0

#3
grotesque666
Posted 28 June 2010 - 12:33 PM

grotesque666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi RKinner,

Thanks for your reply, I followed the instructions as per your post and the logs are shown below.

MBAM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4250

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

28/06/2010 18:31:53
mbam-log-2010-06-28 (18-31-53).txt

Scan type: Full scan (C:\|E:\|)
Objects scanned: 347303
Time elapsed: 1 hour(s), 2 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


GMER

Blank?

On opening GMER gives the error message: "C:\Windows|system32\config\system: The system cannot find the file specified."

It still performed a scan.

OTL

OTL logfile created on: 28/06/2010 19:17:17 - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Matt\Downloads
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 32.00% Memory free
5.00 Gb Paging File | 1.00 Gb Available in Paging File | 25.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.95 Gb Total Space | 303.81 Gb Free Space | 67.22% Space Free | Partition Type: NTFS
Drive D: | 13.71 Gb Total Space | 2.43 Gb Free Space | 17.71% Space Free | Partition Type: NTFS
Drive E: | 141.05 Gb Total Space | 62.57 Gb Free Space | 44.36% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
Drive H: | 1.86 Gb Total Space | 0.01 Gb Free Space | 0.31% Space Free | Partition Type: FAT32
I: Drive not present or media not loaded

Computer Name: MATT-PC
Current User Name: Matt
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/28 17:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
PRC - [2010/06/25 22:12:52 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2010/05/26 11:03:40 | 002,346,192 | ---- | M] (IObit) -- C:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
PRC - [2010/04/19 13:12:08 | 000,405,712 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
PRC - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccsvchst.exe
PRC - [2009/12/01 20:49:52 | 000,210,216 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2009/11/13 12:31:12 | 000,247,144 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
PRC - [2009/10/20 14:50:34 | 000,128,296 | ---- | M] (CyberLink Corp.) -- c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
PRC - [2009/05/26 09:36:13 | 000,656,896 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 10:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2007/01/11 19:57:20 | 000,291,760 | ---- | M] () -- C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
PRC - [2006/11/29 17:57:10 | 000,082,864 | ---- | M] (Lexmark International Inc.) -- C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe


========== Modules (SafeList) ==========

MOD - [2010/06/28 17:16:25 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Downloads\OTL.exe
MOD - [2009/07/14 02:14:10 | 000,095,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\msscript.ocx
MOD - [2009/07/14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2009/08/18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/14 02:39:46 | 000,027,136 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\svchost.exe -- (ezSharedSvc)
SRV:64bit: - [2006/11/29 17:57:36 | 000,566,192 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\lxcycoms.exe -- (lxcy_device)
SRV - [2010/06/10 21:03:08 | 000,144,176 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2010/05/09 18:43:42 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Citrix\GoToAssist\570\g2aservice.exe -- (GoToAssist)
SRV - [2010/03/18 14:27:14 | 000,138,576 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_64)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/11 10:01:02 | 000,153,736 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2010/02/26 01:21:50 | 000,126,392 | R--- | M] (Symantec Corporation) [Unknown | Running] -- C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ccSvcHst.exe -- (N360)
SRV - [2009/11/13 12:31:14 | 000,092,008 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [On_Demand | Stopped] -- C:\Windows\Vss -- (VSS)
SRV - [2009/07/14 04:20:14 | 000,000,000 | ---D | M] [Unknown | Stopped] -- C:\Windows\SysWOW64\Msdtc -- (MSDTC)
SRV - [2009/07/13 21:30:11 | 000,061,056 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysWOW64\wbem\vds.mof -- (vds)
SRV - [2009/05/22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/02/22 12:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2006/11/29 17:57:20 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWow64\lxcycoms.exe -- (lxcy_device)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2010/05/26 19:25:33 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri)
DRV:64bit: - [2010/05/26 19:25:06 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2010/05/26 19:25:05 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2010/05/09 23:12:31 | 000,173,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2010/05/09 18:00:04 | 000,034,152 | R--- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2010/05/06 05:01:59 | 000,451,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symtdiv.sys -- (SYMTDIv)
DRV:64bit: - [2010/05/06 05:01:44 | 000,053,808 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SymIMV.sys -- (SymIM)
DRV:64bit: - [2010/04/29 06:03:51 | 000,150,064 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\ironx64.sys -- (SymIRON)
DRV:64bit: - [2010/04/22 04:02:20 | 000,221,232 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symefa64.sys -- (SymEFA)
DRV:64bit: - [2010/04/22 03:29:51 | 000,505,392 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2010/04/22 03:29:51 | 000,032,304 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2010/04/19 20:47:42 | 000,050,688 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010/02/26 01:22:52 | 000,615,040 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\cchpx64.sys -- (ccHP)
DRV:64bit: - [2010/02/24 07:06:20 | 000,726,816 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2010/02/04 02:40:47 | 000,433,200 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\0402000.00C\symds64.sys -- (SymDS)
DRV:64bit: - [2009/07/31 00:12:56 | 000,339,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/07/14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009/07/14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008/03/22 22:42:20 | 000,129,384 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV - [2010/05/28 20:33:18 | 000,463,408 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20100625.001\IDSviA64.sys -- (IDSVia64)
DRV - [2010/05/27 13:49:40 | 000,475,696 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2010/05/27 13:49:40 | 000,132,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2010/05/22 19:16:04 | 000,942,640 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20100619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2010/05/11 17:17:40 | 001,773,104 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100628.002\EX64.SYS -- (NAVEX15)
DRV - [2010/05/11 17:17:39 | 000,117,808 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20100628.002\ENG64.SYS -- (NAVENG)
DRV - [2009/06/10 22:28:14 | 000,001,088 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\wbem\mpsdrv.mof -- (mpsdrv)
DRV - [2009/06/10 22:15:18 | 000,003,066 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysWOW64\wbem\tcpip.mof -- (Tcpip)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.h...a...ion&pf=cndt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.h...a...ion&pf=cndt
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultthis.engineName: "Google Powered Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Google Powered Search"
FF - prefs.js..extensions.enabledItems: [email protected]:2.1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.1.6
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100503
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:4.6
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2504091&q="


FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\IPSFFPlgn\ [2010/05/26 08:31:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\coFFPlgn\ [2010/05/09 23:14:52 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/06/25 22:12:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.4\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2010/06/25 22:12:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2010/06/27 21:08:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2010/05/14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions
[2010/05/09 17:46:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010/05/14 19:18:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/05/12 19:02:46 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/27 22:23:32 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\213ddd4g.default\extensions
[2010/05/17 21:09:03 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\213ddd4g.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010/05/14 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\213ddd4g.default\extensions\[email protected]
[2010/05/14 19:19:25 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\213ddd4g.default\extensions\[email protected]
[2010/05/14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\Matt\AppData\Roaming\Mozilla\SeaMonkey\Profiles\mm4k64dz.default\extensions
[2010/06/26 14:58:32 | 000,000,903 | ---- | M] () -- C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\213ddd4g.default\searchplugins\conduit.xml
[2010/05/09 23:12:52 | 000,000,000 | ---D | M] -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/06/25 22:12:55 | 000,001,538 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/06/25 22:12:55 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/06/25 22:12:55 | 000,000,769 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/06/25 22:12:55 | 000,001,135 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/05/29 18:22:54 | 000,397,022 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 13701 more lines...
O2:64bit: - BHO: (CKeyScramblerBHO Object) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (CKeyScramblerBHO Object) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\ipsbho.dll (Symantec Corporation)
O2 - BHO: (AOL Toolbar BHO) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files (x86)\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [LXCYCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCYtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcymon.exe] C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe ()
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.DLL (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe File not found
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [msnmsgr] C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Sony Ericsson PC Companion] C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O8 - Extra context menu item: &AOL Toolbar Search - C:\ProgramData\AOL\ieToolbar\resources\en-GB\local\search.html ()
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &KeyScrambler... - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\GoToAssist: DllName - Reg Error: Key error. - C:\Program Files (x86)\Citrix\GoToAssist\570\g2awinlogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0c8f413b-6755-11df-905c-9a87b5834fee}\Shell - "" = AutoRun
O33 - MountPoints2\{0c8f413b-6755-11df-905c-9a87b5834fee}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O33 - MountPoints2\{c7cbb0da-5b8b-11df-ac82-98ed467110d2}\Shell - "" = AutoRun
O33 - MountPoints2\{c7cbb0da-5b8b-11df-ac82-98ed467110d2}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)

Drivers32:64bit: aux - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midi - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: midimapper - midimap.dll (Microsoft Corporation)
Drivers32:64bit: mixer - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: msacm.imaadpcm - imaadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: msacm.msadpcm - msadp32.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msg711 - msg711.acm (Microsoft Corporation)
Drivers32:64bit: msacm.msgsm610 - msgsm32.acm (Microsoft Corporation)
Drivers32:64bit: MSVideo8 - VfWWDM32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.i420 - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.IYUV - iyuv_32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.mrle - msrle32.dll (Microsoft Corporation)
Drivers32:64bit: vidc.msvc - msvidc32.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.UYVY - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YUY2 - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVU9 - tsbyuv.dll (Microsoft Corporation)
Drivers32:64bit: VIDC.YVYU - msyuv.dll (Microsoft Corporation)
Drivers32:64bit: wave - wdmaud.drv (Microsoft Corporation)
Drivers32:64bit: wavemapper - msacm32.drv (Microsoft Corporation)
Drivers32: aux - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\SysWow64\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.imaadpcm - C:\Windows\SysWow64\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.msadpcm - C:\Windows\SysWow64\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\SysWow64\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\SysWow64\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\Windows\SysWow64\sirenacm.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\SysWow64\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\SysWow64\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\SysWow64\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)
Drivers32: vidc.yvu9 - C:\Windows\SysWow64\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\SysWow64\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\SysWow64\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\SysWow64\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2010/06/28 17:25:04 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/28 17:23:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ERUNT
[2010/06/27 18:21:31 | 000,000,000 | ---D | C] -- C:\Users\Matt\Tracing
[2010/06/27 18:21:30 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/27 18:10:13 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2010/06/27 18:10:13 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2010/06/27 18:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2010/06/27 18:07:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live SkyDrive
[2010/06/27 18:05:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2010/06/27 12:23:46 | 000,000,000 | ---D | C] -- C:\e675697ea1fd7132de097dc97cd688
[2010/06/27 12:20:50 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2010/06/27 00:22:20 | 000,444,416 | ---- | C] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2010/06/26 23:09:58 | 000,000,000 | R--D | C] -- C:\Users\Matt\Documents\Scanned Documents
[2010/06/26 23:09:51 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Fax
[2010/06/26 15:08:56 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Vuze Downloads
[2010/06/26 14:58:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Azureus
[2010/06/26 14:57:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\i4j_jres
[2010/06/26 14:57:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit
[2010/06/23 18:00:54 | 001,942,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dfshim.dll
[2010/06/23 18:00:54 | 001,130,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dfshim.dll
[2010/06/23 18:00:54 | 000,320,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHost.exe
[2010/06/23 18:00:54 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHost.exe
[2010/06/23 18:00:54 | 000,109,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PresentationHostProxy.dll
[2010/06/23 18:00:54 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PresentationHostProxy.dll
[2010/06/23 18:00:54 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netfxperf.dll
[2010/06/23 18:00:54 | 000,048,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netfxperf.dll
[2010/06/23 16:51:07 | 001,736,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2010/06/23 16:51:02 | 000,961,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\CPFilters.dll
[2010/06/23 16:51:02 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\CPFilters.dll
[2010/06/23 16:51:02 | 000,552,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msdri.dll
[2010/06/23 16:51:02 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2010/06/23 16:51:02 | 000,258,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mpg2splt.ax
[2010/06/23 16:51:02 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2010/06/23 16:51:02 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mpg2splt.ax
[2010/06/23 16:50:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\Payslips
[2010/06/21 18:18:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2010/06/21 18:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2010/06/20 18:38:39 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Command and Conquer 4
[2010/06/20 18:30:59 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Command and Conquer 4
[2010/06/20 18:30:55 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Electronic_Arts_Inc
[2010/06/20 18:01:11 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2010/06/20 18:01:11 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2010/06/20 18:01:11 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2010/06/20 18:01:11 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2010/06/20 18:01:11 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2010/06/20 18:01:11 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2010/06/20 18:01:10 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2010/06/20 18:01:10 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2010/06/20 18:01:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2010/06/20 18:01:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2010/06/20 18:01:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2010/06/20 18:01:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2010/06/20 18:00:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2010/06/19 18:28:29 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Sony
[2010/06/19 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Podcasts
[2010/06/19 18:28:12 | 000,000,000 | ---D | C] -- C:\Users\Matt\Documents\Media Go
[2010/06/19 18:19:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sony Shared
[2010/06/19 18:19:28 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\Downloaded Installations
[2010/06/19 18:19:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Corporation
[2010/06/19 18:19:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2010/06/19 18:14:43 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\Sony
[2010/06/19 18:05:38 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/19 18:05:11 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/06/19 18:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2010/06/19 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/19 18:00:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2010/06/16 19:36:19 | 000,000,000 | ---D | C] -- C:\Users\Matt\Word
[2010/06/16 19:35:38 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Local\myPod_Apps
[2010/06/16 19:34:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhone Explorer
[2010/06/16 19:30:47 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2010/06/16 19:27:16 | 000,000,000 | ---D | C] -- C:\Users\Matt\AppData\Roaming\IObit
[2010/06/16 19:27:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2010/06/12 12:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2010/06/12 12:41:13 | 000,366,080 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2010/06/12 12:41:13 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2010/06/12 12:41:13 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2010/06/12 12:41:13 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2010/06/04 18:00:44 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2010/05/09 18:24:53 | 000,413,696 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyinpa.dll
[2010/05/09 18:24:53 | 000,397,312 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyiesc.dll
[2010/05/09 18:24:49 | 000,643,072 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypmui.dll
[2010/05/09 18:24:44 | 000,991,232 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyusb1.dll
[2010/05/09 18:24:43 | 001,224,704 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyserv.dll
[2010/05/09 18:24:42 | 000,163,840 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyprox.dll
[2010/05/09 18:24:40 | 000,094,208 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcypplc.dll
[2010/05/09 18:24:39 | 000,585,728 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcylmpm.dll
[2010/05/09 18:24:37 | 000,696,320 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcyhbn3.dll
[2010/05/09 18:24:36 | 000,421,888 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomm.dll
[2010/05/09 18:24:35 | 000,684,032 | ---- | C] ( ) -- C:\Windows\SysWow64\lxcycomc.dll

========== Files - Modified Within 30 Days ==========

[2010/06/28 19:17:12 | 006,291,456 | -HS- | M] () -- C:\Users\Matt\NTUSER.DAT
[2010/06/28 18:49:01 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/28 17:28:08 | 000,001,011 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 17:26:58 | 000,227,919 | ---- | M] () -- C:\Users\Matt\Desktop\ERUNT Showing File Path.jpg
[2010/06/28 17:26:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 17:26:51 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/28 17:24:01 | 000,000,926 | ---- | M] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2010/06/28 17:24:00 | 000,000,907 | ---- | M] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2010/06/28 17:19:21 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/28 17:19:21 | 000,000,392 | ---- | M] () -- C:\Windows\tasks\AWC Startup.job
[2010/06/28 17:19:04 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/28 17:18:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/28 17:18:46 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/28 17:17:39 | 002,789,265 | -H-- | M] () -- C:\Users\Matt\AppData\Local\IconCache.db
[2010/06/27 21:48:40 | 000,732,510 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2010/06/27 21:48:40 | 000,632,166 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2010/06/27 21:48:40 | 000,112,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2010/06/27 18:09:03 | 000,000,020 | ---- | M] () -- C:\Windows\°õ
[2010/06/27 15:20:38 | 000,007,633 | ---- | M] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
[2010/06/27 12:20:50 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Matt\Desktop\HiJackThis.exe
[2010/06/27 00:06:30 | 000,444,416 | ---- | M] (OldTimer Tools) -- C:\Users\Matt\Desktop\TFC.exe
[2010/06/12 18:10:09 | 000,354,032 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

========== Files Created - No Company Name ==========

[2010/06/28 17:28:07 | 000,001,011 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/28 17:26:57 | 000,227,919 | ---- | C] () -- C:\Users\Matt\Desktop\ERUNT Showing File Path.jpg
[2010/06/28 17:24:01 | 000,000,926 | ---- | C] () -- C:\Users\Matt\Desktop\NTREGOPT.lnk
[2010/06/28 17:24:00 | 000,000,907 | ---- | C] () -- C:\Users\Matt\Desktop\ERUNT.lnk
[2010/06/27 18:08:58 | 000,000,020 | ---- | C] () -- C:\Windows\°õ
[2010/06/26 23:27:04 | 000,007,633 | ---- | C] () -- C:\Users\Matt\AppData\Local\Resmon.ResmonCfg
[2010/06/16 19:27:32 | 000,000,392 | ---- | C] () -- C:\Windows\tasks\AWC Startup.job
[2010/05/11 17:55:43 | 000,178,176 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2010/05/11 17:55:43 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2010/05/11 17:55:40 | 000,881,664 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010/05/11 17:55:40 | 000,205,824 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010/05/11 17:55:39 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2010/05/11 17:55:39 | 000,000,547 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll.manifest
[2010/05/09 18:24:55 | 000,274,432 | ---- | C] () -- C:\Windows\SysWow64\lxcyinst.dll
[2010/05/09 18:24:54 | 000,385,024 | ---- | C] () -- C:\Windows\SysWow64\lxcycomx.dll
[2009/07/15 17:50:42 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/13 23:28:51 | 000,000,750 | ---- | M] () -- C:\FINIS_IT.TXT
[2010/06/28 17:18:46 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2006/12/01 23:37:14 | 000,904,704 | ---- | M] (Microsoft Corporation) -- C:\msdia80.dll
[2010/06/28 17:18:49 | 2952,060,928 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2009/07/14 06:32:31 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/14 06:32:31 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 06:32:31 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 06:32:31 | 000,043,318 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >

< %systemroot%\system32\user32.dll /md5 >
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2009/07/14 02:16:20 | 000,206,336 | ---- | M] (Microsoft Corporation) MD5=DAAE8A9B8C0ACC7F858454132553C30D -- C:\Windows\SysWOW64\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2009/07/14 02:11:26 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=808AABDF9337312195CAFF76D1804786 -- C:\Windows\SysWOW64\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Edited by grotesque666, 28 June 2010 - 01:08 PM.

  • 0

#4
RKinner
Posted 28 June 2010 - 07:56 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Get Process Explorer

http://live.sysinter...com/procexp.exe

Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator). Click once or twice on the CPU column header to sort things by CPU usage with the big hitters at the top. What do you see in the top 5 and what percentage does each use. File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.

Use IE or Firefox and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.

Also do the BitDefender scan

http://www.bitdefend...nline/free.html

Ron
  • 0

#5
grotesque666
Posted 29 June 2010 - 01:55 PM

grotesque666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks Ron,

The RAM seems to have settled between approx. 50-65% now.

I ran all 3 items:

Procexp Log

Process PID CPU Private Bytes Working Set Description Company Name
System Idle Process 0 84.35 0 K 24 K
Interrupts n/a 0.51 0 K 0 K Hardware Interrupts
DPCs n/a 1.03 0 K 0 K Deferred Procedure Calls
System 4 3.60 116 K 1,100 K
smss.exe 340 508 K 1,020 K Windows Session Manager Microsoft Corporation
csrss.exe 444 2,416 K 3,820 K Client Server Runtime Process Microsoft Corporation
wininit.exe 500 1,756 K 4,048 K Windows Start-Up Application Microsoft Corporation
services.exe 568 5,584 K 7,780 K Services and Controller app Microsoft Corporation
svchost.exe 748 4,616 K 8,500 K Host Process for Windows Services Microsoft Corporation
dllhost.exe 5040 2,696 K 7,052 K COM Surrogate Microsoft Corporation
WmiPrvSE.exe 1788 2,844 K 6,120 K WMI Provider Host Microsoft Corporation
nvvsvc.exe 812 1,484 K 3,448 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation
nvvsvc.exe 3208 3,276 K 8,032 K NVIDIA Driver Helper Service, Version 186.55 NVIDIA Corporation
svchost.exe 852 5,032 K 7,932 K Host Process for Windows Services Microsoft Corporation
svchost.exe 952 22,216 K 21,088 K Host Process for Windows Services Microsoft Corporation
audiodg.exe 3320 17,176 K 17,260 K Windows Audio Device Graph Isolation Microsoft Corporation
svchost.exe 984 124,984 K 124,176 K Host Process for Windows Services Microsoft Corporation
WUDFHost.exe 2016 2,276 K 5,156 K Windows Driver Foundation - User-mode Driver Framework Host Process Microsoft Corporation
dwm.exe 1088 0.51 46,468 K 59,852 K Desktop Window Manager Microsoft Corporation
svchost.exe 1012 26,324 K 38,784 K Host Process for Windows Services Microsoft Corporation
taskeng.exe 2112 2,328 K 6,328 K Task Scheduler Engine Microsoft Corporation
AWC.exe 3796 21,096 K 2,976 K Advanced SystemCare 3 IObit
taskeng.exe 3672 2,248 K 5,784 K Task Scheduler Engine Microsoft Corporation
CLMLSvc.exe 4256 60,248 K 21,556 K CyberLink MediaLibray Service CyberLink
DVDAgent.exe 2456 6,844 K 2,040 K HP DVDSmart Resident Program CyberLink Corp.
taskeng.exe 4484 1,836 K 4,992 K Task Scheduler Engine Microsoft Corporation
svchost.exe 540 10,900 K 16,004 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1220 22,284 K 21,764 K Host Process for Windows Services Microsoft Corporation
spoolsv.exe 1352 8,608 K 10,608 K Spooler SubSystem App Microsoft Corporation
svchost.exe 1388 12,188 K 11,400 K Host Process for Windows Services Microsoft Corporation
AppleMobileDeviceService.exe 1468 1.54 4,220 K 8,984 K Apple Mobile Device Service Apple Inc.
mDNSResponder.exe 1500 1,884 K 5,112 K Bonjour Service Apple Inc.
svchost.exe 1544 1,480 K 4,548 K Host Process for Windows Services Microsoft Corporation
svchost.exe 1584 9,296 K 24,320 K Host Process for Windows Services Microsoft Corporation
LSSrvc.exe 1708 1,280 K 3,732 K LightScribe Service Hewlett-Packard Company
lxcycoms.exe 1764 2,488 K 6,676 K Printer Communication System
ccsvchst.exe 1800 4.11 82,616 K 10,536 K Symantec Service Framework Symantec Corporation
ccsvchst.exe 2200 21,704 K 9,676 K Symantec Service Framework Symantec Corporation
svchost.exe 1928 6,964 K 8,264 K Host Process for Windows Services Microsoft Corporation
TomTomHOMEService.exe 1976 1,012 K 2,624 K Windows Service for TomTom HOME TomTom
WLIDSVC.EXE 1060 4,304 K 10,296 K Microsoft® Windows Live ID Service Microsoft Corporation
WLIDSVCM.EXE 2812 1,300 K 2,784 K Microsoft® Windows Live ID Service Monitor Microsoft Corporation
SDWinSec.exe 2160 4,500 K 8,020 K Spybot-S&D Security Center integration Safer Networking Ltd.
SearchIndexer.exe 3056 48,444 K 33,556 K Microsoft Windows Search Indexer Microsoft Corporation
SearchProtocolHost.exe 3328 3,868 K 9,264 K Microsoft Windows Search Protocol Host Microsoft Corporation
SearchFilterHost.exe 5676 2,740 K 6,424 K Microsoft Windows Search Filter Host Microsoft Corporation
svchost.exe 3180 2,416 K 5,400 K Host Process for Windows Services Microsoft Corporation
wmpnetwk.exe 2984 11,740 K 10,416 K Windows Media Player Network Sharing Service Microsoft Corporation
iPodService.exe 4416 3,336 K 6,280 K iPodService Module (64-bit) Apple Inc.
svchost.exe 4472 10,416 K 13,288 K Host Process for Windows Services Microsoft Corporation
PresentationFontCache.exe 5024 27,640 K 19,960 K PresentationFontCache.exe Microsoft Corporation
HPHC_Service.exe 4720 27,720 K 16,320 K HP Health Check Service Hewlett-Packard
taskhost.exe 2636 3,360 K 7,736 K Host Process for Windows Tasks Microsoft Corporation
lsass.exe 588 4,856 K 10,516 K Local Security Authority Process Microsoft Corporation
lsm.exe 596 3,404 K 5,816 K Local Session Manager Service Microsoft Corporation
winlogon.exe 1636 3,248 K 7,044 K Windows Logon Application Microsoft Corporation
csrss.exe 3716 7,076 K 11,448 K Client Server Runtime Process Microsoft Corporation
conhost.exe 3656 1,312 K 3,492 K Console Window Host Microsoft Corporation
conhost.exe 3444 1,312 K 3,436 K Console Window Host Microsoft Corporation
conhost.exe 3932 1,312 K 3,452 K Console Window Host Microsoft Corporation
explorer.exe 4396 41,944 K 83,232 K Windows Explorer Microsoft Corporation
SmartMenu.exe 3260 6,768 K 14,492 K SmartMenu
lxcymon.exe 4760 2,876 K 7,136 K Device Monitor
ezprint.exe 4200 5,652 K 18,116 K Lexmark Fast Pics Application Lexmark International Inc.
splwow64.exe 1196 1,876 K 4,948 K Print driver host for 32bit applications Microsoft Corporation
HPAdvisor.exe 3804 69,772 K 7,524 K HP Advisor Hewlett-Packard
sidebar.exe 4036 47,128 K 47,672 K Windows Desktop Gadgets Microsoft Corporation
TomTomHOMERunner.exe 3784 1,920 K 6,988 K System Tray application for TomTom HOME TomTom
TeaTimer.exe 3288 0.51 122,164 K 126,800 K System settings protector Safer-Networking Ltd.
PCCompanion.exe 3888 17,752 K 36,296 K PCCompanion
thunderbird.exe 3376 53,908 K 73,440 K Thunderbird Mozilla Messaging
firefox.exe 3316 113,384 K 146,028 K Firefox Mozilla Corporation
plugin-container.exe 5032 14,068 K 20,368 K Plugin Container for Firefox Mozilla Corporation
procexp.exe 5324 1,592 K 5,960 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
procexp64.exe 2692 24,476 K 50,636 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com
hpsysdrv.exe 2948 920 K 3,344 K hpsysdrv Hewlett-Packard
HP_Remote_Solution.exe 688 3,020 K 6,996 K HP Remote Solution
hpwuschd2.exe 656 996 K 3,496 K hpwuSchd Application Hewlett-Packard
iTunesHelper.exe 4068 6,140 K 13,768 K iTunesHelper Apple Inc.
iTunes.exe 3700 2.57 84,644 K 108,556 K iTunes Apple Inc.
AppleMobileDeviceHelper.exe 3372 6,132 K 15,004 K MobileDeviceHelper Apple Inc.
distnoted.exe 4740 1,716 K 5,500 K distnoted Apple Inc.
SyncServer.exe 4768 3,608 K 11,424 K SyncServer Apple Inc.

ESET Scan:

Nothing Found

Bit Defender Log:

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Tue Jun 29 20:42:24 2010
Machine ID: 6CBEAA89



No infection found.
-------------------



Processes
---------
<unsigned> HP Remote Solution 688 C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
<unsigned> TeaTimer.exe 3288 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

<verified> hpwuSchd Application 656 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
<verified> CyberLink MediaLibray Service 4256 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
<verified> Device Monitor 4760 C:\Program Files (x86)\Lexmark 3400 Series\lxcymon.exe
<verified> Firefox 436 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
<verified> HP Advisor 3804 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> HP DVDSmart 2456 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
<verified> hpsysdrv Application 2948 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
<verified> iTunes 4068 C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Lexmark Fast Pics Application 4200 C:\Program Files (x86)\Lexmark 3400 Series\ezprint.exe
<verified> Sony Ericsson PC Companion 3888 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
<verified> Thunderbird 1684 C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
<verified> TomTom HOME 3784 C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe


Network activity
----------------
Process firefox.exe (436) connected on port 80 (HTTP) --> *.122.2o7.net
Process firefox.exe (436) connected on port 80 (HTTP) --> ey-in-f101.1e100.net
Process firefox.exe (436) connected on port 80 (HTTP) --> 95.100.85.115
Process firefox.exe (436) connected on port 80 (HTTP) --> *.122.2o7.net



Autoruns and critical files
---------------------------
<unsigned> HP Remote Solution C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
<unsigned> QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> TeaTimer.exe C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

<verified> hpwuSchd Application C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
<verified> Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Adobe Reader and Acrobat Manager C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
<verified> HP Advisor C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
<verified> hpsysdrv Application C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
<verified> iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> MUI StartMenu Application C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe
<verified> Sony Ericsson PC Companion C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe
<verified> TomTom HOME C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
<verified> Windows Live Messenger C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe


Browser plugins
---------------
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.6 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll

<verified> 2007 Microsoft Office system C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
<verified> AOL IE Toolbar c:\program files (x86)\aol\aol toolbar 5.0\aoltb.dll
<verified> BitDefender QuickScan C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\uayjfxcg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\uayjfxcg.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<verified> Google Update C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll
<verified> KeyScrambler c:\program files (x86)\keyscrambler\keyscramblerie.dll
<verified> KeyScrambler C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\uayjfxcg.default\extensions\[email protected]\components\KeyScramblerIE.dll
<verified> KeyScrambler Setup C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\uayjfxcg.default\extensions\[email protected]\installer\setup.exe
<verified> Media Go Detector C:\Program Files (x86)\Sony\Media Go\npmediago.dll
<verified> Microsoft Office Live Plug-in for Firef C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
<verified> Microsoft® Windows Live ID c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll
<verified> Microsoft® Windows Live ID C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
<verified> Norton Confidential C:\Program Files (x86)\Norton 360\Engine\4.2.0.12\coieplg.dll
<verified> npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
<verified> sdhelper.dll c:\program files (x86)\spybot - search & destroy\sdhelper.dll
<verified> Symantec Intrusion Detection c:\program files (x86)\norton 360\engine\4.2.0.12\ipsbho.dll
<verified> Windows Live® Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
<verified> Windows® Internet Explorer C:\Windows\SysWOW64\ieframe.dll


Missing files
-------------
File not found: C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Easybits Recovery"
referenced in: 锧\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\"Easybits Recovery"

File not found: disabled
referenced in: HLKM\Software\MozillaPlugins\@microsoft.com/GENUINE\"Path"


Scan
----
<unsigned> MD5: 108333981c841eb0ff198aa5dfcf3d3b c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: fb116b71b57db81c33c4e0522c695adb C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CeeWrtier.dll
<unsigned> MD5: 0272b199b434cb15fcf821884e5153d7 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonInterfaces.dll
<unsigned> MD5: b6f8b660a02cf540dfd56d6496b81819 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\CommonUtility.dll
<unsigned> MD5: 8c972171a3aec39380ca74061d2675f7 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Content.dll
<unsigned> MD5: 0302f9e5c9a04ad8f1ad4f92c6b3eb92 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
<unsigned> MD5: 6373089570750d52ef80cae3ff1f5516 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
<unsigned> MD5: ac0cae25a086ccb3c7d2ccfe991631d9 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
<unsigned> MD5: dc98274f03d0fb4d25b7b4b1c9febdba C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
<unsigned> MD5: fc86971a5b92709d56447095c53dcaa6 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
<unsigned> MD5: ab3cb333e08766ba05f468c540188c0e C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.Logging.dll
<unsigned> MD5: f761dc16dd0086c5ffb889c2cb7824db C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECenter.dll
<unsigned> MD5: 35066007a1eb30180bdc020d0b677f88 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
<unsigned> MD5: 04a9086c1df3bb5272cb509d9c54ac1a C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
<unsigned> MD5: 0a7c1bc5ddb3ea975a33dd5fa9a5994e C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCHealthSecurity\PCHealthSecurityPillar.dll
<unsigned> MD5: 56dd8f069a5367dfc0bedefd0c94b120 C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
<unsigned> MD5: ec7bac2f868bed8ef3bf7ccd6baea6ff C:\Program Files (x86)\Hewlett-Packard\HP Advisor\SystemStatus.dll
<unsigned> MD5: 58c91cca61a948dc6e789c93c05a1d6f C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: 013f05784a4bd193c9cd1817acc31b6b C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 1235d69d18bd6d9f609d18d24cad1d0d C:\Program Files (x86)\Lexmark 3400 Series\customui.dll
<unsigned> MD5: aaab57f15a85d8558364313c3094a90c C:\Program Files (x86)\Lexmark 3400 Series\epfunct.dll
<unsigned> MD5: 878ddc3da79cb35d6fb2c7f9ca69c3cf C:\Program Files (x86)\Lexmark 3400 Series\epoemdll.dll
<unsigned> MD5: d762bbca97a2c4dea554c7b5932d6674 C:\Program Files (x86)\Lexmark 3400 Series\epstring.dll
<unsigned> MD5: 1c9201a4240a3e7dc0550e89fa121993 C:\Program Files (x86)\Lexmark 3400 Series\eputil.dll
<unsigned> MD5: 1be0673731b24086f6caff05116f2403 C:\Program Files (x86)\Lexmark 3400 Series\epwizard.dll
<unsigned> MD5: 2f0cf590ca6b2016fb3722c43add34d8 C:\Program Files (x86)\Lexmark 3400 Series\epwizres.dll
<unsigned> MD5: f832937debc8d11c07022bd3553b592c C:\Program Files (x86)\Lexmark 3400 Series\imagutil.dll
<unsigned> MD5: e835dbb797a6ab7562913dff7e292e68 C:\Program Files (x86)\Lexmark 3400 Series\iptk.dll
<unsigned> MD5: 71036317066b096e54c7e35d752ed257 C:\Program Files (x86)\Lexmark 3400 Series\ltdis13n.dll
<unsigned> MD5: 01f364a36f228ee8387e073a2f2f9ebe C:\Program Files (x86)\Lexmark 3400 Series\ltefx13n.dll
<unsigned> MD5: 69945a86c2eb4793c77fd6a4e22f99a5 C:\Program Files (x86)\Lexmark 3400 Series\ltfil13n.dll
<unsigned> MD5: 58f24fc7b0b8acc470b18be400ee8e40 C:\Program Files (x86)\Lexmark 3400 Series\ltimg13n.dll
<unsigned> MD5: 4f38da02009d830ca4770b28390c5f0b C:\Program Files (x86)\Lexmark 3400 Series\ltkrn13n.dll
<unsigned> MD5: ecb8f2840cc6f7087a72a8444a15b3ed C:\Program Files (x86)\Lexmark 3400 Series\ltwvc13n.dll
<unsigned> MD5: 697e895fd1091746bbf4ed7aec526248 C:\Program Files (x86)\Lexmark 3400 Series\lxcycfg.dll
<unsigned> MD5: 0fc44e7f191af59056b925dbd3c7c277 C:\Program Files (x86)\Lexmark 3400 Series\lxcycomc.dll
<unsigned> MD5: 790957f3a3eee725193caa9cea99d68a C:\Program Files (x86)\Lexmark 3400 Series\lxcydrec.dll
<unsigned> MD5: 63575291cc2baef18b0646ff9c6a18e4 C:\Program Files (x86)\Lexmark 3400 Series\lxcymonr.dll
<unsigned> MD5: 2af731d865d4d71d5d1ffa0b180e3bbc C:\Program Files (x86)\Lexmark 3400 Series\lxcyscw.dll
<unsigned> MD5: 3104a1723d9f49ceb8737523d60f809a C:\Program Files (x86)\Lexmark 3400 Series\lxcytsfw.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files (x86)\Lexmark 3400 Series\msvcr71.dll
<unsigned> MD5: c10d6a7784e12bf0be4799f675f614c2 C:\Program Files (x86)\Lexmark 3400 Series\pdflib.dll
<unsigned> MD5: 2cb7c019a1ab8ea3d281c9606d097331 c:\Program Files (x86)\Microsoft Silverlight\4.0.50524.0\npctrl.dll
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: e70d106ae988bb3720f9a1a08d42c234 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 1f458d01af8483ad4861e3a359c56d10 C:\Program Files (x86)\Mozilla Thunderbird\freebl3.dll
<unsigned> MD5: 3863f3c167def1f57add685736c1806a C:\Program Files (x86)\Mozilla Thunderbird\nssdbm3.dll
<unsigned> MD5: 60aa654a504a4f50ec5e706e7bbf6a83 C:\Program Files (x86)\Mozilla Thunderbird\softokn3.dll
<unsigned> MD5: 941fed148a6d6b8b36ffb222549e79c0 C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 7af704aab4539fd34549210e7f7d314c C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: a7429b936732f289351238e52acab521 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: c4eb57c25df9d57ce6b0fae3f9819b91 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: ed7a6d40b20dc34be06f4ae196ae7d50 C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> MD5: 25756ee53963359c00cfc34cc6fef2a3 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\BackupRestore.dll
<unsigned> MD5: 539af0dd58ac878b1d06b3d8ae542cfa C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\bvrpctln.dll
<unsigned> MD5: d20ade28b0d507b018db105304d34f0c C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\ClientWSDLL.dll
<unsigned> MD5: cf96d8422321fafc55b8a95faa46bb42 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\Device.dll
<unsigned> MD5: bb327355781d2cfc6ebc383a73176778 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\DownloadManager.dll
<unsigned> MD5: 6561d673c3a207ca4334e6f98f3eb175 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\MExplorer.dll
<unsigned> MD5: 89682f22bbb089f69685f4a9056bb3bc C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\NewUI.dll
<unsigned> MD5: 0a8fd1b8d821ccae4c6c593e1f4383d8 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\ObexKrnl.dll
<unsigned> MD5: 21a73d0958d07cc28e46757c55dd835a C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.dll
<unsigned> MD5: db7eb5030ca275880a1744e77ac01970 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe
<unsigned> MD5: d1d398ee76b7aa1bc2c4ec958ca313f0 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\PhoneUpdate.dll
<unsigned> MD5: dc51ab286076f0d1435f443a516a45de C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\Report.dll
<unsigned> MD5: 42faa8ad1633c9b444ba183e4966c8f2 C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\Statistics.dll
<unsigned> MD5: b9370923c8e65daa6df25de5c354384a C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\VObject.dll
<unsigned> MD5: 7deeea632f3b6a5fa09f77cff6634a0e C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Companion\WUNPACLN.dll
<unsigned> MD5: 390679f7a217a5e73d756276c40ae887 C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
<unsigned> MD5: 2448e6f9f8d9b775ca5b20a5f40993a2 C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
<unsigned> MD5: b1b4d14cefa7d1c0e1fd1b4ecb5ddce2 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
<unsigned> MD5: bc6f72f792ba553557a617b9911faa81 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\e7b5050c2c315562d740c4b9535cf5ce\PresentationCore.ni.dll
<unsigned> MD5: fdc33f00ddeab6235a24b60465783df2 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7114c629020f6bba198a954e4794c979\PresentationFramework.ni.dll
<unsigned> MD5: 9ce44f6c0b398aee6b32145cbb136dd4 C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ea9930bda41258af0220c9c7e4e6f4fd\PresentationFramework.Aero.ni.dll
<unsigned> MD5: 2073df621dead8c5aa2c16af07d01bed C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\aadfdc0e7d9181a98d667a52c3c35601\System.Configuration.ni.dll
<unsigned> MD5: 3c27504b5ce5e09e7bd9a47fcd215c39 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll
<unsigned> MD5: e5fc214de61ac769cdc8fa6a61c7578d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
<unsigned> MD5: 54dfb969c871ecaaee3a2794edfd6f7b C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll
<unsigned> MD5: d3e94342eedebf9b61f3ca1254598ec4 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
<unsigned> MD5: 6b285819c2d8648837743b57fd449939 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
<unsigned> MD5: 61b193f8e187bada79d8330e3de35d29 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
<unsigned> MD5: 572ab5b01fc2941ef32585061c1ba91e C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dca322ae03db6422ff99b125d1bdb941\UIAutomationTypes.ni.dll
<unsigned> MD5: 59e6efd14c4af4d9f7c0d0c94fe157a9 C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9d9eb1ef43c092551bba1e45cd29b069\WindowsBase.ni.dll
<unsigned> MD5: 1d225a72413f32b5db69e94fb574d929 C:\Windows\System32\ezsvc7.dll
<unsigned> MD5: 7b93c623333f121dc9e689ccb1b7a733 C:\Windows\SysWOW64\MFC71u.dll
<unsigned> MD5: 561fa2abb31dfa8fab762145f81667c2 C:\Windows\SysWOW64\msvcp71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Windows\SysWOW64\msvcr71.dll


No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.08 MB sent, 1.86 KB recvd
Scanned 791 files and modules - 31 seconds

==============================================================================
  • 0

#6
RKinner
Posted 29 June 2010 - 06:20 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I'm not seeing any infections. Next time RAM usage shoots up run Process Explorer and click on Working Set to sort things by the biggest RAM users. Good idea to do it now while things are working and save it so you have a baseline.

Ron
  • 0

#7
grotesque666
Posted 30 June 2010 - 10:25 AM

grotesque666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanks for your help, the overall level of useage has come down massively now.

I have saved a Process Explorer Log as suggested so I can use it for comparison puposes in the future if thinngs change and hopefully will be able to track down exactly what is running myself.

Again, thanks.

Edited by grotesque666, 30 June 2010 - 10:26 AM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP