Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

ZoomEx virus via PrivatizeVPN [Solved]

Started by coljay00 , Feb 10 2013 07:36 AM

  • This topic is locked This topic is locked

#1
coljay00
Posted 10 February 2013 - 07:36 AM

coljay00

    Member

  • Member
  • PipPip
  • 11 posts
About 10 days ago I downloaded PrivatizeVPN to try it out. Since then my computer has been almost useless. Simple Windows Explorer commands take forever. Mostly though they will executed eventually after a long period of time. Researching my problem, I found the link between ZoomEz and PrivatizeVPN. I would find numerous ZoomEx processes in my Windows Task Manager. Now, I have found that if I reboot, without a wireless connection or any other internet connection, and then immediately go to WTM and delete the first ZoomEx process, this seems to prevent additional ZoomEx processes from piling up. And, it makes my laptop sufficiently functional to be able to make this post. TIA for your help! Here is my log from OTL:

OTL logfile created on: 2/9/2013 9:12:24 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.97 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 56.43% Memory free
8.67 Gb Paging File | 7.46 Gb Available in Paging File | 86.08% Paging File free
Paging file location(s): C:\pagefile.sys 6000 8000 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 464.19 Gb Total Space | 107.43 Gb Free Space | 23.14% Space Free | Partition Type: NTFS
Drive D: | 1.57 Gb Total Space | 1.54 Gb Free Space | 98.34% Space Free | Partition Type: FAT32
Drive F: | 1397.23 Gb Total Space | 1339.13 Gb Free Space | 95.84% Space Free | Partition Type: NTFS

Computer Name: COLINWS | User Name: Colin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/02/09 21:11:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\Downloads\OTL.exe
PRC - [2013/02/01 22:40:12 | 000,079,384 | ---- | M] (Google) -- C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2013/01/18 19:38:55 | 000,917,400 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/12/12 17:53:02 | 000,060,528 | ---- | M] (SparkLabs) -- C:\Program Files\WiTopia\WiTopiaService.exe
PRC - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe
PRC - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
PRC - [2012/03/26 10:59:14 | 000,152,576 | ---- | M] (CrashPlan) -- C:\Program Files\CrashPlan\CrashPlanService.exe
PRC - [2012/03/26 10:58:47 | 000,217,088 | ---- | M] (Code 42 Software, Inc.) -- C:\Program Files\CrashPlan\CrashPlanTray.exe
PRC - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe
PRC - [2011/12/16 13:21:10 | 001,687,968 | R--- | M] (Western Digital) -- C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe
PRC - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
PRC - [2011/12/15 09:25:28 | 003,998,616 | R--- | M] (Western Digital Technologies, Inc.) -- C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
PRC - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
PRC - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
PRC - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) -- C:\Program Files\TightVNC\tvnserver.exe
PRC - [2010/02/09 16:15:26 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\ChgService.exe
PRC - [2009/04/02 14:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
PRC - [2009/04/02 14:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
PRC - [2009/03/27 06:47:56 | 000,027,184 | ---- | M] () -- C:\WINDOWS\snuvcdsm.exe
PRC - [2008/12/11 09:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/07/11 15:49:40 | 000,256,512 | ---- | M] (SafeBoot International) -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
PRC - [2008/07/08 19:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe
PRC - [2008/06/20 09:37:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2008/06/20 09:37:24 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2008/06/18 06:10:02 | 000,065,808 | ---- | M] (Bioscrypt Inc.) -- c:\Program Files\Hewlett-Packard\IAM\Bin\asghost.exe
PRC - [2008/06/12 13:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) -- c:\Program Files\Fingerprint Sensor\AtService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/03/18 09:27:12 | 000,013,312 | ---- | M] (Agere Systems) -- C:\WINDOWS\system32\agrsmsvc.exe
PRC - [2008/02/02 02:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe
PRC - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe
PRC - [2007/05/15 17:08:38 | 000,095,024 | ---- | M] (ActivIdentity) -- c:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2007/05/15 17:08:08 | 000,293,168 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2006/01/06 13:07:25 | 000,188,416 | ---- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe


========== Modules (No Company Name) ==========

MOD - [2013/01/24 05:58:04 | 001,046,528 | ---- | M] () -- c:\Program Files\ZoomEx\sprotector.dll
MOD - [2013/01/18 19:38:55 | 003,022,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2013/01/10 01:32:22 | 001,218,560 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Management\51a269b672f2226acfedb5d35843a5c9\System.Management.ni.dll
MOD - [2013/01/10 01:31:01 | 000,148,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuratio#\5b41361ff2b03e15dde4b7c35e82c922\System.Configuration.Install.ni.dll
MOD - [2013/01/10 01:30:58 | 000,221,696 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\0cefa2c17df1d033e69ed47b0b660ce5\System.ServiceProcess.ni.dll
MOD - [2013/01/10 01:29:48 | 000,786,944 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fa85c20ed3068cb8eac3c3e27be91dd6\System.EnterpriseServices.ni.dll
MOD - [2013/01/10 01:29:48 | 000,236,032 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\fa85c20ed3068cb8eac3c3e27be91dd6\System.EnterpriseServices.Wrapper.dll
MOD - [2013/01/10 01:29:44 | 000,646,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\04ec78afa0ff1951d16343e81b1228c6\System.Transactions.ni.dll
MOD - [2013/01/10 01:29:17 | 000,011,776 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Microsoft.VisualC\1ad499733a6435ae1cc80d1e629ba561\Microsoft.VisualC.ni.dll
MOD - [2013/01/10 01:25:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f43e890d874ef521aba51f76f64cd97b\System.ServiceProcess.ni.dll
MOD - [2013/01/10 01:24:54 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\1a6f9e23985e3159e6dd9827fd81c2fd\System.Management.ni.dll
MOD - [2013/01/10 00:16:41 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\fe025743210c22bea2f009e1612c38bf\System.Xml.ni.dll
MOD - [2013/01/10 00:12:47 | 007,977,984 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\aeac298c43c77d8860db8e7634d9f2eb\System.ni.dll
MOD - [2013/01/10 00:12:25 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\eab2340ead8e1a84bdf1a87868659979\mscorlib.ni.dll
MOD - [2013/01/10 00:07:43 | 002,048,000 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2013/01/10 00:07:42 | 003,194,880 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2013/01/10 00:07:22 | 000,303,104 | ---- | M] () -- C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2013/01/09 23:26:54 | 000,980,480 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\947b4fe468a1a03516ee26d9b3f4240a\System.Configuration.ni.dll
MOD - [2013/01/09 23:26:51 | 005,618,176 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\a23c39d504467a0024e5f20c0f962f3f\System.Xml.ni.dll
MOD - [2013/01/09 23:26:45 | 006,797,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b450b06bded23f58b932084e2674baa9\System.Data.ni.dll
MOD - [2013/01/09 23:26:44 | 013,198,848 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\d47efad9d2f7f45b45204ae07079a94c\System.Windows.Forms.ni.dll
MOD - [2013/01/09 23:26:38 | 007,053,824 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\e773b94cc3f3fc25509904acb76cfe08\System.Core.ni.dll
MOD - [2013/01/09 23:26:34 | 001,667,584 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\307bb964c6b7dbc20676e8905ec99df9\System.Drawing.ni.dll
MOD - [2013/01/09 23:26:28 | 009,094,656 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\5f79b00e1aaeafcc07907aa61fd3599e\System.ni.dll
MOD - [2013/01/09 23:26:23 | 000,145,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\221d903193177a76f68965e8ffb8cbb4\System.Numerics.ni.dll
MOD - [2013/01/09 23:26:20 | 014,416,896 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\6a1ccc1e1a79ce267d3d1808af382cd6\mscorlib.ni.dll
MOD - [2013/01/08 22:45:50 | 014,586,888 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll
MOD - [2012/11/08 19:11:06 | 000,166,400 | ---- | M] () -- C:\Program Files\CrashPlan\cpnative.dll
MOD - [2012/03/26 10:58:51 | 000,013,312 | ---- | M] () -- C:\Program Files\CrashPlan\md5.dll
MOD - [2011/12/15 09:25:24 | 000,070,040 | R--- | M] () -- C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
MOD - [2011/11/03 09:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/11/04 08:51:44 | 000,555,624 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nvShell.dll
MOD - [2010/11/04 08:51:42 | 002,502,248 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nView\nView.dll
MOD - [2010/11/02 07:33:58 | 000,886,272 | R--- | M] () -- C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
MOD - [2010/02/09 16:15:26 | 000,135,168 | ---- | M] () -- C:\WINDOWS\system32\ChgService.exe
MOD - [2009/04/02 14:47:04 | 000,234,888 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
MOD - [2009/04/02 14:47:02 | 000,464,264 | ---- | M] () -- C:\Program Files\AskBarDis\bar\bin\AskService.exe
MOD - [2009/03/27 06:47:56 | 000,027,184 | ---- | M] () -- C:\WINDOWS\snuvcdsm.exe
MOD - [2008/12/11 09:08:52 | 003,575,808 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
MOD - [2008/04/13 18:12:03 | 000,562,176 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2008/04/13 18:12:03 | 000,192,512 | ---- | M] () -- C:\WINDOWS\system32\qcap.dll
MOD - [2008/04/13 18:11:59 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 18:11:51 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll


========== Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2013/02/09 21:09:24 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/18 19:38:55 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/12/12 17:53:02 | 000,060,528 | ---- | M] (SparkLabs) [Auto | Running] -- C:\Program Files\WiTopia\WiTopiaService.exe -- (WiTopiaService)
SRV - [2012/06/15 20:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe -- (N360)
SRV - [2012/05/04 19:29:46 | 000,161,664 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/04/21 16:16:06 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2012/03/26 10:59:14 | 000,152,576 | ---- | M] (CrashPlan) [Auto | Running] -- C:\Program Files\CrashPlan\CrashPlanService.exe -- (CrashPlanService)
SRV - [2011/12/16 13:21:12 | 000,246,688 | R--- | M] (Western Digital) [Auto | Running] -- C:\Program Files\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2011/12/15 09:25:30 | 001,091,992 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011/12/15 09:25:28 | 001,591,176 | R--- | M] (Western Digital ) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011/12/15 09:25:26 | 000,265,624 | R--- | M] (WDC) [Auto | Running] -- C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011/06/08 11:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/07/08 07:28:56 | 000,815,704 | ---- | M] (GlavSoft LLC.) [Auto | Running] -- C:\Program Files\TightVNC\tvnserver.exe -- (tvnserver)
SRV - [2010/06/21 10:00:24 | 000,037,888 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\personalVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2010/02/09 16:15:26 | 000,135,168 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009/04/02 14:47:04 | 000,234,888 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe -- (ASKUpgrade)
SRV - [2009/04/02 14:47:02 | 000,464,264 | ---- | M] () [Auto | Running] -- C:\Program Files\AskBarDis\bar\bin\AskService.exe -- (ASKService)
SRV - [2008/12/11 09:08:52 | 003,575,808 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/07/11 15:49:40 | 000,256,512 | ---- | M] (SafeBoot International) [Auto | Running] -- c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe -- (HpFkCryptService)
SRV - [2008/07/08 19:18:32 | 000,019,968 | ---- | M] (Hewlett-Packard Development Company, L.P) [Auto | Running] -- c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe -- (HP ProtectTools Service)
SRV - [2008/06/20 09:37:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008/06/18 06:05:28 | 000,126,736 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll -- (ASBroker)
SRV - [2008/06/18 06:05:24 | 000,137,488 | ---- | M] (Bioscrypt Inc.) [Auto | Running] -- c:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll -- (ASChannel)
SRV - [2008/06/12 13:21:06 | 001,164,536 | ---- | M] (AuthenTec, Inc.) [Auto | Running] -- c:\Program Files\Fingerprint Sensor\AtService.exe -- (ATService)
SRV - [2008/03/18 09:27:12 | 000,013,312 | ---- | M] (Agere Systems) [Auto | Running] -- C:\WINDOWS\system32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2008/02/02 02:20:34 | 000,144,672 | ---- | M] (Nuance Communications, Inc.) [Auto | Running] -- C:\Program Files\Nuance\PDF Professional 5\PDFProFiltSrv.exe -- (PDFProFiltSrv)
SRV - [2007/05/15 17:08:40 | 000,182,576 | ---- | M] (ActivIdentity) [Auto | Running] -- c:\Program Files\ActivIdentity\ActivClient\accoca.exe -- (accoca)
SRV - [2006/01/06 13:07:26 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hphipm11.exe -- (Pml Driver HPH11)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\dwm3gmdm.sys -- (dwm3gmdm)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\N360\0308000.029\ccHPx86.sys -- (ccHP)
DRV - [2013/02/01 21:22:35 | 000,097,440 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SMR311.SYS -- (SMR311)
DRV - [2013/01/16 06:36:26 | 001,603,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130207.025\NAVEX15.SYS -- (NAVEX15)
DRV - [2013/01/16 06:36:26 | 000,093,296 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\VirusDefs\20130207.025\NAVENG.SYS -- (NAVENG)
DRV - [2013/01/15 20:51:12 | 000,997,464 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130116.013\BHDrvx86.sys -- (BHDrvx86)
DRV - [2012/12/12 17:53:14 | 000,033,760 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\visctap0901.sys -- (visctap0901)
DRV - [2012/10/22 17:29:53 | 000,039,048 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2012/10/22 17:29:38 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2012/10/22 17:29:38 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2012/10/04 01:30:11 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/09/26 20:57:12 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2012/09/06 04:54:30 | 000,373,728 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130208.004\IDSXpx86.sys -- (IDSxpx86)
DRV - [2012/08/24 09:09:17 | 000,141,944 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS -- (SymEvent)
DRV - [2012/08/08 20:47:38 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/05 20:17:57 | 000,574,112 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtsp.sys -- (SRTSP)
DRV - [2012/07/05 20:17:57 | 000,032,928 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\srtspx.sys -- (SRTSPX)
DRV - [2012/06/06 22:43:43 | 000,132,768 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ccsetx86.sys -- (ccSet_N360)
DRV - [2012/05/21 19:37:12 | 000,924,320 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symefa.sys -- (SymEFA)
DRV - [2012/04/17 20:13:32 | 000,388,216 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symtdi.sys -- (SYMTDI)
DRV - [2012/04/17 20:13:31 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIMMP)
DRV - [2012/04/17 20:13:31 | 000,044,024 | R--- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SymIM.sys -- (SymIM)
DRV - [2012/04/17 20:13:22 | 000,340,088 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\symds.sys -- (SymDS)
DRV - [2012/04/17 19:42:14 | 000,149,624 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\N360\0604010.00E\ironx86.sys -- (SymIRON)
DRV - [2011/05/18 08:12:38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 08:12:36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 08:12:32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 08:12:28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/05/18 08:09:48 | 000,137,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2011/05/18 08:09:48 | 000,008,576 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2011/01/06 20:27:02 | 000,025,144 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/01/06 20:26:52 | 000,032,440 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/09/01 09:30:16 | 004,221,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2010/06/30 02:27:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2010/06/21 10:02:26 | 000,024,960 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tap0901.sys -- (tap0901)
DRV - [2010/02/25 00:02:56 | 000,014,904 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)
DRV - [2009/12/17 11:22:52 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2009/10/20 18:47:46 | 000,113,280 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009/10/12 15:21:54 | 000,100,736 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbdev.sys -- (hwusbdev)
DRV - [2009/09/10 14:55:52 | 000,102,528 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009/03/27 06:48:22 | 001,810,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2009/03/26 21:33:56 | 000,239,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2009/01/03 01:40:12 | 000,039,304 | ---- | M] (IVT Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btcusb.sys -- (Btcsrusb)
DRV - [2008/11/21 21:53:40 | 001,204,128 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/08/26 08:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/07/11 15:50:26 | 000,051,376 | ---- | M] (SafeBoot N.V.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SbAlg.sys -- (SbAlg)
DRV - [2008/07/11 15:50:22 | 000,012,928 | ---- | M] (SafeBoot International) [File_System | Boot | Running] -- C:\WINDOWS\System32\drivers\SbFsLock.sys -- (SbFsLock)
DRV - [2008/07/11 15:50:20 | 000,012,496 | ---- | M] (SafeBoot International) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\rsvlock.sys -- (RsvLock)
DRV - [2008/07/11 15:50:18 | 000,109,184 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\SafeBoot.sys -- (SafeBoot)
DRV - [2008/06/24 09:55:12 | 000,047,104 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2008/06/12 15:40:50 | 000,477,696 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2008/05/14 02:08:16 | 000,074,688 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2008/05/14 02:08:14 | 000,879,624 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2008/05/14 02:08:14 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2008/05/08 08:02:52 | 000,203,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rmcast.sys -- (RMCAST)
DRV - [2008/05/06 16:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/04/13 12:39:44 | 000,092,544 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mqac.sys -- (MQAC)
DRV - [2008/03/28 15:14:02 | 000,024,064 | ---- | M] (Sonic Focus, Inc) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\sfaudio.sys -- (SFAUDIO)
DRV - [2007/07/30 05:54:02 | 000,038,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2007/07/30 04:42:58 | 000,043,008 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2007/06/18 18:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/04/04 13:16:20 | 000,041,216 | ---- | M] (Infineon Technologies AG) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ifxtpm.sys -- (IFXTPM)
DRV - [2006/12/19 19:08:00 | 000,047,616 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rismc32.sys -- (rismc32)
DRV - [2006/11/02 07:00:08 | 000,039,368 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\winusb.sys -- (WinUSB)
DRV - [2006/01/06 13:07:27 | 000,050,276 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphs2k11.sys -- (Dot4Storage HPH11)
DRV - [2006/01/06 13:07:27 | 000,018,928 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphius11.sys -- (Dot4Usb HPH11)
DRV - [2006/01/06 13:07:27 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphipr11.sys -- (Dot4Print HPH11)
DRV - [2006/01/06 13:07:26 | 000,050,896 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hphid411.sys -- (Dot4 HPH11)
DRV - [2001/08/17 13:10:28 | 000,035,913 | ---- | M] (SMC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...bd-00216a5bec7a
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...07&gct=&gc=1&q=
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{34A4B5D6-2538-45F9-9FA3-1F9040D274A8}: "URL" = http://slirsredirect...hpcmnbie7-en-us
IE - HKLM\..\SearchScopes\{9965BE24-3E2C-01FB-F8AB-B5B30973B7E7}: "URL" = ${SEARCH_URL}{searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://searchab.com/...bd-00216a5bec7a
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://vshare.toolbarhome.com/?hp=df
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
IE - HKCU\..\URLSearchHook: {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {9965BE24-3E2C-01FB-F8AB-B5B30973B7E7}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0DE763AC-9EB3-48C5-9971-B01466147AB0}: "URL" = http://www.skip-sear...eferrer:source}
IE - HKCU\..\SearchScopes\{9965BE24-3E2C-01FB-F8AB-B5B30973B7E7}: "URL" = http://searchab.com/...q={searchTerms}
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...il&geo=US&ver=5
IE - HKCU\..\SearchScopes\{C5902679-D24A-4BC0-AAA1-277D3173D04B}: "URL" = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.defaultthis.engineName: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.condui...={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://accounts.goo...//twitter.com/"
FF - prefs.js..extensions.enabledAddons: [email protected]:1.0
FF - prefs.js..extensions.enabledAddons: [email protected]:0.22
FF - prefs.js..extensions.enabledAddons: {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.11.0
FF - prefs.js..extensions.enabledAddons: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.2.1
FF - prefs.js..extensions.enabledAddons: {ba14329e-9550-4989-b3f2-9732e92d17cc}:3.15.1.0
FF - prefs.js..extensions.enabledAddons: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.10
FF - prefs.js..extensions.enabledAddons: [email protected]:2.2.1.829
FF - prefs.js..extensions.enabledAddons: [email protected]:0.85.36
FF - prefs.js..extensions.enabledAddons: {64161300-e22b-11db-8314-0800200c9a66}:0.9.6.10
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:1.4
FF - prefs.js..extensions.enabledAddons: SkipScreen@SkipScreen:0.7.0
FF - prefs.js..extensions.enabledAddons: [email protected]:2.4.7.4
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.5.9
FF - prefs.js..extensions.enabledAddons: [email protected]:3.0.3
FF - prefs.js..extensions.enabledAddons: {5C46D283-ABDE-4dce-B83C-08881401921C}:2.1.7.1
FF - prefs.js..extensions.enabledAddons: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:11.1.1.5 - 2
FF - prefs.js..extensions.enabledAddons: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:2012.5.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.0.9.9
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ba14329e-9550-4989-b3f2-9732e92d17cc}:2.7.2.0
FF - prefs.js..extensions.enabledItems: repagination@fremea:2010.4.11
FF - prefs.js..extensions.enabledItems: {ad48108d-92a6-4eb9-87e4-978aca1dbae4}:1.1.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.7.0.788
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: [email protected]:1.7
FF - prefs.js..extensions.enabledItems: SkipScreen@SkipScreen:0.5.23s
FF - prefs.js..extensions.enabledItems: {4be68a18-deba-49e0-9e09-ee7796f3b62a}:2.1.1.1
FF - prefs.js..extensions.enabledItems: {902D2C4A-457A-4EF9-AD43-7014562929FF}:0.4.6
FF - prefs.js..extensions.enabledItems: {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}:2.0.6
FF - prefs.js..extensions.enabledItems: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}:2.7.1
FF - prefs.js..extensions.enabledItems: {1A2D0EC4-75F5-4c91-89C4-3656F6E44B68}:0.4.6
FF - prefs.js..extensions.enabledItems: {15a82062-5139-4855-9706-130a8a4be80c}:1.0.2
FF - prefs.js..extensions.enabledItems: {15e67a59-bd3d-49ae-90dd-b3d3fd14c2ed}:1.0.4
FF - prefs.js..extensions.enabledItems: [email protected]:0.79
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe80}:0.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: [email protected]:2.5.2
FF - prefs.js..extensions.enabledItems: {cf47767d-5f3a-4e32-9fce-5d79565c9702}:1.1.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.2
FF - prefs.js..extensions.enabledItems: {45e16761-660c-41a4-984f-56986fba2137}:1.0
FF - prefs.js..extensions.enabledItems: {1a0c9ebe-ddf9-4b76-b8a3-675c77874d37}:3.0
FF - prefs.js..extensions.enabledItems: [email protected]:2.1
FF - prefs.js..extensions.enabledItems: [email protected]:0.6
FF - prefs.js..extensions.enabledItems: [email protected]:2.3.0
FF - prefs.js..keyword.URL: "http://search.condui...rchSource=2&q="
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@citrixonline.com/appdetectorplugin: C:\Documents and Settings\Colin\Local Settings\Application Data\Citrix\Plugins\92\npappdetector.dll (Citrix Online)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Documents and Settings\Colin\Local Settings\Application Data\Facebook\Video\Skype\npFacebookVideoCalling.dll File not found
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Colin\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Colin\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\IPSFFPlgn\ [2012/08/24 09:15:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\coFFPlgn\ [2013/02/09 17:11:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/01/18 19:38:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/02/07 07:24:40 | 000,000,000 | ---D | M]

[2012/11/01 22:34:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Extensions
[2012/11/01 22:22:12 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions
[2012/11/01 22:22:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{ba14329e-9550-4989-b3f2-9732e92d17cc}
[2013/02/01 22:49:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions
[2013/01/26 13:23:11 | 000,000,000 | ---D | M] (Zoomex) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2012/12/06 13:05:33 | 000,000,000 | ---D | M] (DoNotTrackMe) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/01/18 06:22:07 | 000,000,000 | ---D | M] (Diccionario en Español para Venezuela) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/01/20 15:52:04 | 000,000,000 | ---D | M] (HTTPS-Everywhere) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/01/25 08:27:46 | 000,000,000 | ---D | M] (MaskMe) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2012/10/20 09:33:30 | 000,375,322 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\[email protected]
[2012/10/18 18:16:35 | 000,071,037 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\[email protected]
[2012/11/01 13:36:56 | 000,372,140 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{5C46D283-ABDE-4dce-B83C-08881401921C}.xpi
[2012/10/09 20:34:56 | 000,281,285 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
[2012/10/26 18:14:11 | 000,530,068 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012/01/11 07:24:08 | 000,292,116 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{ad48108d-92a6-4eb9-87e4-978aca1dbae4}.xpi
[2012/07/25 14:26:25 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011/10/31 19:18:12 | 000,434,392 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/10/12 15:52:12 | 000,252,340 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013/02/01 22:49:28 | 000,130,828 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2012/11/28 22:41:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/01/16 11:53:06 | 000,389,447 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/02/01 22:49:28 | 001,088,849 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
[2013/01/31 13:19:04 | 000,533,536 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013/02/01 21:16:29 | 000,817,973 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/12/05 09:11:56 | 000,007,919 | ---- | M] () (No name found) -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]\chrome\content\ff\view_expiry.js
[2012/11/01 22:23:44 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\searchplugins\safesearch.xml
[2013/01/18 19:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/01/23 22:14:30 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/09 21:12:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\updated\extensions
[2013/02/09 21:12:39 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files\Mozilla Firefox\updated\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/02/09 21:12:44 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\updated\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/01/18 19:38:55 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/10/13 04:16:18 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/10/13 04:16:18 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage:
CHR - Extension: No name found = C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0\
CHR - Extension: No name found = C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.14.250.13_0\
CHR - Extension: No name found = C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\peaefoopkjmglhncadbjopnnolahchka\1.0_0\
CHR - Extension: No name found = C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/10/02 20:22:03 | 000,444,491 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 activate.adobe.com # Acrobat Pro 9.3 crack instruction
O1 - Hosts: 127.0.0.1 practivate.adobe.com # Acrobat Pro 9.3 crack instruction
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 15265 more lines...
O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O2 - BHO: (ZeonIEEventHelper Class) - {DA986D7D-CCAF-47B2-84FE-BFA1549BEBF9} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Credential Manager for HP ProtectTools) - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - c:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll (Bioscrypt Inc.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Vuze Remote Toolbar) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Nuance PDF) - {E3286BF1-E654-42FF-B4A6-5E111731DF6B} - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360 Premier Edition\Engine\6.4.1.14\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Vuze Remote Toolbar) - {BA14329E-9550-4989-B3F2-9732E92D17CC} - C:\Program Files\Vuze_Remote\prxtbVuz0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [accrdsub] c:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [CognizanceTS] c:\Program Files\Hewlett-Packard\IAM\Bin\ASTSVCC.dll (Bioscrypt Inc.)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [MsmqIntCert] C:\WINDOWS\System32\mqrt.dll (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install File not found
O4 - HKLM..\Run: [PTHOSTTR] c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE (Hewlett-Packard Development Company, L.P.)
O4 - HKLM..\Run: [snuvcdsm] C:\WINDOWS\snuvcdsm.exe ()
O4 - HKLM..\Run: [WD Drive Unlocker] C:\Program Files\Western Digital\WD Apps\WDDriveAutoUnlock.exe (Western Digital)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKCU..\Run: [Facebook Update] "C:\Documents and Settings\Colin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver File not found
O4 - HKCU..\Run: [ManicTime] C:\Program Files\ManicTime\ManicTime.exe /minimized /name: File not found
O4 - HKCU..\Run: [Uniblue RegistryBooster 2009] C:\Program Files\Uniblue\RegistryBooster\RegistryBooster.exe /S File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk = C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &AOL Toolbar Search - C:\Documents and Settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append the content of the link to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append the content of the selected links to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Append to existing PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF file from the content of the link - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: Create PDF files from the selected links - C:\Program Files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll (Zeon Corporation)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Open with Nuance PDF Converter 5.0 - C:\Program Files\Nuance\PDF Professional 5\cnvres_eng.dll ()
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51BCC468-189F-4E91-BD9E-0602145486D7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton 360 Premier Edition\Engine\3.8.0.41\coIEPlg.dll File not found
O20 - AppInit_DLLs: (apshook.dll) - C:\WINDOWS\System32\APSHook.dll (Bioscrypt Inc.)
O20 - AppInit_DLLs: (c:\progra~1\zoomex\sprotector.dll) - c:\Program Files\ZoomEx\sprotector.dll ()
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ackpbsc: DllName - (c:\WINDOWS\system32\ackpbsc.dll) - C:\WINDOWS\system32\ackpbsc.dll (ActivIdentity)
O20 - Winlogon\Notify\acunlock: DllName - (c:\Program Files\ActivIdentity\ActivClient\acunlock.dll) - c:\Program Files\ActivIdentity\ActivClient\acunlock.dll (ActivIdentity)
O20 - Winlogon\Notify\OneCard: DllName - (c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll) - c:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll (Bioscrypt Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\HP Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\HP Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/04/21 15:16:32 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O33 - MountPoints2\{143632f4-5038-11e1-8afa-00216a5bec7a}\Shell - "" = AutoRun
O33 - MountPoints2\{143632f4-5038-11e1-8afa-00216a5bec7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{143632f4-5038-11e1-8afa-00216a5bec7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{239cab92-8567-11df-ba92-00216a5bec7a}\Shell - "" = AutoRun
O33 - MountPoints2\{239cab92-8567-11df-ba92-00216a5bec7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{239cab95-8567-11df-ba92-00216a5bec7a}\Shell - "" = AutoRun
O33 - MountPoints2\{239cab95-8567-11df-ba92-00216a5bec7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{239cab95-8567-11df-ba92-00216a5bec7a}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{239caba9-8567-11df-ba92-00216a5bec7a}\Shell - "" = AutoRun
O33 - MountPoints2\{239caba9-8567-11df-ba92-00216a5bec7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{239caba9-8567-11df-ba92-00216a5bec7a}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{3d7aea39-e7c9-11df-bac2-f0ef628e4734}\Shell - "" = AutoRun
O33 - MountPoints2\{3d7aea39-e7c9-11df-bac2-f0ef628e4734}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3d7aea39-e7c9-11df-bac2-f0ef628e4734}\Shell\AutoRun\command - "" = F:\.\ShowModem.exe
O33 - MountPoints2\{424da702-8b2d-11e1-8b43-00216a5bec7a}\Shell - "" = AutoRun
O33 - MountPoints2\{424da702-8b2d-11e1-8b43-00216a5bec7a}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{424da702-8b2d-11e1-8b43-00216a5bec7a}\Shell\AutoRun\command - "" = F:\launcher.exe
O33 - MountPoints2\{6138be36-fdbf-11df-bacc-0025b3662948}\Shell - "" = AutoRun
O33 - MountPoints2\{6138be36-fdbf-11df-bacc-0025b3662948}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{6138be36-fdbf-11df-bacc-0025b3662948}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{9355ca90-401c-11e0-bafb-00216a5bec7a}\Shell\AutoRun\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{9355ca90-401c-11e0-bafb-00216a5bec7a}\Shell\Setup FlipShare\command - "" = F:\Setup_FlipShare.exe
O33 - MountPoints2\{94ada94f-e950-11df-bac3-0025b3662948}\Shell\AutoRun\command - "" = H:\setup.exe
O33 - MountPoints2\{94ada952-e950-11df-bac3-0025b3662948}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{dcb40d58-fd8e-11df-bac8-0025b3662948}\Shell - "" = AutoRun
O33 - MountPoints2\{dcb40d58-fd8e-11df-bac8-0025b3662948}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dcb40d58-fd8e-11df-bac8-0025b3662948}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/02/09 10:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Western_Digital
[2013/02/09 10:46:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Downloads
[2013/02/09 10:45:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2013/02/09 10:45:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Western Digital
[2013/02/09 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013/02/09 10:44:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Western Digital
[2013/02/09 10:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Western Digital
[2013/02/02 00:44:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoLAN
[2013/02/01 21:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SMR311
[2013/02/01 21:22:35 | 000,097,440 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013/02/01 21:22:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\NPE
[2013/01/29 15:05:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Local Settings\Application Data\Citrix
[2013/01/26 13:22:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ClickIT
[2013/01/26 13:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\ZoomEx
[2013/01/26 13:21:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Zoomex
[2013/01/25 22:49:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\CrashDump
[2013/01/22 20:31:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\2010_Queen of the Sun -
[2013/01/22 20:31:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\2012_Beasts Of The Southern Wild -
[2013/01/18 19:38:50 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/01/17 19:19:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\SolKwan_2012
[2013/01/17 19:17:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Colin\Desktop\Adriana's_130116
[4 C:\Documents and Settings\Colin\Desktop\*.tmp files -> C:\Documents and Settings\Colin\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\*.tmp files -> C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/02/09 22:09:49 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/02/09 22:04:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/02/09 21:59:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005UA.job
[2013/02/09 19:21:00 | 000,000,998 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005UA.job
[2013/02/09 19:21:00 | 000,000,976 | ---- | M] () -- C:\WINDOWS\tasks\FacebookUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005Core.job
[2013/02/09 17:21:02 | 000,491,153 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2013/02/09 17:09:26 | 000,000,514 | -H-- | M] () -- C:\WINDOWS\tasks\ZoomExUpdaterTask{9ADE6478-F570-41C2-9245-35459316C022}.job
[2013/02/09 17:08:55 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/02/09 17:08:22 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/02/09 17:08:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/02/09 17:08:05 | 3183,751,168 | -HS- | M] () -- C:\hiberfil.sys
[2013/02/09 17:05:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/09 13:59:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005Core.job
[2013/02/09 10:46:13 | 000,000,923 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WD SmartWare.lnk
[2013/02/09 10:45:25 | 000,000,904 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WD Security.lnk
[2013/02/09 10:45:11 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WD Drive Utilities.lnk
[2013/02/08 12:39:56 | 000,491,153 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2013/02/07 08:05:38 | 000,001,634 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2013/02/06 11:20:24 | 000,002,004 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK
[2013/02/06 11:18:51 | 000,719,647 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\Cat.DB
[2013/02/06 11:18:30 | 000,014,818 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\VT20130115.021
[2013/02/06 10:41:32 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Word 2003.lnk
[2013/02/04 07:50:13 | 000,002,513 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Excel 2003.lnk
[2013/02/02 12:12:06 | 000,040,707 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Explain This [bleep].jpg
[2013/02/02 00:44:59 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/02/02 00:37:18 | 000,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\N360\0604010.00E\isolate.ini
[2013/02/01 21:25:40 | 000,000,220 | RHS- | M] () -- C:\boot.ini
[2013/02/01 21:22:35 | 000,097,440 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SMR311.SYS
[2013/01/31 07:05:17 | 000,002,304 | ---- | M] () -- C:\Documents and Settings\Colin\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/01/26 19:32:18 | 000,014,359 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.pdf
[2013/01/26 18:58:44 | 000,012,668 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.jpg
[2013/01/26 16:14:27 | 000,028,672 | ---- | M] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/01/26 16:13:11 | 000,025,513 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.png
[2013/01/23 17:06:23 | 166,208,064 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\The.Colbert.Report.2013.01.17.Akhil.Reed.Amar.HDTV.x264-LMAO.[VTV].mp4
[2013/01/23 16:59:22 | 139,606,670 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.17.Lena.Dunham.HDTV.x264-LMAO.[VTV].mp4
[2013/01/23 16:47:58 | 129,856,967 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.16.Jessica.Chastain.HDTV.x264-LMAO.[VTV].mp4
[2013/01/23 13:43:40 | 000,584,973 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\aug_31_2pm.JPG
[2013/01/23 13:43:12 | 000,550,387 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\aug_31_3pm.JPG
[2013/01/23 13:42:55 | 000,656,663 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\dec_21_2pm.JPG
[2013/01/23 13:42:39 | 000,552,817 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\dec_21_3pm.JPG
[2013/01/23 13:42:04 | 000,546,300 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\jun_21_2pm.JPG
[2013/01/23 13:41:34 | 000,546,300 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\jun_21_3pm.JPG
[2013/01/23 01:11:39 | 170,830,599 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\The.Colbert.Report.2013.01.15.Jared.Diamond.HDTV.x264-LMAO.[VTV].mp4
[2013/01/23 01:09:56 | 128,719,435 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.15.Bob.Schieffer.HDTV.x264-LMAO.[VTV].mp4
[2013/01/19 13:21:48 | 000,159,257 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\US Intervention Latin Am Caribbean.jpg
[2013/01/17 18:36:55 | 000,001,867 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Kies Air Discovery Service.lnk
[2013/01/17 18:31:24 | 000,001,643 | ---- | M] () -- C:\Documents and Settings\Colin\Desktop\Samsung Kies (Lite).lnk
[4 C:\Documents and Settings\Colin\Desktop\*.tmp files -> C:\Documents and Settings\Colin\Desktop\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\*.tmp files -> C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/02/09 10:46:13 | 000,000,923 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WD SmartWare.lnk
[2013/02/09 10:45:25 | 000,000,904 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WD Security.lnk
[2013/02/09 10:45:11 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WD Drive Utilities.lnk
[2013/02/07 08:05:38 | 000,001,634 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CrashPlan Tray.lnk
[2013/02/06 11:20:24 | 000,002,004 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK
[2013/02/02 12:12:05 | 000,040,707 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Explain This [bleep].jpg
[2013/02/02 00:44:59 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2013/01/26 19:32:18 | 000,014,359 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.pdf
[2013/01/26 16:16:09 | 000,012,668 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.jpg
[2013/01/26 16:13:09 | 000,025,513 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\OpLastResort.png
[2013/01/26 13:22:35 | 000,000,514 | -H-- | C] () -- C:\WINDOWS\tasks\ZoomExUpdaterTask{9ADE6478-F570-41C2-9245-35459316C022}.job
[2013/01/23 11:28:39 | 000,656,663 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\dec_21_2pm.JPG
[2013/01/23 11:28:39 | 000,584,973 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\aug_31_2pm.JPG
[2013/01/23 11:28:39 | 000,552,817 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\dec_21_3pm.JPG
[2013/01/23 11:28:39 | 000,550,387 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\aug_31_3pm.JPG
[2013/01/23 11:28:39 | 000,546,300 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\jun_21_3pm.JPG
[2013/01/23 11:28:39 | 000,546,300 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\jun_21_2pm.JPG
[2013/01/20 23:39:34 | 166,208,064 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\The.Colbert.Report.2013.01.17.Akhil.Reed.Amar.HDTV.x264-LMAO.[VTV].mp4
[2013/01/20 23:38:17 | 170,830,599 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\The.Colbert.Report.2013.01.15.Jared.Diamond.HDTV.x264-LMAO.[VTV].mp4
[2013/01/20 23:31:43 | 139,606,670 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.17.Lena.Dunham.HDTV.x264-LMAO.[VTV].mp4
[2013/01/20 23:30:33 | 129,856,967 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.16.Jessica.Chastain.HDTV.x264-LMAO.[VTV].mp4
[2013/01/20 23:29:12 | 128,719,435 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\The.Daily.Show.2013.01.15.Bob.Schieffer.HDTV.x264-LMAO.[VTV].mp4
[2013/01/19 13:21:46 | 000,159,257 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\US Intervention Latin Am Caribbean.jpg
[2013/01/17 18:31:24 | 000,001,643 | ---- | C] () -- C:\Documents and Settings\Colin\Desktop\Samsung Kies (Lite).lnk
[2012/12/26 05:56:05 | 000,016,876 | ---- | C] () -- C:\Documents and Settings\Colin\.TransferManager.db
[2012/09/26 20:57:16 | 000,030,568 | ---- | C] () -- C:\WINDOWS\MusiccityDownload.exe
[2012/07/04 01:00:49 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Colin\wxDownloadFast.ini
[2012/06/26 16:02:38 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2012/06/26 16:02:38 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2012/06/26 16:02:38 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2012/06/26 16:02:38 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2012/04/21 18:13:58 | 001,270,829 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3220099953-3417267552-1972214822-1005-0.dat
[2012/04/21 18:13:57 | 000,321,746 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/02/16 12:01:49 | 000,060,304 | ---- | C] () -- C:\Documents and Settings\Colin\g2mdlhlpx.exe
[2012/02/14 21:59:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/07/27 12:11:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2011/06/12 18:06:02 | 000,237,136 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/06/12 18:06:00 | 000,237,136 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/06/12 18:06:00 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/18 21:10:58 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/05/18 21:05:55 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2011/01/09 00:25:02 | 000,000,358 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2010/10/06 17:04:05 | 000,000,169 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2009/10/31 08:33:54 | 000,028,672 | ---- | C] () -- C:\Documents and Settings\Colin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/08/12 07:50:28 | 000,001,361 | ---- | C] () -- C:\Documents and Settings\Colin\cleaner-config.xml
[2009/08/12 07:50:28 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Colin\CommandDispatchers.xml

========== ZeroAccess Check ==========

[2004/08/07 07:09:18 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2011/09/05 07:56:22 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/21 17:05:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2009/11/27 19:50:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2011/01/10 14:45:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2011/01/10 15:01:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonEPP
[2012/03/16 13:00:52 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2011/01/10 15:01:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEPPEX2
[2011/01/10 14:49:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJMSetup
[2011/01/10 15:11:11 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2011/01/10 14:49:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJWSpt
[2011/08/15 16:39:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cisco Systems
[2013/01/26 13:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClickIT
[2012/08/09 20:37:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CrashPlan
[2012/02/05 14:29:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DatacardService
[2010/08/31 19:45:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2010/12/24 09:07:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Flip Video
[2011/09/12 14:07:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2013/01/26 13:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/12/17 20:43:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IsolatedStorage
[2011/10/08 11:21:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2011/10/07 07:48:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NokiaInstallerCache
[2011/01/09 00:25:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nuance
[2012/07/03 23:24:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\OptimizerPro
[2011/09/12 13:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2011/06/12 16:15:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2013/01/26 13:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Premium
[2012/10/30 21:52:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RapidSolution
[2012/10/20 18:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Samsung
[2011/03/20 13:20:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2013/02/01 21:24:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMR311
[2012/10/14 09:26:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Squeezebox
[2010/12/26 08:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/02/09 10:45:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2012/07/04 00:02:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\wxDfast
[2012/07/03 23:47:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WxDFastUpdater
[2011/01/09 00:24:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zeon
[2013/01/29 11:27:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zoomex
[2009/09/16 15:30:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{7B6BA59A-FB0E-4499-8536-A7420338BF3B}
[2013/02/07 07:33:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Amazon
[2012/04/21 17:05:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Autodesk
[2013/02/04 00:13:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Azureus
[2010/01/02 15:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011/01/10 15:11:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Canon
[2009/10/28 15:42:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\COWON
[2012/08/09 20:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\CrashPlan
[2009/10/08 10:31:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\dBpoweramp
[2009/10/10 18:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Desktopicon
[2013/02/07 06:22:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Dropbox
[2009/12/20 20:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\EPSON
[2013/01/25 22:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\foobar2000
[2009/09/28 09:00:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Fujitsu
[2009/08/02 02:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\GetRightToGo
[2009/09/28 08:28:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Leadertech
[2013/02/07 13:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Nokia
[2013/02/07 13:51:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Nokia Ovi Suite
[2012/06/27 19:38:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Oracle
[2011/02/04 08:34:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Participatory Culture Foundation
[2011/09/12 13:34:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\PC Suite
[2011/05/13 10:06:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\PCF-VLC
[2011/06/13 16:06:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\PFU
[2009/10/31 17:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\PPMate
[2009/12/20 10:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\ppStream
[2013/01/29 11:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\PriceGong
[2012/12/09 19:04:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Samsung
[2011/04/09 12:56:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\ScanSoft
[2011/06/22 11:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Tific
[2011/03/21 14:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\TightVNC
[2009/08/12 07:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Uniblue
[2012/12/13 19:13:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\WiTopia
[2011/01/09 00:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Colin\Application Data\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0574215C

< End of report >
  • 0

Advertisements

#2
gringo_pr
Posted 10 February 2013 - 07:51 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#3
coljay00
Posted 10 February 2013 - 08:26 AM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
thanks so much for the quick reply. I am on immediate notification now so will be better able to respond faster now. Here is the Security Check report:
Results of screen317's Security Check version 0.99.57
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360 Premier Edition
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
MVPS Hosts File
Spybot - Search & Destroy
JavaFX 2.1.1
Java™ 6 Update 31
Java 7 Update 11
HP JavaCard for HP ProtectTools
Adobe Flash Player 11.5.502.149
Mozilla Firefox (18.0.1)
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 34% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
  • 0

#4
gringo_pr
Posted 10 February 2013 - 08:38 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
How are you doing with the other two reports?
  • 0

#5
coljay00
Posted 10 February 2013 - 08:57 AM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
AdwCleaner crashed on first run, then OK. Noticed immediately that ZoomEx did not appear in WTM. Also, I had a process entry called something like IdleHostServices that was using up 90% of my CPU Time, according to WTM. That has completely disappeared, so presumably was bogus.
Here is the AdwCleaner report (final report to follow):
# AdwCleaner v2.111 - Logfile created 02/10/2013 at 08:37:15
# Updated 05/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Colin - COLINWS
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Colin\Desktop\Pueblo Verde House\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
File Deleted : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\searchplugins\safesearch.xml
File Deleted : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\searchplugins\Searchab.xml
File Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Documents and Settings\Colin\Start Menu\eBay.lnk
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\wxDfast
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Zoomex
Folder Deleted : C:\Documents and Settings\Colin\Application Data\Desktopicon
Folder Deleted : C:\Documents and Settings\Colin\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Colin\Local Settings\Application Data\Vuze_Remote
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\AskSearch
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vuze_Remote
Folder Deleted : C:\Program Files\Zoomex

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\zoomex\sprotector.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\AppDataLow\AskSA
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\Billeo
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6A2FD27B-867D-49CD-8F91-F63DC3FDF097}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\StartSearch
Key Deleted : HKCU\Software\Vuze_Remote
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3EF57FA7-5CFF-4E4D-86ED-F09934E1FD52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6A2FD27B-867D-49CD-8F91-F63DC3FDF097}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C94E154B-1459-4A47-966B-4B843BEFC7DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{91C12B5C-C5AC-40CB-BD26-492A7674B313}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AAF4DEA6-4E8B-4E3F-AE35-DD7B722CCD09}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA14329E-9550-4989-B3F2-9732E92D17CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6A2FD27B-867D-49CD-8F91-F63DC3FDF097}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\6ddd13a0de2d6e2ff8a433025f53af43.784B4C5CADF861323F25287817EE67357CB1E532.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vuze_Remote Toolbar
Key Deleted : HKLM\SOFTWARE\Software
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Vuze_Remote
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{97ED3A9F-CD6F-473A-8FE1-7505C1B844C3}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BA14329E-9550-4989-B3F2-9732E92D17CC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C94E154B-1459-4A47-966B-4B843BEFC7DB}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BA14329E-9550-4989-B3F2-9732E92D17CC}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=4eb108d2-67ed-11e2-8cbd-00216a5bec7a --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page Restore] = hxxp://vshare.toolbarhome.com/?hp=df --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&gc=1&q= --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://searchab.com/?aff=7&uid=4eb108d2-67ed-11e2-8cbd-00216a5bec7a --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\drfjkswk.default\prefs.js

Deleted : user_pref("CT2504091..clientLogIsEnabled", false);
Deleted : user_pref("CT2504091..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2504091..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2504091.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2504091.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT2504091.BrowserCompStateIsOpen_129707804829376918", true);
Deleted : user_pref("CT2504091.CT2504091", "CT2504091");
Deleted : user_pref("CT2504091.CurrentServerDate", "2-11-2012");
Deleted : user_pref("CT2504091.DSChangedManually", true);
Deleted : user_pref("CT2504091.DSInstall", true);
Deleted : user_pref("CT2504091.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2504091.DialogsGetterLastCheckTime", "Thu Nov 01 2012 13:50:31 GMT-0600 (Central Americ[...]
Deleted : user_pref("CT2504091.DownloadReferralCookieData", "");
Deleted : user_pref("CT2504091.EMailNotifierPollDate", "Tue May 22 2012 12:43:09 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2504091.FeedLastCount129079840422964131", 10);
Deleted : user_pref("CT2504091.FeedPollDate128891351169457140", "Tue May 22 2012 12:43:08 GMT-0600 (Central Am[...]
Deleted : user_pref("CT2504091.FeedPollDate129079840422964131", "Tue May 22 2012 12:43:08 GMT-0600 (Central Am[...]
Deleted : user_pref("CT2504091.FeedTTL128891351169457140", 40);
Deleted : user_pref("CT2504091.FirstServerDate", "3-5-2012");
Deleted : user_pref("CT2504091.FirstTime", true);
Deleted : user_pref("CT2504091.FirstTimeFF3", true);
Deleted : user_pref("CT2504091.FirstTimeHiddenVer", true);
Deleted : user_pref("CT2504091.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2504091.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2504091.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2504091.HPInstall", false);
Deleted : user_pref("CT2504091.HasUserGlobalKeys", true);
Deleted : user_pref("CT2504091.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2504091.HomepageBeforeUnload", "hxxps://accounts.google.com/ServiceLogin?service=mail&p[...]
Deleted : user_pref("CT2504091.Initialize", true);
Deleted : user_pref("CT2504091.InitializeCommonPrefs", true);
Deleted : user_pref("CT2504091.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2504091.InstallationType", "Unknown");
Deleted : user_pref("CT2504091.InstalledDate", "Thu May 03 2012 00:38:16 GMT-0600 (Central America Standard Ti[...]
Deleted : user_pref("CT2504091.IsAlertDBUpdated", true);
Deleted : user_pref("CT2504091.IsGrouping", false);
Deleted : user_pref("CT2504091.IsInitSetupIni", true);
Deleted : user_pref("CT2504091.IsMulticommunity", false);
Deleted : user_pref("CT2504091.IsOpenThankYouPage", true);
Deleted : user_pref("CT2504091.IsOpenUninstallPage", true);
Deleted : user_pref("CT2504091.IsProtectorsInit", true);
Deleted : user_pref("CT2504091.LanguagePackLastCheckTime", "Thu Nov 01 2012 16:52:08 GMT-0600 (Central America[...]
Deleted : user_pref("CT2504091.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2504091.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2504091.LastLogin_3.12.2.3", "Sun Jun 03 2012 15:06:23 GMT-0600 (Central America Standa[...]
Deleted : user_pref("CT2504091.LastLogin_3.13.0.6", "Sun Jul 15 2012 09:08:54 GMT-0600 (Central America Standa[...]
Deleted : user_pref("CT2504091.LastLogin_3.14.1.0", "Wed Aug 22 2012 16:31:00 GMT-0600 (Central America Standa[...]
Deleted : user_pref("CT2504091.LastLogin_3.15.1.0", "Thu Nov 01 2012 21:53:15 GMT-0600 (Central America Standa[...]
Deleted : user_pref("CT2504091.LatestVersion", "3.15.1.0");
Deleted : user_pref("CT2504091.Locale", "en-us");
Deleted : user_pref("CT2504091.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2504091.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2504091.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2504091.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2504091.OriginalFirstVersion", "3.12.2.3");
Deleted : user_pref("CT2504091.SearchCaption", "Web Search");
Deleted : user_pref("CT2504091.SearchEngineBeforeUnload", "Google");
Deleted : user_pref("CT2504091.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2504091.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT250[...]
Deleted : user_pref("CT2504091.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2504091.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2504091.SearchInNewTabLastCheckTime", "Thu Nov 01 2012 16:51:18 GMT-0600 (Central Ameri[...]
Deleted : user_pref("CT2504091.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2504091.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorEnabled", false);
Deleted : user_pref("CT2504091.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2504091.SendProtectorDataViaLogin", true);
Deleted : user_pref("CT2504091.ServiceMapLastCheckTime", "Thu Nov 01 2012 16:51:53 GMT-0600 (Central America S[...]
Deleted : user_pref("CT2504091.SettingsLastCheckTime", "Thu Nov 01 2012 20:06:16 GMT-0600 (Central America Sta[...]
Deleted : user_pref("CT2504091.SettingsLastUpdate", "1351523139");
Deleted : user_pref("CT2504091.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2504091&SearchSource=13");
Deleted : user_pref("CT2504091.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastCheck", "Thu May 03 2012 00:37:33 GMT-0600 (Central Ame[...]
Deleted : user_pref("CT2504091.ThirdPartyComponentsLastUpdate", "1331805997");
Deleted : user_pref("CT2504091.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2504091.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2504091");
Deleted : user_pref("CT2504091.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2504091.UserID", "UN26383540737558412");
Deleted : user_pref("CT2504091.alertChannelId", "897164");
Deleted : user_pref("CT2504091.backendstorage./9b+7e+x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e,x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e-x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e.x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e/x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e06cg5el8:", "6E6D6C72706F746F6E78");
Deleted : user_pref("CT2504091.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727876757A75747E242F4B4947[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7e0x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e1x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e2x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e3x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e4x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e5x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e6x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e7x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e8x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e9x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e:x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e;x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e<x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e=x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e>x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e?x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7e@x305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7eax305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2504091.backendstorage./9b+7ebx305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7ecx305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7edx305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b+7etx305", "2423");
Deleted : user_pref("CT2504091.backendstorage./9b-0?3g>d", "6A67706A6A41406D7A70484774207975782025217E7E7D2A51[...]
Deleted : user_pref("CT2504091.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2504091.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT2504091.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Deleted : user_pref("CT2504091.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Deleted : user_pref("CT2504091.backendstorage./9b5ba==9cjag", "3B6B706B6D6B40727A7844477475777D4B4E4F204F");
Deleted : user_pref("CT2504091.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C72706F746F7676727872");
Deleted : user_pref("CT2504091.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2504091.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT2504091.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2504091.backendstorage./9b<:222h64<l8daj", "6D7070707673757976722A7A7A72797B752022");
Deleted : user_pref("CT2504091.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2504091.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2504091.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2504091.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2504091.backendstorage.cbcountry_001", "4352");
Deleted : user_pref("CT2504091.backendstorage.cbfirsttime", "4D6F6E204F637420313520323031322031393A34313A35322[...]
Deleted : user_pref("CT2504091.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
Deleted : user_pref("CT2504091.components.1000515", true);
Deleted : user_pref("CT2504091.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2504091.globalFirstTimeInfoLastCheckTime", "Sun May 13 2012 00:37:44 GMT-0600 (Central [...]
Deleted : user_pref("CT2504091.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.initDone", true);
Deleted : user_pref("CT2504091.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2504091.myStuffEnabled", true);
Deleted : user_pref("CT2504091.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2504091.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2504091.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2504091.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2504091.navigateToUrlOnSearch", false);
Deleted : user_pref("CT2504091.oldAppsList", "129079840421557838,129079840422026594,111,129079849636241789,129[...]
Deleted : user_pref("CT2504091.revertSettingsEnabled", false);
Deleted : user_pref("CT2504091.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2504091.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2504091.testingCtid", "");
Deleted : user_pref("CT2504091.toolbarAppMetaDataLastCheckTime", "Thu Nov 01 2012 16:51:52 GMT-0600 (Central A[...]
Deleted : user_pref("CT2504091.toolbarContextMenuLastCheckTime", "Thu May 17 2012 06:34:50 GMT-0600 (Central A[...]
Deleted : user_pref("CT2504091.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Web Search");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2504091/CT2504091[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/897164/892962/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2504091", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2504091",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Colin\\Application[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.2.3");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2504091");
Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT2504091");
Deleted : user_pref("CommunityToolbar.globalUserId", "3ee2a9ef-cf77-4c0d-8772-cd972224002e");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2504091");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu May 17 2012 06:34:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon May 21 2012 14:21:48 GMT-060[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue May 22 2012 13:22:30 GMT-0600 (C[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "dc8d7ddd-a802-409d-a0cb-3dc5c39ce85e");
Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxps://accounts.google.com/ServiceLogin?service=mai[...]
Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Google");
Deleted : user_pref("browser.search.defaultenginename", "Web Search...");
Deleted : user_pref("browser.search.defaultthis.engineName", "Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&Sea[...]
Deleted : user_pref("extensions.4ff3d2f50d81b.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.addonfox.addit.remoteInstallItems", "{ \"software\": {\"95\": {\"id\": \"95\",[...]
Deleted : user_pref("extensions.boounce.installSource ", "softpublisher");
Deleted : user_pref("extensions.crossriderapp14917.14917.InstallationTime", 1345675058);
Deleted : user_pref("extensions.crossriderapp14917.14917.active", true);
Deleted : user_pref("extensions.crossriderapp14917.14917.addressbar", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.backgroundjs", "\nappAPI.onRequest(function(resourceU[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.backgroundver", 4);
Deleted : user_pref("extensions.crossriderapp14917.14917.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp14917.14917.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.expiration", "Fri [...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_channels.value", "%7B%22app[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_css.expiration", "Fri Nov 0[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_css.value", "%22.%25CSSClas[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.expiration", "T[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_geolocation.value", "%22CR%[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.expiration", "Fri [...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.CrossriderNotifier_metadata.value", "%7B%22app[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.cookie.InstallationTime.value", "1345675058");
Deleted : user_pref("extensions.crossriderapp14917.14917.description", "Chat Undetected lets you disable Faceb[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.domain", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp14917.14917.fbremoteurl", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.group", 0);
Deleted : user_pref("extensions.crossriderapp14917.14917.homepage", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.iframe", false);
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_appVer.value", "36");
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_lastVersion.value", "0");
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.expiration", "Fri Nov [...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.js", "\nappAPI.ready(function($) {\n\n});\n\n\n\n\n")[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.name", "Chat Undetected");
Deleted : user_pref("extensions.crossriderapp14917.14917.newtab", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.opensearch", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_1.ver", 3);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_15.code", "(function(f){var u={};var e[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_15.name", "FacebookFFIE");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_15.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_16.code", "(function(f,b){if(typeof(b)[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_16.ver", 3);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_17.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_21.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_22.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_28.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_4.code", "/*! jQuery v1.7.1 jquery.com[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_5.code", "(function(f){f.ui=f.ui||{};v[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_5.name", "notifications");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_5.ver", 2);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_7.code", "appAPI.hooks={$:$jquery_171,[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_7.name", "hooks");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_7.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searc[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_9.name", "search_engine_hook");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins.plugin_9.ver", 1);
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins_lists.plugins_0", "17,14,16,47");
Deleted : user_pref("extensions.crossriderapp14917.14917.plugins_lists.plugins_1", "17,14,13,16,15,4,1,21,22,7[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp14917.14917.pluginsversion", 8);
Deleted : user_pref("extensions.crossriderapp14917.14917.publisher", "Crossrider");
Deleted : user_pref("extensions.crossriderapp14917.14917.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp14917.14917.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp14917.14917.settingsurl", "");
Deleted : user_pref("extensions.crossriderapp14917.14917.thankyou", "hxxp://crossrider.com/thank_you/14917");
Deleted : user_pref("extensions.crossriderapp14917.14917.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp14917.14917.ver", 36);
Deleted : user_pref("extensions.crossriderapp14917.apps", "14917");
Deleted : user_pref("extensions.crossriderapp14917.bic", "139507bdc2151bcd104aad2bc73c1c9d");
Deleted : user_pref("extensions.crossriderapp14917.cid", 14917);
Deleted : user_pref("extensions.crossriderapp14917.firstrun", false);
Deleted : user_pref("extensions.crossriderapp14917.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp14917.installationdate", 1345675058);
Deleted : user_pref("extensions.crossriderapp14917.lastcheck", 22530469);
Deleted : user_pref("extensions.crossriderapp14917.lastcheckitem", 22530508);
Deleted : user_pref("extensions.crossriderapp14917.modetype", "production");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:1.0,googlesharing@extension.[...]
Deleted : user_pref("[email protected]", true);
Deleted : user_pref("extensions.foxlingo.addit.defaultAddons", "{ \"software\": {\"7\": {\"id\": \"7\",\"title[...]
Deleted : user_pref("extensions.skipscreen.hostMatchStr", "hxxp://www.4shared.com/(get|audio|file|document|dir[...]
Deleted : user_pref("extensions.snipit.chromeURL", "hxxp://toolbar.ask.com/toolbarv/askRedirect?o=10607&gct=&g[...]
Deleted : user_pref("[email protected]", false);
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2504091&SearchSource=2&q=[...]
Deleted : user_pref("tweaktube.pref.cacheInfo", "({'hxxp://wedata.net/databases/AutoPagerize/items.json':{url:[...]

File : C:\Documents and Settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\prefs.js

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("browser.startup.homepage", "hxxps://mail.google.com/mail/u/0/?shva=1#inbox|hxxps://www.go[...]
Deleted : user_pref("extensions.5104325bc059a.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("keyword.URL", "hxxp://searchab.com/?aff=7&uid=4eb108d2-67ed-11e2-8cbd-00216a5bec7a&q=");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1i049av7.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Documents and Settings\Colin\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [38311 octets] - [10/02/2013 08:29:39]
AdwCleaner[S1].txt - [425 octets] - [10/02/2013 08:34:14]
AdwCleaner[S2].txt - [38967 octets] - [10/02/2013 08:37:15]

########## EOF - C:\AdwCleaner[S2].txt - [39028 octets] ##########
  • 0

#6
gringo_pr
Posted 10 February 2013 - 09:00 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#7
coljay00
Posted 10 February 2013 - 09:17 AM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
On first run of RogueKiller, Norton 360 deleted it. After disabling Anti-Virus and Firewall, no problem. Here's the report:


RogueKiller V8.5.0 [Feb 9 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Colin [Admin rights]
Mode : Scan -- Date : 02/10/2013 09:03:47
| ARK || FAK || MBR |

¤¤¤ Bad processes : 1 ¤¤¤
[SUSP PATH] snuvcdsm.exe -- C:\WINDOWS\snuvcdsm.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKLM\[...]\Run : snuvcdsm (C:\WINDOWS\snuvcdsm.exe) -> FOUND
[TASK][SUSP PATH] ZoomExUpdaterTask{9ADE6478-F570-41C2-9245-35459316C022}.job : C:\Documents and Settings\All Users\Application Data\Premium\ZoomEx\ZoomEx.exe /schedule /profile "C:\Documents and Settings\All Users\Application Data\Premium\ZoomEx\profile.ini" -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[12] : NtAlertResumeThread @ 0x805D4BDC -> HOOKED (Unknown @ 0x8A00D580)
SSDT[13] : NtAlertThread @ 0x805D4B8C -> HOOKED (Unknown @ 0x8A00D660)
SSDT[17] : NtAllocateVirtualMemory @ 0x805A8AC2 -> HOOKED (Unknown @ 0x89872588)
SSDT[19] : NtAssignProcessToJobObject @ 0x805D66A0 -> HOOKED (Unknown @ 0x89F482B0)
SSDT[31] : NtConnectPort @ 0x805A45D8 -> HOOKED (Unknown @ 0x8A3096C8)
SSDT[43] : NtCreateMutant @ 0x806176AE -> HOOKED (Unknown @ 0x8A4EA058)
SSDT[52] : NtCreateSymbolicLinkObject @ 0x805C3A02 -> HOOKED (Unknown @ 0x898384D8)
SSDT[53] : NtCreateThread @ 0x805D1038 -> HOOKED (Unknown @ 0x8A2B1260)
SSDT[57] : NtDebugActiveProcess @ 0x80643B3E -> HOOKED (Unknown @ 0x89F48B88)
SSDT[68] : NtDuplicateObject @ 0x805BE010 -> HOOKED (Unknown @ 0x8A4C1C48)
SSDT[83] : NtFreeVirtualMemory @ 0x805B2FBA -> HOOKED (Unknown @ 0x8A4A0218)
SSDT[89] : NtImpersonateAnonymousToken @ 0x805F9258 -> HOOKED (Unknown @ 0x8A00D3C0)
SSDT[91] : NtImpersonateThread @ 0x805D7860 -> HOOKED (Unknown @ 0x8A00D4A0)
SSDT[97] : NtLoadDriver @ 0x80584172 -> HOOKED (Unknown @ 0x8A311438)
SSDT[108] : NtMapViewOfSection @ 0x805B2042 -> HOOKED (Unknown @ 0x8A4D4820)
SSDT[114] : NtOpenEvent @ 0x8060F06C -> HOOKED (Unknown @ 0x8A00C5E8)
SSDT[122] : NtOpenProcess @ 0x805CB456 -> HOOKED (Unknown @ 0x8A0DE960)
SSDT[123] : NtOpenProcessToken @ 0x805EDF26 -> HOOKED (Unknown @ 0x8A4CB728)
SSDT[125] : NtOpenSection @ 0x805AA3F4 -> HOOKED (Unknown @ 0x89F4A3A0)
SSDT[128] : NtOpenThread @ 0x805CB6E2 -> HOOKED (Unknown @ 0x89831580)
SSDT[137] : NtProtectVirtualMemory @ 0x805B8426 -> HOOKED (Unknown @ 0x898385C8)
SSDT[206] : NtResumeThread @ 0x805D4A18 -> HOOKED (Unknown @ 0x8A52D608)
SSDT[213] : NtSetContextThread @ 0x805D2C1A -> HOOKED (Unknown @ 0x8A3058F8)
SSDT[228] : NtSetInformationProcess @ 0x805CDEA0 -> HOOKED (Unknown @ 0x8A4DBE90)
SSDT[240] : NtSetSystemInformation @ 0x8060FD24 -> HOOKED (Unknown @ 0x89F4A2B8)
SSDT[253] : NtSuspendProcess @ 0x805D4AE0 -> HOOKED (Unknown @ 0x89F4A8A8)
SSDT[254] : NtSuspendThread @ 0x805D4952 -> HOOKED (Unknown @ 0x8A2FB970)
SSDT[257] : NtTerminateProcess @ 0x805D22D8 -> HOOKED (Unknown @ 0x8A31E588)
SSDT[258] : NtTerminateThread @ 0x805D24D2 -> HOOKED (Unknown @ 0x8A31F070)
SSDT[267] : NtUnmapViewOfSection @ 0x805B2E50 -> HOOKED (Unknown @ 0x8A4D6248)
SSDT[277] : NtWriteVirtualMemory @ 0x805B43D4 -> HOOKED (Unknown @ 0x8A313500)
S_SSDT[307] : NtUserAttachThreadInput -> HOOKED (Unknown @ 0x8A378FD0)
S_SSDT[383] : NtUserGetAsyncKeyState -> HOOKED (Unknown @ 0x8A398FD0)
S_SSDT[414] : NtUserGetKeyboardState -> HOOKED (Unknown @ 0x8A3755B8)
S_SSDT[416] : NtUserGetKeyState -> HOOKED (Unknown @ 0x8A398F60)
S_SSDT[428] : NtUserGetRawInputData -> HOOKED (Unknown @ 0x89BF9108)
S_SSDT[460] : NtUserMessageCall -> HOOKED (Unknown @ 0x8A55E930)
S_SSDT[475] : NtUserPostMessage -> HOOKED (Unknown @ 0x8A56C838)
S_SSDT[476] : NtUserPostThreadMessage -> HOOKED (Unknown @ 0x8A56C7A8)
S_SSDT[549] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x897D3898)
S_SSDT[552] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x85C822F0)

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost
127.0.0.1 activate.adobe.com # Acrobat Pro 9.3 crack instruction
127.0.0.1 practivate.adobe.com # Acrobat Pro 9.3 crack instruction
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000BPKT-00PK4T0 +++++
--- User ---
[MBR] cc903b2873d2aef8dc543ce3ee60c0ed
[BSP] 8bad2f0977c0a28cfe56f0d6e9cffadb : Standard MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 475329 Mo
1 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 973474740 | Size: 1608 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WD My Passport 0748 USB Device +++++
--- User ---
[MBR] f7832d78356052ec050ab1614761a2ad
[BSP] 3a4eeddc4d534bf14d818929b79625f0 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 1430766 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_02102013_02d0903.txt >>
RKreport[1]_S_02102013_02d0903.txt
  • 0

#8
coljay00
Posted 10 February 2013 - 09:24 AM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Computer is already running better. Whew! I will be gone for the next couple of hours, but will resume with Combofix.exe on return.
Thanks,
coljay00
  • 0

#9
gringo_pr
Posted 10 February 2013 - 09:26 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
I will be looking for the report when you come back
  • 0

#10
coljay00
Posted 10 February 2013 - 01:14 PM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK, here is the ComboFix report. I will continue to check out computer performance and let you know.

ComboFix 13-02-07.02 - Colin 02/10/2013 12:35:53.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.1931 [GMT -6:00]
Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Colin\Desktop\Pueblo Verde House\~WRL2827.tmp
c:\documents and settings\Colin\g2mdlhlpx.exe
c:\windows\system32\drivers\tcpip.copy
c:\windows\system32\muzapp.exe
c:\windows\TEMP\jna3843577915014507966.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-09 16:46 . 2013-02-09 16:46 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Western_Digital
2013-02-09 16:46 . 2013-02-09 16:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-02-09 16:45 . 2013-02-09 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2013-02-09 16:44 . 2013-02-09 16:45 -------- d-----w- c:\program files\Western Digital
2013-02-09 16:44 . 2013-02-09 16:44 -------- d-----w- c:\program files\Common Files\Western Digital
2013-02-09 16:43 . 2013-02-09 16:46 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Western Digital
2013-02-06 14:25 . 2013-02-06 17:18 -------- d-----w- c:\windows\system32\drivers\N360\0604010.00E
2013-02-02 03:24 . 2013-02-02 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SMR311
2013-02-02 03:22 . 2013-02-02 03:22 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-02-02 03:22 . 2013-02-02 03:26 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\NPE
2013-01-29 21:05 . 2013-01-29 21:05 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Citrix
2013-01-26 19:22 . 2013-01-26 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ClickIT
2013-01-18 01:05 . 2013-01-18 01:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 04:09 . 2012-12-03 03:57 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 04:09 . 2012-12-03 03:57 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-18 01:05 . 2012-06-28 01:38 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-18 01:05 . 2012-04-05 20:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-18 01:05 . 2010-05-03 02:18 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 23:53 . 2012-12-14 01:05 33760 ----a-w- c:\windows\system32\drivers\visctap0901.sys
2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2013-02-10 03:12 . 2013-02-10 03:12 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-07-09 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-18 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-06-04 65536]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-03-27 27184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7a4):
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-18 12:05 126736 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppamnet.exe"=
"c:\\Documents and Settings\\Colin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Colin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Colin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
"3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [7/11/2008 3:50 PM 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [7/11/2008 3:50 PM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [7/11/2008 3:50 PM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 4:14 AM 24064]
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2/1/2013 9:22 PM 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [2/6/2013 8:39 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [2/6/2013 8:39 AM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [1/15/2013 8:51 PM 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [2/6/2013 8:39 AM 132768]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [7/11/2008 3:50 PM 12496]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [2/6/2013 8:39 AM 149624]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/12/2008 1:21 PM 1164536]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [11/5/2010 7:59 PM 135168]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [3/26/2012 10:59 AM 152576]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [7/8/2008 7:18 PM 19968]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/11/2008 3:49 PM 256512]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [2/6/2013 8:30 AM 138272]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 9:08 AM 3575808]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2/2/2008 2:20 AM 144672]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [7/8/2010 7:28 AM 815704]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [12/15/2011 9:25 AM 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [12/16/2011 1:21 PM 246688]
R2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [12/15/2011 9:25 AM 1591176]
R2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [12/15/2011 9:25 AM 1091992]
R2 WiTopiaService;WiTopia Service;c:\program files\WiTopia\WiTopiaService.exe [12/13/2012 7:05 PM 60528]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 3:40 PM 477696]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/27/2008 5:42 AM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/15/2012 1:09 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130208.004\IDSXpx86.sys [2/9/2013 4:01 AM 373728]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 1:16 PM 41216]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [9/10/2008 3:04 AM 47616]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [10/22/2012 5:29 PM 31848]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [12/13/2012 7:05 PM 33760]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [11/5/2010 7:59 PM 103424]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/10/2008 4:32 AM 193840]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [10/20/2012 6:33 PM 20032]
S3 dwm3gmdm;DWM USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\dwm3gmdm.sys --> c:\windows\system32\DRIVERS\dwm3gmdm.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [7/3/2010 7:40 PM 113280]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/3/2010 7:40 PM 100736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/12/2011 1:29 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/12/2011 1:29 PM 8576]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [10/22/2012 5:29 PM 31848]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 04:09]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 12:49]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 12:49]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005Core.job
- c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-09 21:31]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005UA.job
- c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-09 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-12-20 23:04; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-18 06:22; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-25 08:27; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-26 13:45; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Uniblue RegistryBooster 2009 - c:\program files\Uniblue\RegistryBooster\RegistryBooster.exe
HKCU-Run-ManicTime - c:\program files\ManicTime\ManicTime.exe
HKCU-Run-Facebook Update - c:\documents and settings\Colin\Local Settings\Application Data\Facebook\Update\FacebookUpdate.exe
HKLM-Run-nwiz - nwiz.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe
AddRemove-SP_d5b5d47e - c:\program files\ZoomEx\uninstall.exe
AddRemove-ZoomEx - c:\docume~1\ALLUSE~1\APPLIC~1\InstallMate\ZoomEx\Setup.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
AddRemove-{DEF51106-DB7A-4031-A2DA-9358051633F0} - c:\docume~1\ALLUSE~1\APPLIC~1\InstallMate\{DEF51106-DB7A-4031-A2DA-9358051633F0}\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 12:58
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
Shell = HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|p>?|????i>?|??@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\09\045\13c"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\msi.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
.
- - - - - - - > 'explorer.exe'(2248)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\vssvc.exe
c:\windows\system32\RUNDLL32.EXE
.
**************************************************************************
.
Completion time: 2013-02-10 13:05:37 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-10 19:05
.
Pre-Run: 119,472,803,840 bytes free
Post-Run: 121,090,785,280 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /bootlog
.
- - End Of File - - 80A9468170F161704D39FC29294371C6
  • 0

Advertisements

#11
gringo_pr
Posted 10 February 2013 - 01:18 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#12
coljay00
Posted 10 February 2013 - 02:28 PM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
ComboFix report below.

No issues during program run.

Computer operation seems normal but I will test a few things now.

ComboFix 13-02-07.02 - Colin 02/10/2013 13:55:52.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3036.2032 [GMT -6:00]
Running from: c:\documents and settings\Colin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Colin\Desktop\CFScript.txt
AV: Norton 360 Premier Edition *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\Colin\WINDOWS
c:\program files\stc
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\TEMP\jna7571206458464094686.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))
.
.
2013-02-09 16:46 . 2013-02-09 16:46 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Western_Digital
2013-02-09 16:46 . 2013-02-09 16:46 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2013-02-09 16:45 . 2013-02-09 16:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Western Digital
2013-02-09 16:44 . 2013-02-09 16:45 -------- d-----w- c:\program files\Western Digital
2013-02-09 16:44 . 2013-02-09 16:44 -------- d-----w- c:\program files\Common Files\Western Digital
2013-02-09 16:43 . 2013-02-09 16:46 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Western Digital
2013-02-06 14:25 . 2013-02-06 17:18 -------- d-----w- c:\windows\system32\drivers\N360\0604010.00E
2013-02-02 03:24 . 2013-02-02 03:24 -------- d-----w- c:\documents and settings\All Users\Application Data\SMR311
2013-02-02 03:22 . 2013-02-02 03:22 97440 ----a-w- c:\windows\system32\drivers\SMR311.SYS
2013-02-02 03:22 . 2013-02-02 03:26 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\NPE
2013-01-29 21:05 . 2013-01-29 21:05 -------- d-----w- c:\documents and settings\Colin\Local Settings\Application Data\Citrix
2013-01-26 19:22 . 2013-01-26 19:22 -------- d-----w- c:\documents and settings\All Users\Application Data\ClickIT
2013-01-18 01:05 . 2013-01-18 01:05 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-10 04:09 . 2012-12-03 03:57 74096 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-10 04:09 . 2012-12-03 03:57 697712 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-18 01:05 . 2012-06-28 01:38 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-18 01:05 . 2012-04-05 20:17 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-01-18 01:05 . 2010-05-03 02:18 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 12:23 . 2004-08-04 08:00 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-12 23:53 . 2012-12-14 01:05 33760 ----a-w- c:\windows\system32\drivers\visctap0901.sys
2012-11-13 01:25 . 2004-08-04 08:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2013-02-10 03:12 . 2013-02-10 03:12 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2012-12-12 664688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2008-04-14 177152]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-06-20 178712]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2007-05-15 293168]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2008-07-09 238896]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2008-06-18 24848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"Cpqset"="c:\program files\Hewlett-Packard\Default Settings\cpqset.exe" [2008-06-04 65536]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2009-03-27 27184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2006-01-06 188416]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-12-04 13933160]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UpdateService\ISUSPM.exe" [2005-02-16 221184]
"WD Drive Unlocker"="c:\program files\Western Digital\WD Apps\WDDriveAutoUnlock.exe" [2011-12-16 1687968]
"WD Quick View"="c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe" [2011-12-15 3998616]
"nwiz"="nwiz.exe" [BU]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
CrashPlan Tray.lnk - c:\program files\CrashPlan\CrashPlanTray.exe [2012-3-26 217088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"=hex(7a8):
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ackpbsc]
2007-05-15 23:08 112640 ----a-w- c:\windows\system32\ackpbsc.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\acunlock]
2007-05-15 23:08 281088 ----a-w- c:\program files\ActivIdentity\ActivClient\acunlock.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2008-06-18 12:05 126736 ----a-w- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\PPMate\\ppamnet.exe"=
"c:\\Documents and Settings\\Colin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Colin\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\TightVNC\\tvnserver.exe"=
"c:\\Program Files\\TightVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Colin\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\CrashPlan\\CrashPlanService.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9000:TCP"= 9000:TCP:Logitech Media Server 9000 tcp (UI)
"9001:TCP"= 9001:TCP:Logitech Media Server 9001 tcp (UI)
"9002:TCP"= 9002:TCP:Logitech Media Server 9002 tcp (UI)
"9003:TCP"= 9003:TCP:Logitech Media Server 9003 tcp (UI)
"9004:TCP"= 9004:TCP:Logitech Media Server 9004 tcp (UI)
"9005:TCP"= 9005:TCP:Logitech Media Server 9005 tcp (UI)
"9006:TCP"= 9006:TCP:Logitech Media Server 9006 tcp (UI)
"9007:TCP"= 9007:TCP:Logitech Media Server 9007 tcp (UI)
"9008:TCP"= 9008:TCP:Logitech Media Server 9008 tcp (UI)
"9009:TCP"= 9009:TCP:Logitech Media Server 9009 tcp (UI)
"9010:TCP"= 9010:TCP:Logitech Media Server 9010 tcp (UI)
"9100:TCP"= 9100:TCP:Logitech Media Server 9100 tcp (UI)
"8000:TCP"= 8000:TCP:Logitech Media Server 8000 tcp (UI)
"10000:TCP"= 10000:TCP:Logitech Media Server 10000 tcp (UI)
"9090:TCP"= 9090:TCP:Logitech Media Server 9090 tcp (UI)
"3483:UDP"= 3483:UDP:Logitech Media Server 3483 udp
"3483:TCP"= 3483:TCP:Logitech Media Server 3483 tcp
.
R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [7/11/2008 3:50 PM 109184]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [7/11/2008 3:50 PM 51376]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [7/11/2008 3:50 PM 12928]
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [3/28/2008 4:14 AM 24064]
R0 SMR311;Symantec SMR Utility Service 3.1.1;c:\windows\system32\drivers\SMR311.SYS [2/1/2013 9:22 PM 97440]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0604010.00E\symds.sys [2/6/2013 8:39 AM 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0604010.00E\symefa.sys [2/6/2013 8:39 AM 924320]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\BASHDefs\20130116.013\BHDrvx86.sys [1/15/2013 8:51 PM 997464]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\N360\0604010.00E\ccsetx86.sys [2/6/2013 8:39 AM 132768]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [7/11/2008 3:50 PM 12496]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0604010.00E\ironx86.sys [2/6/2013 8:39 AM 149624]
R2 accoca;ActivClient Middleware Service;c:\program files\ActivIdentity\ActivClient\accoca.exe [5/15/2007 5:08 PM 182576]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [8/4/2004 2:00 AM 14336]
R2 ATService;AuthenTec Fingerprint Service;c:\program files\Fingerprint Sensor\AtService.exe [6/12/2008 1:21 PM 1164536]
R2 Change Modem Device Service;Change Modem Device Service;c:\windows\system32\ChgService.exe [11/5/2010 7:59 PM 135168]
R2 CrashPlanService;CrashPlan Backup Service;c:\program files\CrashPlan\CrashPlanService.exe [3/26/2012 10:59 AM 152576]
R2 HP ProtectTools Service;HP ProtectTools Service;c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTChangeFilterService.exe [7/8/2008 7:18 PM 19968]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [7/11/2008 3:49 PM 256512]
R2 N360;Norton 360;c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccsvchst.exe [2/6/2013 8:30 AM 138272]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [12/11/2008 9:08 AM 3575808]
R2 PDFProFiltSrv;PDFProFiltSrv;c:\program files\Nuance\PDF Professional 5\PDFProFiltSrv.exe [2/2/2008 2:20 AM 144672]
R2 tvnserver;TightVNC Server;c:\program files\TightVNC\tvnserver.exe [7/8/2010 7:28 AM 815704]
R2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [12/15/2011 9:25 AM 265624]
R2 WDDriveService;WD Drive Manager;c:\program files\Western Digital\WD Drive Manager\WDDriveService.exe [12/16/2011 1:21 PM 246688]
R2 WDFMEService;WDFME;c:\program files\Western Digital\WD SmartWare\WDFME.exe [12/15/2011 9:25 AM 1591176]
R2 WDRulesService;WDRules;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [12/15/2011 9:25 AM 1091992]
R2 WiTopiaService;WiTopia Service;c:\program files\WiTopia\WiTopiaService.exe [12/13/2012 7:05 PM 60528]
R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [6/12/2008 3:40 PM 477696]
R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y5132.sys [3/27/2008 5:42 AM 239760]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/15/2012 1:09 PM 106656]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_6.3.0.14\Definitions\IPSDefs\20130208.004\IDSXpx86.sys [2/9/2013 4:01 AM 373728]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [4/4/2007 1:16 PM 41216]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [9/10/2008 3:04 AM 47616]
R3 RRNetCapMP;RRNetCapMP;c:\windows\system32\drivers\rrnetcap.sys [10/22/2012 5:29 PM 31848]
R3 visctap0901;Viscosity Virtual Adapter V9.1;c:\windows\system32\drivers\visctap0901.sys [12/13/2012 7:05 PM 33760]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys --> c:\windows\system32\Drivers\N360\0308000.029\ccHPx86.sys [?]
S3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\drivers\cmnsusbser.sys [11/5/2010 7:59 PM 103424]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [9/10/2008 4:32 AM 193840]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [10/20/2012 6:33 PM 20032]
S3 dwm3gmdm;DWM USB Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\dwm3gmdm.sys --> c:\windows\system32\DRIVERS\dwm3gmdm.sys [?]
S3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\drivers\ewusbnet.sys [7/3/2010 7:40 PM 113280]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [7/3/2010 7:40 PM 100736]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [9/12/2011 1:29 PM 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [9/12/2011 1:29 PM 8576]
S3 RRNetCap;RRNetCap Service;c:\windows\system32\drivers\rrnetcap.sys [10/22/2012 5:29 PM 31848]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [5/6/2008 4:06 PM 11520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-25 04:09]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 12:49]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-25 12:49]
.
2013-02-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005Core.job
- c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-09 21:31]
.
2013-02-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3220099953-3417267552-1972214822-1005UA.job
- c:\documents and settings\Colin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-11-09 21:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=all&pf=cmnb
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append the content of the link to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Append the content of the selected links to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppendSelLinks.HTML
IE: Append to existing PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIEAppend.HTML
IE: Create PDF file - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF file from the content of the link - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECapture.HTML
IE: Create PDF files from the selected links - c:\program files\Nuance\PDF Professional 5\bin\ZeonIEFavClient.dll/ZeonIECaptureSelLinks.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Open with Nuance PDF Converter 5.0 - c:\program files\Nuance\PDF Professional 5\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-12-20 23:04; jid1-F9UJ2thwoAm5gQ@jetpack; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-18 06:22; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-25 08:27; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
FF - ExtSQL: 2013-01-26 13:45; [email protected]; c:\documents and settings\Colin\Application Data\Mozilla\Firefox\Profiles\x4qhwco5.default\extensions\[email protected]
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-10 14:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
Shell = HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\Hewlett-Packard\Default Settings\cpqset.exe???????????????????????|p>?|????i>?|??@
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360 Premier Edition\Engine\6.4.1.14\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\DbgagD\1*]
"value"="?\0b\03\09\045\13c"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1116)
c:\windows\system32\ackpbsc.dll
c:\windows\system32\aclog.dll
c:\windows\system32\ACLIBEAY.dll
c:\windows\system32\acevtsub.dll
c:\windows\system32\asphat32.dll
c:\windows\system32\acerrmes.dll
c:\windows\system32\aspcom.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acerrmrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\asphatrc.dll
c:\windows\system32\msi.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\brand.dll
c:\program files\Hewlett-Packard\IAM\Bin\AsChnl.dll
c:\program files\Hewlett-Packard\IAM\Bin\HPPlugIn.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHostServices.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.HPQWMIEXLib.dll
c:\program files\ActivIdentity\ActivClient\acunlock.dll
c:\windows\system32\aipingui.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\aipinguirc.dll
c:\program files\ActivIdentity\ActivClient\resources\acCobAPIrc.dll
c:\program files\ActivIdentity\ActivClient\Resources\Merged\acunlockrc.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTHstServsLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHstServs.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\BIOSDomain.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\Interop.PTPluginLib.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTStrings.dll
c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\HPjCard.dll
c:\windows\system32\acomx.dll
c:\windows\system32\acbsi21.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItVCClient.dll
c:\program files\Hewlett-Packard\IAM\Bin\ItReports.DLL
c:\program files\Hewlett-Packard\IAM\Bin\ItVCard.dll
c:\program files\Hewlett-Packard\IAM\Bin\NetAdmin.dll
.
- - - - - - - > 'explorer.exe'(5468)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\documents and settings\Colin\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\Google\Drive\googledrivesync32.dll
c:\progra~1\WINDOW~1\wmpband.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Hewlett-Packard\IAM\Bin\AsGHost.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\ActivIdentity\ActivClient\acevents.exe
c:\windows\system32\mqsvc.exe
c:\windows\system32\mqtgsvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\windows\System32\vssvc.exe
.
**************************************************************************
.
Completion time: 2013-02-10 14:17:50 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-10 20:17
ComboFix2.txt 2013-02-10 19:05
.
Pre-Run: 121,169,149,952 bytes free
Post-Run: 121,076,932,608 bytes free
.
- - End Of File - - 2DE7A82B46D520B992F522615FF437E9
  • 0

#13
gringo_pr
Posted 10 February 2013 - 02:31 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I would like to see a report that combofix makes.

extra combofix report

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
C:\Qoobox\Add-Remove Programs.txt
  • click ok

copy and paste the report into this topic for me to review

Gringo
  • 0

#14
coljay00
Posted 10 February 2013 - 02:39 PM

coljay00

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Extra Combo


ActivClient 6.1 x86
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Applet_App
Applet_Copy
Applet_Email
Applet_Epp
Applet_File
Applet_OCR
Applet_Photoshop
Applet_Web
Audials
AuthenTec Fingerprint System
Autodesk Design Review 2012
Autodesk Material Library 2012
Autodesk Material Library Base Resolution Image Library 2012
Autodesk Material Library Low Resolution Image Library 2012
Autodesk Material Library Medium Resolution Image Library 2012
Autodesk Revit Architecture 2012
Autodesk Revit Architecture 2012 UR1
Autodesk Revit Architecture 2012 UR2
BBC iPlayer Desktop
BLM 2.7.7
Canon Easy-PhotoPrint EX
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 4.0
Canon MP495 series MP Drivers
Canon MP495 series User Registration
Canon My Printer
Canon Solution Menu EX
Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CardMinder V3.2
Climate Consultant 4
COWON Media Center - jetAudio Basic VX
CrashPlan
Credential Manager for HP ProtectTools
Critical Update for Windows Media Player 11 (KB959772)
dBpoweramp Batch Ripper
dBpoweramp CD Writer
dBpoweramp DSP Effects
dBpoweramp Music Converter
Drive Encryption for HP ProtectTools
Dropbox
EPSON Photo Print
EPSON Smart Panel
EPSON TWAIN 5
Exact Audio Copy 0.99pb5
Facebook Video Calling 1.2.0.159
FARO LS 1.1.406.58
foobar2000 v1.1.16
Google Chrome
Google Drive
Google Earth
Google SketchUp 7
Google Talk Plugin
Google Update Helper
GoToMeeting 5.4.0.1083
Hewlett-Packard ACLM.NET v1.1.0.0
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB949764)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP 3D DriveGuard
HP Doc Viewer
HP Help and Support
HP Integrated Module with Bluetooth wireless technology
HP JavaCard for HP ProtectTools
HP Product Detection
HP ProtectTools Security Manager
HP ProtectTools Security Manager Suite
HP Quick Launch Buttons 6.40 F1
HP QuickLook 2
HP Software Setup 5.00.A.7
HP User Guide Bluetooth Addendum 0062
HP User Guides 0104
HP Wallpaper
HP Webcam
HP Webcam Application
HP Wireless Assistant
Intel® Network Connections Drivers
Intel® Matrix Storage Manager
Java 7 Update 11
Java Auto Updater
Java™ 6 Update 31
JavaFX 2.1.1
Logitech Media Server 7.7.2
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Standard Edition 2003
Microsoft Office Visio Professional 2003
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.9
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 x86 ATL Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 CRT Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 MFC Runtime 9.0.30729
Microsoft Visual C++ 2008 x86 OpenMP Runtime 9.0.30729
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft WinUsb 1.0
Mobile Partner
Mozilla Firefox 18.0.2 (x86 en-US)
Mozilla Maintenance Service
MSVC80_x86_v2
MSVC90_x86
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Nokia Connectivity Cable Driver
Nokia PC Suite
Norton 360 Premier Edition
Nuance PDF Professional 5
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA Performance Drivers
Octoshape add-in for Adobe Flash Player
OpenStudio 1.0.4
PC Connectivity Solution
PF 2450 PHOTO Guide
Photosmart 130,230,7150,7345,7350,7550 (Remove only)
Picasa 3
PingPlotter Freeware
PPMate Network TV 2.3.1.74
Product Selection Guide 2010-2011
Revit Architecture 2012
Revit Architecture 2012 Language Pack - English
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
ScanSnap Manager
ScanSnap Organizer
Scansoft PDF Professional
ScanToWeb
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Windows (KB2564958)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB2544521)
Security Update for Windows Internet Explorer 7 (KB2586448)
Security Update for Windows Internet Explorer 7 (KB2618444)
Security Update for Windows Internet Explorer 7 (KB2647516)
Security Update for Windows Internet Explorer 7 (KB2675157)
Security Update for Windows Internet Explorer 7 (KB2699988)
Security Update for Windows Internet Explorer 7 (KB2722913)
Security Update for Windows Internet Explorer 7 (KB2744842)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360131)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2416400)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2482017)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2497640)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2530548)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2559049)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2586448)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SopCast 3.3.2
SoundMAX
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab
TightVNC 2.0.2
Touchstone 2
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Office 2007 (KB934528)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB942763)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
Update for Windows XP (KB980182)
Visual C++ 2008 - x86 (KB958357) - v9.0.30729.177
VLC media player 2.0.5
Vuze
WD Drive Utilities
WD Security
WD SmartWare
WeaTran
WebFldrs XP
Windows Driver Package - Nokia Modem (02/25/2011 4.7)
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WiTopia
WiTopia.Net personalVPN 1.8
Zoom 7.2M Tri-band Modem
  • 0

#15
gringo_pr
Posted 10 February 2013 - 03:14 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld



These logs are looking allot better. But we still have some work to do.


uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove


Java 7 Update 11
Java™ 6 Update 31
JavaFX 2.1.1
Vuze
[/list]

  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.


Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis program
  • Save HijackThis to your desktop.
  • Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run)
  • Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu)
  • copy and paste hijackthis report into the topic



"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP