• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.

Flan

Full Member
  • Content count

    11
  • Joined

  • Last visited

About Flan

  • Rank
    Member
  • Birthday
  1. Updated them both, good to know nothing is going wrong. Thank you for taking your time to help me out, much appreciated
  2. I didn't notice any difference, but I barely got to test the PC since I'm a bit busy right now. The combofix log is below. ComboFix 12-12-07.01 - MyriamMarcos 12/09/2012 12:24:12.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.2327 [GMT -8:00] Running from: c:\users\MyriamMarcos\Desktop\ComboFix.exe AV: Kaspersky PURE 2.0 *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} FW: Kaspersky PURE 2.0 *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} SP: Kaspersky PURE 2.0 *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((( Files Created from 2012-11-09 to 2012-12-09 ))))))))))))))))))))))))))))))) . . 2012-12-09 20:33 . 2012-12-09 20:33 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-08 21:27 . 2012-12-08 21:34 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\QuickScan 2012-12-08 11:44 . 2012-12-09 20:31 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\offreg.dll 2012-12-08 11:42 . 2012-12-08 11:42 -------- d-----r- C:\Backup 2012-12-08 11:39 . 2009-12-14 20:44 85048 ----a-w- c:\windows\system32\drivers\CSCrySec.sys 2012-12-08 11:39 . 2009-12-14 20:44 66104 ----a-w- c:\windows\system32\drivers\CSVirtualDiskDrv.sys 2012-12-08 11:38 . 2012-12-08 11:38 -------- d-----w- c:\program files (x86)\Common Files\InfoWatch 2012-12-08 11:38 . 2012-12-09 20:26 -------- d-----w- c:\programdata\Kaspersky Lab 2012-12-08 11:38 . 2012-12-08 11:38 -------- d-----w- c:\program files (x86)\Kaspersky Lab 2012-12-08 11:37 . 2012-12-08 11:37 636760 ----a-w- c:\windows\system32\drivers\klif.sys 2012-12-08 11:07 . 2012-12-08 11:07 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\Malwarebytes 2012-12-08 11:06 . 2012-12-08 11:06 -------- d-----w- c:\programdata\Malwarebytes 2012-12-08 11:06 . 2012-12-08 11:07 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2012-12-08 11:06 . 2012-09-30 03:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-07 23:38 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\mpengine.dll 2012-11-29 20:03 . 2012-12-09 20:20 -------- d-----w- c:\users\MyriamMarcos\AppData\Roaming\Skype 2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-11-29 20:03 . 2012-11-29 20:03 -------- d-----r- c:\program files (x86)\Skype 2012-11-29 20:03 . 2012-12-08 12:30 -------- d-----w- c:\programdata\Skype 2012-11-27 00:21 . 2012-11-27 00:21 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-11-17 06:51 . 2012-10-09 18:17 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-11-17 06:51 . 2012-10-09 18:17 226816 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-11-17 06:51 . 2012-10-09 17:40 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll 2012-11-17 06:51 . 2012-10-09 17:40 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll 2012-11-17 06:51 . 2012-10-18 18:25 3149824 ----a-w- c:\windows\system32\win32k.sys 2012-11-17 06:48 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-11-17 06:48 . 2012-10-03 17:44 246272 ----a-w- c:\windows\system32\netcorehc.dll 2012-11-17 06:48 . 2012-10-03 17:44 216576 ----a-w- c:\windows\system32\ncsi.dll 2012-11-17 06:48 . 2012-10-03 17:42 569344 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-11-17 06:48 . 2012-10-03 16:42 156672 ----a-w- c:\windows\SysWow64\ncsi.dll 2012-11-17 06:48 . 2012-10-03 17:44 303104 ----a-w- c:\windows\system32\nlasvc.dll 2012-11-17 06:48 . 2012-10-03 17:44 70656 ----a-w- c:\windows\system32\nlaapi.dll 2012-11-17 06:48 . 2012-10-03 16:42 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll 2012-11-17 06:48 . 2012-10-03 16:07 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-11-17 06:48 . 2012-01-13 07:12 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll 2012-11-17 06:48 . 2012-10-03 17:44 18944 ----a-w- c:\windows\system32\netevent.dll 2012-11-17 06:48 . 2012-10-03 16:42 18944 ----a-w- c:\windows\SysWow64\netevent.dll 2012-11-15 11:03 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui 2012-11-15 11:03 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys 2012-11-15 11:03 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys 2012-11-15 11:03 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll 2012-11-15 11:00 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys 2012-11-15 11:00 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys 2012-11-15 11:00 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll 2012-11-15 11:00 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll 2012-11-15 11:00 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll 2012-11-15 11:00 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe 2012-11-15 11:00 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll 2012-11-15 07:55 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll 2012-11-15 07:55 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-11-15 11:01 . 2012-06-10 23:08 66395536 ----a-w- c:\windows\system32\MRT.exe 2012-10-16 08:38 . 2012-11-29 19:42 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-29 19:42 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-29 19:42 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 00:25 . 2012-07-27 18:26 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 00:25 . 2012-07-27 18:26 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-24 23:32 . 2012-06-01 04:52 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-09-24 23:32 . 2011-05-14 05:18 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-14 19:19 . 2012-10-14 23:10 2048 ----a-w- c:\windows\system32\tzres.dll 2012-09-14 18:28 . 2012-10-14 23:10 2048 ----a-w- c:\windows\SysWow64\tzres.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-08-31 06:24 496056 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\shellex.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"="c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-12 138096] "Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-11-09 17877168] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-02-28 336384] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112] "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-09-13 103992] "BYRUA_AGENT"="c:\programdata\LGMOBILEAX\BYR_Client\VZWUAAgent.exe" [2012-07-27 396408] "HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2012-03-05 578944] "HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-08-19 379960] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" [2012-08-31 202328] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe [2010-9-2 255536] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "EnableShellExecuteHooks"= 1 (0x1) . [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-30 676936] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-30 25928] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-09-03 227232] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;c:\windows\system32\DRIVERS\lgvzandnetdiag64.sys [2012-05-09 29696] R3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;c:\windows\system32\DRIVERS\lgvzandnetdiag264.sys [2012-05-09 29696] R3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;c:\windows\system32\DRIVERS\lgvzandnetmdm64.sys [2012-05-09 36864] R3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgvzandnetndis64.sys [2012-05-09 94208] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-02 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2011-01-29 77952] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2011-01-29 38016] S0 CSCrySec;InfoWatch Encrypt Sector Library driver;c:\windows\system32\DRIVERS\CSCrySec.sys [2009-12-14 85048] S1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;c:\windows\system32\DRIVERS\CSVirtualDiskDrv.sys [2009-12-14 66104] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-10-20 13616] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-11 29488] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-02-28 203776] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-02-28 354304] S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496] S2 CSObjectsSrv;CryptoStorage control service;c:\program files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-22 743992] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-10 86072] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-03-05 35200] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-30 399432] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088] S3 hpCMSrv;HP Connection Manager 4 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-09-13 1098296] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-03 22544] S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2012-07-20 338536] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-07-20 425064] S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-08-02 878184] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2010-11-29 44672] . . Contents of the 'Scheduled Tasks' folder . 2012-12-09 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-27 00:25] . 2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002Core.job - c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 18:56] . 2012-12-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002UA.job - c:\users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-18 18:56] . 2012-12-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002Core.job - c:\users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 04:26] . 2012-12-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898404426-2694280887-1234077820-1002UA.job - c:\users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-01 04:26] . 2012-12-01 c:\windows\Tasks\HPCeeScheduleForMYRIAMMARCOS-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . 2012-11-28 c:\windows\Tasks\HPCeeScheduleForMyriamMarcos.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 05:15] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\KAVOverlayIcon] @="{dd230880-495a-11d1-b064-008048ec2fc5}" [HKEY_CLASSES_ROOT\CLSID\{dd230880-495a-11d1-b064-008048ec2fc5}] 2012-08-31 06:26 566712 ----a-w- c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\shellex.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-08-02 1128448] . ------- Supplementary Scan ------- . uStart Page = hxxp://yahoo.genieo.com/?v=w3i8 uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: Add to Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 . - - - - ORPHANS REMOVED - - - - . Wow6432Node-HKLM-Run-<NO NAME> - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe AddRemove-xy-VSFilter_is1 - f:\xy-vsfilter\unins000.exe AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{11111111-1111-1111-1111-110011461139}"=hex:51,66,7a,6c,4c,1d,38,12,7f,12,02, 15,23,5f,7f,54,6e,07,52,40,14,18,55,2d "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}"=hex:51,66,7a,6c,4c,1d,38,12,b0,f3,37, dc,52,73,39,0a,e1,a7,25,43,3b,93,ce,af "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:4c,2a,2c,45,64,b6,cd,01 . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,02,9f,7e,1a,16,71,44,8d,dd,8a,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,c8,02,9f,7e,1a,16,71,44,8d,dd,8a,\ . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-09 12:37:20 ComboFix-quarantined-files.txt 2012-12-09 20:37 . Pre-Run: 50,650,619,904 bytes free Post-Run: 50,971,340,800 bytes free . - - End Of File - - 22D55BFA0F01E0BC21D8345CA926484B
  3. Hello, I just wanted to have my PC checked, nothing looks unusual, but many people use this PC so I just want to make sure it's fine. I have read the FAQ already. Thank you for your time. Below are the logs. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 4:04:25 AM, on 12/8/2012 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v9.00 (9.00.8112.16455) Boot mode: Normal Running processes: C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Users\MyriamMarcos\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.genieo.com/?v=w3i8 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT/1 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT/1 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: WeCareReminder - {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe O4 - HKLM\..\Run: [bYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe O4 - HKLM\..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" O4 - HKCU\..\Run: [Google Update] "C:\Users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [Facebook Update] "C:\Users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - Global Startup: McAfee Security Scan Plus.lnk = ? O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing) O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: AMD Reservation Manager - Advanced Micro Devices - C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: RoxioNow Service - Roxio - C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12220 bytes DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 Run by MyriamMarcos at 3:58:02 on 2012-12-08 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3835.1671 [GMT -8:00] . AV: Kaspersky PURE 2.0 *Enabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5} SP: Kaspersky PURE 2.0 *Enabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: Kaspersky PURE 2.0 *Enabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files\IDT\WDM\STacSV64.exe C:\Windows\system32\AUDIODG.EXE C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe C:\Windows\SysWOW64\ezSharedSvcHost.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\SearchIndexer.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpConnectionManager.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Users\MyriamMarcos\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Windows\system32\taskhost.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://yahoo.genieo.com/?v=w3i8 mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll uRun: [Google Update] "C:\Users\MyriamMarcos\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [Facebook Update] "C:\Users\MyriamMarcos\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe mRun: [bYRUA_AGENT] C:\ProgramData\LGMOBILEAX\BYR_Client\VZWUAAgent.exe mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.1.121\SSScheduler.exe mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: EnableShellExecuteHooks = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ie_banner_deny.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\ievkbd.dll IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\klwtbbho.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B} : DHCPNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B}\16474777966696 : DHCPNameServer = 192.168.5.1 TCP: Interfaces\{40290780-B60F-465B-B3D6-E1A406D8768B}\47D6F62696C656 : DHCPNameServer = 66.94.9.120 66.94.25.120 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\ievkbd.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\x64\klwtbbho.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: klogon - C:\Windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2011-1-28 77952] R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2011-1-28 38016] R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\System32\drivers\CSCrySec.sys [2012-12-8 85048] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\System32\drivers\CSVirtualDiskDrv.sys [2012-12-8 66104] R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-10-20 13616] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2011-3-10 29488] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-2-28 203776] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-2-28 354304] R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 2.0\avp.exe [2012-8-30 202328] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe --> C:\Windows\System32\ezSharedSvcHost.exe [?] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168] R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-8 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-8 676936] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-1 46136] R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-7-28 31088] R3 hpCMSrv;HP Connection Manager 4 Service;C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-9-13 1098296] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-8 25928] R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-1 338536] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-20 425064] R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\Windows\System32\drivers\rtl8192ce.sys [2011-5-1 878184] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-1 44672] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072] S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.1.121\McCHSvc.exe [2010-9-2 227232] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 vzandnetdiag;LGE AndroidNet for VZW USB Serial Port;C:\Windows\System32\drivers\lgvzandnetdiag64.sys [2012-5-9 29696] S3 vzandnetdiag2;LGE AndroidNet for VZW Diagnostics Port;C:\Windows\System32\drivers\lgvzandnetdiag264.sys [2012-5-9 29696] S3 vzandnetmodem;LGE AndroidNet for VZW USB Modem;C:\Windows\System32\drivers\lgvzandnetmdm64.sys [2012-5-9 36864] S3 vzandnetndis;LGE AndroidNet for VZW NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgvzandnetndis64.sys [2012-5-9 94208] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-6-1 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2012-12-08 11:44:52 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\offreg.dll 2012-12-08 11:42:35 -------- d-----r- C:\Backup 2012-12-08 11:39:01 85048 ----a-w- C:\Windows\System32\drivers\CSCrySec.sys 2012-12-08 11:39:01 66104 ----a-w- C:\Windows\System32\drivers\CSVirtualDiskDrv.sys 2012-12-08 11:38:09 -------- d-----w- C:\Program Files (x86)\Common Files\InfoWatch 2012-12-08 11:38:04 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-12-08 11:38:04 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab 2012-12-08 11:07:35 -------- d-----w- C:\Users\MyriamMarcos\AppData\Roaming\Malwarebytes 2012-12-08 11:06:59 -------- d-----w- C:\ProgramData\Malwarebytes 2012-12-08 11:06:57 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-12-08 11:06:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-07 23:38:53 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48C02C4A-18F7-4BDA-8999-102C8BA492FC}\mpengine.dll 2012-11-29 20:03:23 -------- d-----r- C:\Program Files (x86)\Skype 2012-11-17 06:51:33 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-11-17 06:51:33 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-11-17 06:51:33 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-11-17 06:51:32 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-11-17 06:51:24 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-11-17 06:48:48 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-11-17 06:48:48 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-11-17 06:48:48 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-11-17 06:48:48 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-11-17 06:48:48 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-11-17 06:48:47 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-11-17 06:48:46 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-11-17 06:48:46 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll 2012-11-17 06:48:46 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-11-17 06:48:46 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-11-17 06:48:45 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-11-17 06:48:45 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-11-15 11:03:39 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 11:03:38 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-15 11:03:38 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-15 11:03:38 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-15 11:00:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-15 11:00:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-15 11:00:53 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-15 11:00:53 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-15 11:00:52 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-15 11:00:51 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-15 11:00:51 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-15 07:55:18 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-15 07:55:18 78336 ----a-w- C:\Windows\SysWow64\synceng.dll . ==================== Find3M ==================== . 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 00:25:37 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 00:25:37 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-09-24 23:32:24 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-09-24 23:32:20 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 3:58:39.75 =============== Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.08.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 MyriamMarcos :: MYRIAMMARCOS-HP [administrator] Protection: Enabled 12/8/2012 3:08:57 AM mbam-log-2012-12-08 (03-08-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 203883 Time elapsed: 3 minute(s), 29 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 18 HKCR\CLSID\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\TypeLib\{44444444-4444-4444-4444-440044464439} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\Interface\{55555555-5555-5555-5555-550055465539} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.BHO.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011461139} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CLSID\{22222222-2222-2222-2222-220022462239} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.Sandbox.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.Sandbox (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CLSID\{33333333-3333-3333-3333-330033463339} (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.FBApi.1 (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.FBApi (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004639.BHO (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\Software\InstalledBrowserExtensions\215 Apps|4639 (PUP.CrossFire.SA) -> Data: SavingsApp -> Quarantined and deleted successfully. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SavingsApp|Publisher (PUP.CrossFire.SA) -> Data: 215 Apps -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 1 C:\Program Files (x86)\SavingsApp (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Files Detected: 9 C:\Program Files (x86)\SavingsApp\SavingsApp.dll (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Users\MyriamMarcos\Downloads\DownloadSetup.exe (Affiliate.Downloader) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\SavingsAppInstaller.log (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\SavingsApp.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\SavingsApp.ico (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\SavingsApp.ini (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\SavingsAppGui.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Program Files (x86)\SavingsApp\Uninstall.exe (PUP.CrossFire.SA) -> Quarantined and deleted successfully. C:\Users\MyriamMarcos\Local Settings\Application Data\SavingsApp\Chrome\SavingsApp.crx (PUP.CrossFire.SA) -> Quarantined and deleted successfully. (end) Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! Kaspersky PURE 2.0 Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java™ 6 Update 37 Java version out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Google Chrome 21.0.1180.83 Google Chrome 21.0.1180.89 Google Chrome 22.0.1229.79 Google Chrome 22.0.1229.94 Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.95 Google Chrome plugins... ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe Kaspersky Lab Kaspersky PURE 2.0 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````
  4. I picked up Avast Antivirus, and did the cleanup of the programs you mentioned above. Thanks for the quick responses.
  5. Here are the logs. --- MBAM Log --- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8039 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/30/2011 12:04:49 AM mbam-log-2011-10-30 (00-04-49).txt Scan type: Quick scan Objects scanned: 339952 Time elapsed: 9 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) --- Eset Scan Log --- C:\System Volume Information\_restore{CDD11AD7-E70D-48D2-A519-972F64F8B2B8}\RP919\A0102959.exe multiple threats C:\System Volume Information\_restore{CDD11AD7-E70D-48D2-A519-972F64F8B2B8}\RP919\A0102960.exe multiple threats C:\System Volume Information\_restore{CDD11AD7-E70D-48D2-A519-972F64F8B2B8}\RP919\A0102961.exe multiple threats C:\System Volume Information\_restore{CDD11AD7-E70D-48D2-A519-972F64F8B2B8}\RP919\A0102962.exe multiple threats --- MBRCheck Log --- MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 118): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xF7ACE000 \WINDOWS\system32\KDCOM.DLL 0xF79DE000 \WINDOWS\system32\BOOTVID.dll 0xF749F000 ACPI.sys 0xF7AD0000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xF748E000 pci.sys 0xF75CE000 isapnp.sys 0xF75DE000 MountMgr.sys 0xF746F000 ftdisk.sys 0xF7AD2000 dmload.sys 0xF7449000 dmio.sys 0xF784E000 PartMgr.sys 0xF75EE000 VolSnap.sys 0xF7392000 iaStor.sys 0xF7856000 cercsr6.sys 0xF737A000 \WINDOWS\System32\Drivers\SCSIPORT.SYS 0xF75FE000 disk.sys 0xF760E000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xF735A000 fltmgr.sys 0xF7348000 sr.sys 0xF785E000 PxHelp20.sys 0xF7331000 KSecDD.sys 0xF72A4000 Ntfs.sys 0xF7277000 NDIS.sys 0xF725D000 Mup.sys 0xF764E000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xF673E000 \SystemRoot\system32\DRIVERS\ati2mtag.sys 0xF672A000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xF66F1000 \SystemRoot\system32\DRIVERS\e1e5132.sys 0xF797E000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xF66CD000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xF7986000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xF66A5000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xF6671000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xF664E000 \SystemRoot\system32\DRIVERS\ks.sys 0xF654F000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xF64A8000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xF798E000 \SystemRoot\System32\Drivers\Modem.SYS 0xF765E000 \SystemRoot\system32\DRIVERS\imapi.sys 0xF694F000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xF693F000 \SystemRoot\system32\DRIVERS\redbook.sys 0xF778E000 \SystemRoot\system32\DRIVERS\Epfwndis.sys 0xF7C17000 \SystemRoot\system32\DRIVERS\audstub.sys 0xF779E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xF71E8000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xF6491000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xF77AE000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xF77BE000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xF7996000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xF6480000 \SystemRoot\system32\DRIVERS\psched.sys 0xF77DE000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xF799E000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xF79A6000 \SystemRoot\system32\DRIVERS\raspti.sys 0xF6450000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xF77FE000 \SystemRoot\system32\DRIVERS\termdd.sys 0xF79AE000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xF79B6000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xF7B04000 \SystemRoot\system32\DRIVERS\swenum.sys 0xF63F2000 \SystemRoot\system32\DRIVERS\update.sys 0xF7A8E000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xF599C000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xF596C000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xF7B64000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xAA6D0000 \SystemRoot\system32\drivers\sthda.sys 0xAA6AC000 \SystemRoot\system32\drivers\portcls.sys 0xF595C000 \SystemRoot\system32\drivers\drmk.sys 0xF7B84000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xF7D1F000 \SystemRoot\System32\Drivers\Null.SYS 0xF7B86000 \SystemRoot\System32\Drivers\Beep.SYS 0xA942C000 \SystemRoot\system32\DRIVERS\ehdrv.sys 0xA5420000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xA3C83000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xA5465000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xF55C6000 \SystemRoot\System32\drivers\vga.sys 0xF7B30000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xF7B32000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xF4DB9000 \SystemRoot\System32\Drivers\Msfs.SYS 0xF4DB1000 \SystemRoot\System32\Drivers\Npfs.SYS 0xF584D000 \SystemRoot\system32\DRIVERS\rasacd.sys 0x9E13E000 \SystemRoot\system32\DRIVERS\ipsec.sys 0x9E0E5000 \SystemRoot\system32\DRIVERS\tcpip.sys 0x9E0D3000 \SystemRoot\system32\DRIVERS\epfwtdi.sys 0x9E0AD000 \SystemRoot\system32\DRIVERS\ipnat.sys 0x9E085000 \SystemRoot\system32\DRIVERS\netbt.sys 0x9FD0C000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xF549B000 \SystemRoot\System32\drivers\ws2ifsl.sys 0x9E063000 \SystemRoot\System32\drivers\afd.sys 0x9FCFC000 \SystemRoot\system32\DRIVERS\netbios.sys 0x9E038000 \SystemRoot\system32\DRIVERS\rdbss.sys 0x9DFC8000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0x9FCEC000 \SystemRoot\System32\Drivers\Fips.SYS 0xF5493000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0x9EFF8000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xF4C2D000 \SystemRoot\system32\DRIVERS\mouhid.sys 0x9DF07000 \SystemRoot\System32\Drivers\dump_iastor.sys 0xBF800000 \SystemRoot\System32\win32k.sys 0xF4C15000 \SystemRoot\System32\drivers\Dxapi.sys 0xF4D79000 \SystemRoot\System32\watchdog.sys 0xBF000000 \SystemRoot\System32\drivers\dxg.sys 0xA33F0000 \SystemRoot\System32\drivers\dxgthk.sys 0xBF012000 \SystemRoot\System32\ati2dvag.dll 0xBF055000 \SystemRoot\System32\ati2cqag.dll 0xBF09B000 \SystemRoot\System32\atikvmag.dll 0xBF0DD000 \SystemRoot\System32\ati3duag.dll 0xBF37E000 \SystemRoot\System32\ativvaxx.dll 0xBF52A000 \SystemRoot\System32\ATMFD.DLL 0x9BE60000 \SystemRoot\system32\DRIVERS\eamon.sys 0x9BE3E000 \SystemRoot\system32\DRIVERS\epfw.sys 0xF7906000 \??\C:\WINDOWS\system32\ZDCNDIS5.sys 0xA2AED000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0x9BD89000 \SystemRoot\system32\drivers\wdmaud.sys 0xF5626000 \SystemRoot\system32\drivers\sysaudio.sys 0x9BB75000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0x9BE06000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0x9B9DD000 \SystemRoot\system32\DRIVERS\srv.sys 0x9B49B000 \SystemRoot\System32\Drivers\HTTP.sys 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 35): 0 System Idle Process 4 System 872 C:\WINDOWS\system32\smss.exe 920 csrss.exe 952 C:\WINDOWS\system32\winlogon.exe 996 C:\WINDOWS\system32\services.exe 1008 C:\WINDOWS\system32\lsass.exe 1188 C:\WINDOWS\system32\ati2evxx.exe 1204 C:\WINDOWS\system32\svchost.exe 1328 svchost.exe 1480 C:\WINDOWS\system32\svchost.exe 1544 svchost.exe 1728 svchost.exe 1892 C:\WINDOWS\system32\spoolsv.exe 356 C:\WINDOWS\explorer.exe 608 C:\WINDOWS\ehome\ehtray.exe 616 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe 628 C:\WINDOWS\stsystra.exe 644 C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe 652 C:\Program Files\ESET\ESET Smart Security\egui.exe 704 C:\Program Files\Common Files\Java\Java Update\jusched.exe 896 C:\WINDOWS\ehome\ehRecvr.exe 972 C:\WINDOWS\ehome\ehSched.exe 1232 C:\Program Files\ESET\ESET Smart Security\ekrn.exe 1596 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe 1576 C:\Program Files\Java\jre6\bin\jqs.exe 2692 C:\WINDOWS\system32\dllhost.exe 2996 alg.exe 3376 C:\WINDOWS\ehome\ehmsas.exe 3200 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe 1200 C:\Program Files\LowerPing\LowerP.EXE 3112 C:\WINDOWS\system32\wuauclt.exe 2204 C:\WINDOWS\system32\ctfmon.exe 1972 C:\WINDOWS\system32\wscntfy.exe 3256 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`036e8e00 (NTFS) PhysicalDrive0 Model Number: ST3250820AS, Rev: 3.ADG Size Device Name MBR Status -------------------------------------------- 232 GB \\.\PhysicalDrive0 Windows XP MBR code detected SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A Done!
  6. Great, I'm able to get on Windows again. What's the next step? do I need to run combofix again? and if i do will all this repeat itself or is it safe now? Posting the combofix log from before my pc went crazy just in case. --- Combofix Log --- ComboFix 11-10-29.06 - Diego Orihuela 10/29/2011 20:06:00.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.489 [GMT -7:00] Running from: c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Desktop\ComboFix.exe AV: ESET Smart Security 4.2 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Visitor.VONGOLA\Application Data\.# c:\program files\ESET\MiNODLogin c:\program files\ESET\MiNODLogin\MiNODLogin.exe c:\program files\ESET\MiNODLogin\MiNODLogin.jar c:\program files\ESET\MiNODLogin\MiNODLoginLib.dll c:\program files\ESET\MiNODLogin\MiNODLoginUninst.exe c:\windows\system32\drivers\1028_DELL_XPS_Dell DM061 .MRK c:\windows\system32\drivers\DELL_XPS_Dell DM061 .MRK c:\windows\XSxS . . ((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-30 ))))))))))))))))))))))))))))))) . . 2011-10-29 07:25 . 2011-10-29 07:25 -------- d-----w- c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Application Data\QuickScan 2011-10-29 07:12 . 2011-10-29 07:12 388096 ----a-r- c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2011-10-29 06:17 . 2011-10-29 06:17 -------- d-----w- c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Application Data\Malwarebytes 2011-10-29 06:17 . 2011-10-29 06:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes 2011-10-29 06:17 . 2011-09-01 00:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-03 00:55 . 2011-10-03 00:56 -------- d-----w- c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Lime PRO 2011-10-02 19:48 . 2011-10-02 19:48 -------- d-----w- c:\program files\Combined Community Codec Pack 2011-10-02 04:39 . 2009-08-19 21:49 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS 2011-10-02 04:27 . 2011-10-02 04:45 -------- d-----w- C:\Netgear 2011-09-30 20:21 . 2011-09-30 20:21 -------- d-----w- c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\ATI 2011-09-30 20:21 . 2011-09-30 20:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ATI 2011-09-30 20:20 . 2011-09-30 20:20 0 ----a-w- c:\windows\ativpsrm.bin 2011-09-30 05:40 . 2011-09-30 05:40 -------- d-----w- C:\ATI . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-10-14 13:56 . 2011-09-23 16:12 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 12:06 . 2010-09-07 08:00 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 09:37 . 2010-09-07 08:00 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 18:41 . 2008-07-30 02:59 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 18:41 . 2004-08-10 11:00 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 18:41 . 2004-08-10 11:00 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12 . 2004-08-10 11:00 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20 . 2004-08-10 11:00 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48 . 2004-08-10 11:00 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48 . 2004-08-10 11:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56 . 2004-08-10 11:00 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49 . 2004-08-10 11:00 138496 ----a-w- c:\windows\system32\drivers\afd.sys 2011-04-29 00:05 . 2011-03-24 16:52 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552] "SigmatelSysTrayApp"="stsystra.exe" [2006-03-20 282624] "ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056] "Qwest 11n Wireless WPS Tool"="c:\program files\Qwest 11n Wireless WPS Tool\WpsCenter.exe" [2010-04-23 1200128] "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-01-12 2219184] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-17 06:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 00:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer] 2009-03-06 00:07 2260480 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Java\\jre1.5.0_06\\bin\\javaw.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"= "c:\\Program Files\\World of Warcraft\\Launcher.exe"= "c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Java\\jre6\\bin\\java.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\Ventrilo\\Ventrilo.exe"= "c:\\Program Files\\FrostWire 5\\FrostWire.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724 . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [12/21/2010 3:04 PM 115008] R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [1/12/2011 4:41 PM 810144] S2 AutoInstallEJCD;Auto Install Eject CD Service;c:\docume~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSVC.exe [5/4/2011 5:40 PM 16384] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2011 10:29 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [6/7/2011 10:29 PM 136176] S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?] S3 QWXN720;Qwest 802.11n XN720 Driver;c:\windows\system32\drivers\WLANUHN.sys [5/4/2011 5:40 PM 453120] . Contents of the 'Scheduled Tasks' folder . 2011-10-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 20:34] . 2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 05:29] . 2011-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-06-08 05:29] . 2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1757981266-839522115-1003Core.job - c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-09 02:31] . 2011-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-220523388-1757981266-839522115-1003UA.job - c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-09 02:31] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com LSP: c:\windows\system32\lp.dll TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\documents and settings\Diego Orihuela.DIEGO-8AD563280\Application Data\Mozilla\Firefox\Profiles\qximtl75.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - user.js: yahoo.homepage.dontask - true . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) HKCU-Run-lime pro - c:\program files\Lime PRO\LimePro.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-10-29 20:14 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'lsass.exe'(1008) c:\windows\system32\lp.dll . Completion time: 2011-10-29 20:16:44 ComboFix-quarantined-files.txt 2011-10-30 03:16 ComboFix2.txt 2010-06-20 22:43 . Pre-Run: 9,735,847,936 bytes free Post-Run: 15,392,776,192 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - BBB54224AE9C95B38F6DC7DE3E41FAC5
  7. I already tried that as I mentioned on my previous post, after the "C:\WINDOWS\ERDNT\SUBS>" prompt I typed in "batch erdnt.con" and then says, The system cannot find the file or directory specified. and C:\WINDOWS\ERDNT\SUBS> is prompted once again. Thanks for all the fast responses
  8. I've gone into the Recovery Console, after it loads it explains what it does and how to exit, then I am prompted: 1: C:\WINDOWS Which Windows Installation would you like to log onto (to cancel, press ENTER)? I Type in 1 to indicate i want to log onto C, then I'm prompted C:\WINDOWS> I then type in FIXBOOT C to get "C:\WINDOWS>FIXBOOT C", then I'm prompted The target partition is C:. Are you sure you want to write a new bootsector to the partition C:? I type in Y for yes, then It says The file system on the startup partition is NTFS. FIXBOOT is writing a new boot sector. The new bootsector was successfully written. It still will not let me get past the welcoming screen. I had already typed in all these before I noticed your next post, so I'll leave it there in case it may be helpful. After I tried what you told me next, I typed in the first bolded text, then at the next promt I typed in the second bolded text, and it said The system cannot find the file or directory specified. and then was prompted again, C:\WINDOWS\ERDNT\SUBS> I still cannot load windows, I keep getting stuck on the welcoming screen.
  9. After pressing F8, I'm sent to a Windows Advanced Options Menu where I pick "Safe Mode" After, I am prompted to select the operating system to start. The three options are: Microsoft Windows Recovery Console do not select this [debugger enabled] Windows XP Media Center Edition I pick Windows XP Media Center Edition, then a black screen appears with multiple lines, followed by what appears to be loading onto safe mode, but then I'm again sent to the sky blue welcome screen that only has the windows logo on the middle of the screen, and says Microsoft Windows XP.
  10. I followed all the steps to run combofix, but after it was done and i received the log my desktop was not restored even after i waited about 10 minutes. I decided to restart it but now it's just stuck on the welcome screen with no options to access my account. Hope you can be of help to fix this new issue. I cannot atm access my pc, so i can't post the combofix log right now.
  11. My computer has been running slower lately without doing any changes to it, and yesterday my WoW account was hacked. I cleared some infected files with my anti-virus, but I want to make sure my computer is clean before I keep using it. --- Malwarebytes Log --- Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Database version: 8039 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 10/28/2011 11:38:17 PM mbam-log-2011-10-28 (23-38-17).txt Scan type: Quick scan Objects scanned: 347795 Time elapsed: 15 minute(s), 13 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 3 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: c:\documents and settings\diego orihuela\application data\smart-shopper (Adware.SmartShopper) -> Quarantined and deleted successfully. c:\documents and settings\diego orihuela\application data\smart-shopper\cs (Adware.SmartShopper) -> Quarantined and deleted successfully. c:\documents and settings\diego orihuela\application data\smart-shopper\cs\dwld (Adware.SmartShopper) -> Quarantined and deleted successfully. Files Infected: c:\documents and settings\diego orihuela\application data\smart-shopper\cs\Config.xml (Adware.SmartShopper) -> Quarantined and deleted successfully. --- DDS Log --- DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29 Run by Diego Orihuela at 23:51:10 on 2011-10-28 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1022.385 [GMT -7:00] . AV: ESET Smart Security 4.2 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ESET Personal firewall *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSVC.exe C:\WINDOWS\eHome\ehRecvr.exe C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoEJCD.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\LowerPing\LowerP.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: FrostWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll uRun: [Google Update] "c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\google\update\GoogleUpdate.exe" /c uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [lime pro] "c:\program files\lime pro\LimePro.exe" -h mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [iAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay mRun: [Qwest 11n Wireless WPS Tool] c:\program files\qwest 11n wireless wps tool\WpsCenter.exe mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [<NO NAME>] mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe" IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll LSP: c:\windows\system32\lp.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{13044C15-0853-46F7-B3F7-69949FD20B91} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{41A51C04-62EA-4524-A564-3FE98F9BB82E} : DhcpNameServer = 192.168.0.1 205.171.3.25 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\diego orihuela.diego-8ad563280\application data\mozilla\firefox\profiles\qximtl75.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - hxxp://go.microsoft.com/fwlink/?LinkId=69157 FF - component: c:\documents and settings\diego orihuela.diego-8ad563280\application data\mozilla\firefox\profiles\qximtl75.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll FF - plugin: c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true ============= SERVICES / DRIVERS =============== . R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2010-12-21 115008] R2 AutoInstallEJCD;Auto Install Eject CD Service;c:\docume~1\diegoo~1.die\locals~1\temp\rarsfx0\AutoInstallEJCDSVC.exe [2011-5-4 16384] R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2011-1-12 810144] R2 ZDCNDIS5;ZDCNDIS5 NDIS6.1 Protocol Driver;c:\windows\system32\ZDCndis5.sys [2011-5-4 29056] R3 LOWERP;LOWERP;c:\program files\lowerping\LowerP.EXE [2011-4-5 3055616] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-7 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-6-7 136176] S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-28 41272] S3 QWXN720;Qwest 802.11n XN720 Driver;c:\windows\system32\drivers\WLANUHN.sys [2011-5-4 453120] . =============== Created Last 30 ================ . 2011-10-29 06:50:32 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-29 06:17:28 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\application data\Malwarebytes 2011-10-29 06:17:22 -------- d-----w- c:\documents and settings\all users.windows\application data\Malwarebytes 2011-10-29 06:17:14 22216 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-10-23 07:44:07 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\application data\Azureus 2011-10-03 01:59:26 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\AskToolbar 2011-10-03 01:42:06 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\FrostWire 2011-10-03 01:34:01 -------- d-----w- c:\windows\system32\wbem\repository\FS 2011-10-03 01:34:00 -------- d-----w- c:\windows\system32\wbem\Repository 2011-10-03 01:04:10 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\.frostwire5 2011-10-03 01:03:05 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\APN 2011-10-03 01:02:56 -------- d-----w- c:\program files\FrostWire 5 2011-10-03 00:55:50 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\Lime PRO 2011-10-02 19:48:16 -------- d-----w- c:\program files\Combined Community Codec Pack 2011-10-02 04:39:35 49904 ----a-r- c:\windows\system32\drivers\BVRPMPR5.SYS 2011-10-02 04:27:28 -------- d-----w- C:\Netgear 2011-09-30 20:21:02 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\ATI 2011-09-30 20:20:26 0 ----a-w- c:\windows\ativpsrm.bin 2011-09-30 05:40:58 -------- d-----w- C:\ATI 2011-09-30 00:59:11 -------- d-----w- c:\documents and settings\diego orihuela.diego-8ad563280\local settings\application data\SWTOR 2011-09-29 18:03:56 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll 2011-09-29 18:03:40 -------- d-----w- c:\program files\EA 2011-09-29 18:03:40 -------- d-----w- c:\program files\common files\BioWare . ==================== Find3M ==================== . 2011-10-14 13:56:21 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-10-03 12:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-10-03 09:37:52 73728 ----a-w- c:\windows\system32\javacpl.cpl 2011-09-26 18:41:20 611328 ----a-w- c:\windows\system32\uiautomationcore.dll 2011-09-26 18:41:20 220160 ----a-w- c:\windows\system32\oleacc.dll 2011-09-26 18:41:14 20480 ----a-w- c:\windows\system32\oleaccrc.dll 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-09-06 13:20:51 1858944 ----a-w- c:\windows\system32\win32k.sys 2011-08-22 23:48:55 916480 ----a-w- c:\windows\system32\wininet.dll 2011-08-22 23:48:54 43520 ------w- c:\windows\system32\licmgr10.dll 2011-08-22 23:48:54 1469440 ------w- c:\windows\system32\inetcpl.cpl 2011-08-22 11:56:39 385024 ------w- c:\windows\system32\html.iec 2011-08-17 13:49:54 138496 ----a-w- c:\windows\system32\drivers\afd.sys . ============= FINISH: 23:52:22.59 =============== --- HJT Log --- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:17:46 AM, on 10/29/2011 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSVC.exe C:\WINDOWS\eHome\ehRecvr.exe C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoEJCD.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ehome\ehtray.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe C:\WINDOWS\stsystra.exe C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Ask.com\Updater\Updater.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\LowerPing\LowerP.EXE C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\msiexec.exe C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: FrostWire Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [Qwest 11n Wireless WPS Tool] C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files\Ask.com\Updater\Updater.exe" O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [lime pro] "C:\Program Files\Lime PRO\LimePro.exe" -h O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Auto Install Eject CD Service (AutoInstallEJCD) - Unknown owner - C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSVC.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LOWERP - LowerPing - C:\Program Files\LowerPing\LowerP.EXE -- End of file - 7672 bytes --- Security Check Log --- Results of screen317's Security Check version 0.99.24 Windows XP Service Pack 3 x86 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Smart Security Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: MVPS Hosts File Malwarebytes' Anti-Malware Java 6 Update 29 Java 2 Runtime Environment, SE v1.4.2_03 Adobe Flash Player 11.0.1.152 Adobe Reader X (10.1.1) Mozilla Firefox (x86 en-US..) ```````````````````````````````` Process Check: objlist.exe by Laurent Malwarebytes' Anti-Malware mbam.exe ``````````End of Log```````````` --- BitDefender Scan Log --- QuickScan Beta 32-bit v0.9.9.99 ------------------------------- Scan date: Sat Oct 29 00:25:58 2011 Machine ID: 8F51DBD No infection found. ------------------- Processes --------- ATI External Event Utility for WindowsN 1196 C:\WINDOWS\system32\ati2evxx.exe AutoEJCD Application 192 C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoEJCD.exe AutoInstallEJCDSvc.exe 2012 C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSvc.exe C-Major Audio 3036 C:\WINDOWS\stsystra.exe ESET Smart Security 3096 C:\Program Files\ESET\ESET Smart Security\egui.exe ESET Smart Security 268 C:\Program Files\ESET\ESET Smart Security\ekrn.exe Google Chrome 3052 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 456 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 2644 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 2496 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 3784 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 3604 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 3560 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Google Chrome 3524 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe Java Platform SE 6 U29 500 C:\Program Files\Java\jre6\bin\jqs.exe Java Platform SE Auto Updater 2 0 3348 C:\Program Files\Common Files\Java\Java Update\jusched.exe LowerP.EXE 3928 C:\Program Files\LowerPing\LowerP.EXE Microsoft Office 2003 3716 C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE Microsoft® Windows® Operating System 3080 C:\WINDOWS\ehome\ehmsas.exe Microsoft® Windows® Operating System 2036 C:\WINDOWS\ehome\ehRecvr.exe Microsoft® Windows® Operating System 236 C:\WINDOWS\ehome\ehSched.exe Microsoft® Windows® Operating System 3008 C:\WINDOWS\ehome\ehtray.exe Microsoft® Windows® Operating System 1888 C:\WINDOWS\system32\spoolsv.exe RAID Event Monitor 3028 C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe RAID Monitor 464 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe Updater 3376 C:\Program Files\Ask.com\Updater\Updater.exe WpsCenter 应用程序 3072 C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe (verified) Microsoft® Windows® Operating System 2860 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 1468 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 924 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 3452 C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System 780 C:\WINDOWS\system32\dllhost.exe (verified) Microsoft® Windows® Operating System 1016 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 1004 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 876 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1728 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1484 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1544 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1312 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1212 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 960 C:\WINDOWS\system32\winlogon.exe (verified) Microsoft® Windows® Operating System 2068 C:\WINDOWS\system32\wuauclt.exe Network activity ---------------- Process ekrn.exe (268) connected on port 80 (HTTP) --> 69.171.228.13 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.224.140 Process ekrn.exe (268) connected on port 80 (HTTP) --> 216.137.35.139 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 80 (HTTP) --> 66.235.142.57 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.53.96 Process ekrn.exe (268) connected on port 80 (HTTP) --> 195.27.252.18 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.86.64.162 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.127.95 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.127.132 Process ekrn.exe (268) connected on port 80 (HTTP) --> 195.27.252.18 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.224.90 Process ekrn.exe (268) connected on port 80 (HTTP) --> 184.28.65.55 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.224.69 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.224.91 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.53.96 Process ekrn.exe (268) connected on port 80 (HTTP) --> 184.28.65.55 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.57 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 80 (HTTP) --> 195.27.252.18 Process ekrn.exe (268) connected on port 80 (HTTP) --> 69.171.229.12 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.224.147 Process ekrn.exe (268) connected on port 80 (HTTP) --> 209.167.231.15 Process ekrn.exe (268) connected on port 80 (HTTP) --> 74.125.224.69 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.48 Process ekrn.exe (268) connected on port 80 (HTTP) --> 66.220.146.36 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.224.131 Process ekrn.exe (268) connected on port 80 (HTTP) --> 216.137.35.139 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.6.95.139 Process ekrn.exe (268) connected on port 80 (HTTP) --> 216.137.35.139 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 80 (HTTP) --> 195.27.252.18 Process ekrn.exe (268) connected on port 80 (HTTP) --> 216.137.35.34 Process ekrn.exe (268) connected on port 80 (HTTP) --> 216.137.35.139 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.57 Process ekrn.exe (268) connected on port 80 (HTTP) --> 96.17.111.42 Process ekrn.exe (268) connected on port 80 (HTTP) --> 23.3.12.195 Process ekrn.exe (268) connected on port 80 (HTTP) --> 195.27.252.18 Process ekrn.exe (268) connected on port 443 (HTTP over SSL) --> 74.125.127.95 Process svchost.exe (1312) listens on ports: 135 (RPC) Autoruns and critical files --------------------------- Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe C-Major Audio C:\WINDOWS\stsystra.exe Catalyst Control Centre C:\Program Files\ATI Technologies\ATI.ACE\cli.exe ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll RAID Event Monitor C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe Updater C:\Program Files\Ask.com\Updater\Updater.exe UpdateTask.exe C:\Program Files\Ask.com\UpdateTask.exe WpsCenter 应用程序 C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe (verified) Google Update C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\GoogleUpdate.exe (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll Browser plugins --------------- AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll Adobe Acrobat C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll BitDefender QuickScan C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll Google Update C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll Java Platform SE 6 U29 c:\program files\java\jre6\bin\jp2ssv.dll Java Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll Java Platform SE 6 U29 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll lp.dll C:\WINDOWS\system32\lp.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\MSWSOCK.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll registryAccess C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.17859_0\background\registryAccess.dll sdhelper.dll c:\program files\spybot - search & destroy\sdhelper.dll TODO: <Product name> C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Application Data\Mozilla\Firefox\Profiles\qximtl75.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll Toolbar c:\program files\ask.com\genericasktoolbar.dll Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll (verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (verified) Microsoft® Windows Live Login Helper c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Missing files ------------- File not found: C:\Program Files\Lime PRO\LimePro.exe --> HKCU\Software\Microsoft\Windows\CurrentVersion\Run\"lime pro" Scan ---- MD5: 78d4896db266107319ce6ff7d5da9727 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Application Data\Mozilla\Firefox\Profiles\qximtl75.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll MD5: 4ce93deb44ca702cae4f0cc27836f47e C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avcodec-53.dll MD5: 9f530de4dccd807f74ff630bf47423c3 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avformat-53.dll MD5: 3c417f8d9dcb1cb06441816123be1bd8 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\avutil-51.dll MD5: 0e003503cadb9c4adc0981c282861d70 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\chrome.dll MD5: 4eb23752b9b2675f43662314d8cc248e C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\icudt.dll MD5: d845fb225b27b996b35f66b2c8f368df C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\pdf.dll MD5: 6fa530875fd2ac4d82b826ef319b9640 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\15.0.874.106\ppGoogleNaClPluginChrome.dll MD5: 1ea4588169c62d46a5ef5062920d50a9 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\Application\chrome.exe MD5: cf118ba396261f8890cea8615d8cfadb C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aaaaaaooaijelonlmbcbjkocdnicdfmo\7.13.0.17859_0\background\registryAccess.dll MD5: f4a569f89a90205a095965ae628625e1 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.99_0\npqscan.dll MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll MD5: 1ecf935bbab892f612bb6e7b946bfd8a C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Temp\RarSFX0\AutoEJCD.exe MD5: 88d02c0bd94e22fa7e3b98e96cb83bad C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Temp\RarSFX0\AutoInstallEJCDSVC.exe MD5: a54da0409503c6993c5e017dc5057483 C:\Documents and Settings\Diego Orihuela.DIEGO-8AD563280\Local Settings\Temp\RarSFX0\MSVCP60.DLL MD5: 1ecf935bbab892f612bb6e7b946bfd8a C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoEJCD.exe MD5: 88d02c0bd94e22fa7e3b98e96cb83bad C:\DOCUME~1\DIEGOO~1.DIE\LOCALS~1\Temp\RarSFX0\AutoInstallEJCDSvc.exe MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe MD5: 9b6e17eb12997a900305faaff409b496 c:\program files\ask.com\genericasktoolbar.dll MD5: e44f11c2ecea47ad1e493a8a79705d7e C:\Program Files\Ask.com\Updater\Updater.exe MD5: 84781c2f441dd0c567e595dbbfb3302f C:\Program Files\Ask.com\UpdateTask.exe MD5: 649e3ab705eb0f3af213dcd4378515cf C:\Program Files\ATI Technologies\ATI.ACE\atiacmxx.dll MD5: 64c4c17bf6a40ff1cd21205e6fd415b8 C:\Program Files\ATI Technologies\ATI.ACE\cli.exe MD5: 8c4ac22616e77925135c221c46dc6307 c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll MD5: 0cf54607b862bf6cdc7eb21be189be84 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe MD5: 77e9ce0672e3d3d0399d9de2c657da2d C:\Program Files\Common Files\Microsoft Shared\office11\mso.dll MD5: d78de5bf832106865f9735951f11c4f1 C:\Program Files\Common Files\Microsoft Shared\office11\riched20.dll MD5: 709ef83d1a6af646ff7a067f70cd6107 C:\Program Files\Common Files\Microsoft Shared\PROOF\1033\MSGR3EN.DLL MD5: f29a80f607703ca1fc5d25993cc7feda C:\Program Files\Common Files\Microsoft Shared\PROOF\MSSPELL3.DLL MD5: 8e756ab173078b74be6f5237cf4eeeff C:\Program Files\Common Files\Microsoft Shared\Smart Tag\1033\STINTL.DLL MD5: 8b688ec768180311d47e93e0fd66b784 C:\Program Files\Common Files\Microsoft Shared\Smart Tag\FNAME.DLL MD5: 6163a64c97ed1f2d9fcf7debcd774501 C:\Program Files\ESET\ESET Smart Security\egui.exe MD5: 8317ca31fd4a52e934424890e80ef771 C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll MD5: 83a10ab070be3da16f0fc30845b550af C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll MD5: 23ad7dfcc67f54b1db733c2e515dc18c C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll MD5: 6f4fcc7731256fdaa1e8cede69e2710a C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll MD5: 60b8e5cb3d0753d51f463b3d4f803a89 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll MD5: b0162501c077ab26ca80261b968451fc C:\Program Files\ESET\ESET Smart Security\eguiScan.dll MD5: 47d7dcfc0c9831eee4d910a5cdbba5a1 C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll MD5: fad237d90c50d6c9a791355ef26fe0ea C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll MD5: 68d91a34ce51cf15c45dd68f7f1257e8 C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe MD5: 191d8eccc40f05b52fac0513f35ba01d C:\Program Files\ESET\ESET Smart Security\ekrn.exe MD5: 649b2e69becddcb6a36a0615737785d1 C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll MD5: 1355c2eb05b2d34609844b00db26694a C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll MD5: 2dd596b47083e279e3d094a29bcd885d C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll MD5: 46b91f6241a81f5b73caa09a2b482091 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll MD5: 4641a3d2d7a587116c45493559110fc6 C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll MD5: c6ef242eed5a18927fd2e673791cf754 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll MD5: 0c35b6def8a65914da992b598d60e422 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll MD5: 1b85bac088f6983b23a7aff254233830 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll MD5: 686b224b4987c22b153fbb545fee9657 C:\Program Files\ESET\ESET Smart Security\MFC80U.DLL MD5: 0570a90cb4d336127899f00d9d3f52a8 C:\Program Files\ESET\ESET Smart Security\updater.dll MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll MD5: 6c094b5c32ef99085cb557809b8e0c0b C:\Program Files\Intel\Intel Matrix Storage Manager\IAAMon_ENU.dll MD5: 3765535734daeb53e783e239e5d6475b C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe MD5: b122be74e283a2bc7febc180bfd2efd5 C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe MD5: 914194c97f00e34074cad76a21f721cf C:\Program Files\Intel\Intel Matrix Storage Manager\ISDI.dll MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: dc365b6e595683f67bc21a203432e336 c:\program files\java\jre6\bin\jp2ssv.dll MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll MD5: e3a7850421a4ab8b15fc174eb587bc6b c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll MD5: 41f40751bc2e23d0a2e65d04949e42b1 C:\Program Files\LowerPing\LowerP.EXE MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: 19dd1387b85bb9d5ca49976a4e71e81f C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll MD5: 198bed114015c2671c88fdc32cdcb21d C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 2dcc680a73cbfec0638a176ed68ecbe5 C:\Program Files\Qwest 11n Wireless WPS Tool\NICDLL.dll MD5: aa5ef0dc5d1dfb4d3bb7ae8e96c57b49 C:\Program Files\Qwest 11n Wireless WPS Tool\Supplicant.dll MD5: 9e44e455eceaddeb25fb80aa1cb3967e C:\Program Files\Qwest 11n Wireless WPS Tool\WpsCenter.exe MD5: b43b46985ac1a4f77e6b73248d138f9a C:\Program Files\Windows Media Player\wmpband.dll MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: 04f893509c03c84f717a83189ed51336 C:\WINDOWS\ehome\ehmsas.exe MD5: 204833701b89e59ecbfd9cd0977b5a54 C:\WINDOWS\eHome\ehProxy.dll MD5: 27434c42a13c11f92ca45840b720d671 C:\WINDOWS\ehome\ehRecvr.exe MD5: 16910f8b482919bb6035ed053b691692 C:\WINDOWS\ehome\ehSched.exe MD5: f90137a9897071ede961a5aba4ea524f C:\WINDOWS\ehome\ehtray.exe MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: e18770ed0ba0ba5bbae0abbe456f3482 C:\WINDOWS\stsystra.exe MD5: 96b8cf2e3ab9fe2c39cf81c31bc7142b C:\WINDOWS\system32\Ati2edxx.dll MD5: c23082b890f21267037ca6111c385ff3 C:\WINDOWS\system32\ati2evxx.exe MD5: 0d582dc5e3f74cea1bf56ba2a925d0f2 C:\WINDOWS\system32\ati2sgag.exe MD5: 0e674f69c754e853119dfa23de2dee86 C:\WINDOWS\system32\BROWSEUI.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.DLL MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\COMSVCS.DLL MD5: be369da2dda97258303abf1b36b40fa4 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys MD5: f5fc6ac1e7bc776871361d463fc86be2 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys MD5: 248dfa5762dde38dfddbbd44149e9d7a C:\WINDOWS\system32\drivers\BVRPMPR5.SYS MD5: 00192f0c612591d585594e9467e6ca8b C:\WINDOWS\system32\DRIVERS\e1e5132.sys MD5: d42dd9021acd47683b33adf21bca49aa C:\WINDOWS\system32\DRIVERS\eamon.sys MD5: fe7824239d132ad9ebd8645fe1199b30 C:\WINDOWS\system32\DRIVERS\ehdrv.sys MD5: 73411c14a8c6062bb6a510772cf2f38c C:\WINDOWS\system32\DRIVERS\epfw.sys MD5: 490329bf80f333e788df9596a752a915 C:\WINDOWS\system32\DRIVERS\Epfwndis.sys MD5: bdde7dd8fcdb1de7e879bb320b0605c0 C:\WINDOWS\system32\DRIVERS\epfwtdi.sys MD5: f59ed5a43b988a18ef582bb07b2327a7 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys MD5: 60e1604729a15ef4a3b05f298427b3b1 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys MD5: 77e4ff0b73bc0aeaaf39bf0c8104231f C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys MD5: 019cf5f31c67030841233c545a0e217a C:\WINDOWS\system32\DRIVERS\iaStor.sys MD5: 1e59aaed42a5e3a5ed86ec403f9c0776 C:\WINDOWS\system32\Drivers\iqvw32.sys MD5: eeaea6514ba7c9d273b5e87c4e1aab30 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys MD5: 40f2031bd9148d3194353ea7dec97a07 C:\WINDOWS\System32\Drivers\PxHelp20.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: 797fcc1d859b203958e915bb82528da9 C:\WINDOWS\system32\drivers\sthda.sys MD5: bee793d4a059caea55d6ac20e19b3a8f C:\WINDOWS\system32\DRIVERS\usb8023.sys MD5: 93ea7d94959bef66d0e4adbc8ce4e073 C:\WINDOWS\system32\DRIVERS\WLANUHN.sys MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: a23b87820e85e5f9cfe62ff8da020365 C:\WINDOWS\system32\lp.dll MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 3306893c1944eaa156e9173c5a1a080e C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL MD5: f6f2bfc17069eb335acceef7595f9302 C:\WINDOWS\system32\MFC42u.DLL MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: 6eaa72fd9ef993ec1fa9a06de65105da C:\WINDOWS\system32\mspmsnsv.dll MD5: e61181be3ddda59ecb344d84f2165f07 C:\WINDOWS\system32\msvidctl.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\MSWSOCK.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll MD5: 03c76895f47a1339a697269000675266 C:\WINDOWS\system32\newdev.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WIN