Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

bidder.tlvmedia.com etc from fake "Flash Player Update"

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 22nd, 2013, 11:46 am

Got duped into downloading a "Flash Player Update" today. Instead of getting the flash update I got a bunch of toolbars, etc. that are now loading with my different broweser (ie, firefox, chrome). One of the toolbars is vafmusic2. I have been able to disable it, but not remove it from my toolbar lists. There are also ads popping up on my home page trying to get me to download the "Flash Player Update" again. Hovering my mouse over the link show a link to bidder.tlvmedia.com/.... I have downloaded and run hijackthis anticipating you would want the log which is listed below. Thanks in advance for your help.

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 10:37:08 AM, on 5/22/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)

FIREFOX: 21.0 (en-US)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LFK\LF30.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\My Downloads\SpywareStuff\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Sing Along - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Vafmusic2 - {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files\Vafmusic2\prxtbVaf0.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Vafmusic2 Toolbar - {7f3f960e-a836-45ca-8911-0accb522246e} - C:\Program Files\Vafmusic2\prxtbVaf0.dll
O4 - HKLM\..\Run: [LFAgent] C:\Program Files\LFK\LF30.exe -start
O4 - HKLM\..\Run: [AT&T Communication Manager] "C:\Program Files\AT&T\Communication Manager\ATTCM.exe" -a
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Ad-Aware Antivirus] "C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher" --windows-run
O4 - HKLM\..\Run: [Ad-Aware Browsing Protection] "C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe"
O4 - HKLM\..\Run: [SBRegRebootCleaner] "C:\Program Files\Ad-Aware Antivirus\SBRC.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SearchProtect] C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: Microangelo Desktop.lnk = C:\Program Files\Microangelo\muamgr.exe
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {EB5FBF0C-B650-41DD-8A69-2A4717FDA737} (TVN20RealPlayActiveX23 Control) - http://50.26.154.14:81/codebase/TVN20Ne ... eX_V23.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\10.0.6\ViProtocol.dll
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll
O23 - Service: Ad-Aware Service - Lavasoft Limited - C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AT&T RcAppSvc (ATTRcAppSvc) - SmithMicro Inc. - C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Search Protect by Conduit Updater (CltMngSvc) - Conduit - C:\Program Files\SearchProtect\bin\CltMngSvc.exe
O23 - Service: CrossLoop Service (CrossLoopService) - CrossLoop - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MoonSQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Ad-Aware (SBAMSvc) - GFI Software - C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6173\SAService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe
O23 - Service: vToolbarUpdater - Unknown owner - C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe (file missing)

--
End of file - 12089 bytes
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am
Advertisement
Register to Remove

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 22nd, 2013, 11:44 pm

Hello moonlighting,

Welcome to the forum! :)

My nickname is pgmigg and I'll be helping you with any malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  1. The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  2. You must have Administrator rights, permissions for this computer.
  3. DO NOT run any other fix or removal tools unless instructed to do so!
  4. DO NOT install any other software (or hardware) during the cleaning process until we are done as well as
    DO NOT Remove, or Scan with anything on your system unless I ask. This adds more items to be researched.
    Extra Additions and Removals of files make the analysis more difficult.
  5. Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  6. Print each set of instructions if possible - your Internet connection will not be available during some fix processes.
  7. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  8. Only reply to this thread, do not start another one. Please, continue responding, until I give you the "All Clean!" :cheers:
    Absence of symptoms does not mean that everything is clear.

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.

Please read all instructions carefully before executing and perform the steps, in the order given.
lf you have any questions or problems executing these instructions, <<STOP>> do not proceed, post back with the question or problem.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start

I would like to draw your attention to THIS LINK because per our policy you should start from running a scan with DDS...

So with the your reply to this post I am waiting for BOTH DDS Logs!


Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 23rd, 2013, 3:09 am

Here are the two logs you requested.
DDS.TXT

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by Administrator at 1:47:35 on 2013-05-23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3062.2006 [GMT -5:00]
.
AV: AVG Anti-Virus Free *Disabled/Outdated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: Lavasoft Ad-Aware *Enabled/Outdated* {964FCE60-0B18-4D30-ADD6-EB178909041C}
FW: Lavasoft Ad-Aware *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
C:\Program Files\SiteAdvisor\6173\SAService.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microangelo\muamgr.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\AD-AWA~1\AdAware.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe
C:\Program Files\SiteAdvisor\6173\SiteAdv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
BHO: <No Name>: {089FD14D-132B-48FC-8861-0048AE113215} - c:\program files\siteadvisor\6173\SiteAdv.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Sing Along: {6492E171-2427-4932-B414-33574A089F5E} - c:\program files\singalong\singalng.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - c:\program files\vafmusic2\prxtbVaf0.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Vafmusic2 Toolbar: {7F3F960E-A836-45CA-8911-0ACCB522246E} - c:\program files\vafmusic2\prxtbVaf0.dll
TB: McAfee SiteAdvisor: {0BF43445-2F28-4351-9252-17FE6E806AA0} - c:\program files\siteadvisor\6173\SiteAdv.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Vafmusic2 Toolbar: {7f3f960e-a836-45ca-8911-0accb522246e} - c:\program files\vafmusic2\prxtbVaf0.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SearchProtect] c:\documents and settings\administrator\application data\searchprotect\bin\cltmng.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AT&T Communication Manager] "c:\program files\at&t\communication manager\ATTCM.exe" -a
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Ad-Aware Antivirus] "c:\program files\ad-aware antivirus\AdAwareLauncher" --windows-run
mRun: [Ad-Aware Browsing Protection] "c:\documents and settings\all users\application data\ad-aware browsing protection\adawarebp.exe"
mRun: [SBRegRebootCleaner] "c:\program files\ad-aware antivirus\SBRC.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\microa~1.lnk - c:\program files\microangelo\muamgr.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {EB5FBF0C-B650-41DD-8A69-2A4717FDA737} - hxxp://50.26.154.14:81/codebase/TVN20Ne ... eX_V23.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{FFC621CA-ECA7-429E-86BB-90F0D9C9D319} : DHCPNameServer = 192.168.1.1
Handler: myrm - {4D034FC3-013F-4b95-B544-44D49ABE3E76} - c:\program files\mcafee\managed virusscan\agent\myRmProt4.9.0.387.dll
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6173\SiteAdv.dll
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\10.0.6\ViProtocol.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - c:\windows\system32\CbFsMntNtf3.dll
SecurityProviders: SecurityProviders = msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.93\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\administrator\application data\mozilla\firefox\profiles\mdn6j4lo.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Vafmusic2 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... 25&UM=2&q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\administrator\application data\mozilla\firefox\profiles\mdn6j4lo.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_7_700_202.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-05-22 10:00; singalong@xenophesoft.com; c:\program files\singalong\FF
FF - ExtSQL: !HIDDEN! 2010-04-29 03:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R1 awlegacy;awlegacy;c:\windows\system32\drivers\AWLEGACY.SYS [2000-9-11 10816]
R3 cbfs3;EldoS Callback File System driver v3;c:\windows\system32\drivers\cbfs3.sys [2012-8-21 299024]
S0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys --> c:\windows\system32\drivers\avgidshx.sys [?]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys --> c:\windows\system32\drivers\avgidsfilterx.sys [?]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys --> c:\windows\system32\drivers\avgidsshimx.sys [?]
S3 cdc_ecm;LGE WirelessSA USB NDIS REVD Device Driver;c:\windows\system32\drivers\cdc_ecm.sys [2010-1-5 45568]
S4 AW_HOST;AW_HOST;c:\windows\system32\drivers\AW_HOST5.SYS [2000-9-11 30398]
.
=============== File Associations ===============
.
FileExt: .scr: scrfile="%1" %*
FileExt: .reg: regfile="%1" %*
ShellExec: pdfvista.exe: Open="c:\program files\pdf complete\pdfvista.exe"
ShellExec: pdfvista.exe: Read="c:\program files\pdf complete\pdfvista.exe"
.
=============== Created Last 30 ================
.
2013-05-22 16:42:21 17408 ----a-w- c:\windows\system32\SYSINFO.oca
2013-05-22 16:42:20 63488 ----a-w- c:\windows\system32\MCI32.oca
2013-05-22 16:42:20 18944 ----a-w- c:\windows\system32\PICCLP32.oca
2013-05-22 16:42:19 166400 ----a-w- c:\windows\system32\MSCHRT20.oca
2013-05-22 16:42:18 64000 ----a-w- c:\windows\system32\RICHTX32.oca
2013-05-22 15:20:03 -------- d-----w- c:\documents and settings\administrator\application data\PriceGong
2013-05-22 15:05:03 -------- d-----w- c:\program files\Uninstaller
2013-05-22 15:04:25 -------- d-----w- c:\program files\Conduit
2013-05-22 15:04:23 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Vafmusic2
2013-05-22 15:04:18 -------- d-----w- c:\program files\Vafmusic2
2013-05-22 15:04:18 -------- d-----w- c:\documents and settings\administrator\local settings\application data\Conduit
2013-05-22 15:03:46 -------- d-----w- c:\documents and settings\administrator\local settings\application data\CRE
2013-05-22 15:03:28 -------- d-----w- c:\documents and settings\administrator\application data\Strongvault
2013-05-22 15:03:17 -------- d-----w- c:\program files\SearchProtect
2013-05-22 15:02:27 -------- d-----w- c:\documents and settings\administrator\application data\SearchProtect
2013-05-22 15:01:56 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2013-05-22 15:01:21 -------- d-----w- c:\program files\Optimizer Pro
2013-05-22 15:01:12 -------- d-sh--w- C:\AI_RecycleBin
2013-05-22 15:00:56 -------- d-----w- c:\program files\SingAlong
.
==================== Find3M ====================
.
2013-05-22 16:42:23 90624 ----a-w- c:\windows\system32\MSHFLXGD.oca
2013-05-22 16:42:22 69632 ----a-w- c:\windows\system32\MSDATLST.oca
2013-05-22 16:42:22 35840 ----a-w- c:\windows\system32\MSADODC.oca
2013-05-22 16:42:21 65536 ----a-w- c:\windows\system32\MSDATGRD.oca
2013-05-15 14:52:47 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-15 14:52:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-05-08 13:52:54 265728 ----a-w- c:\windows\system32\MSCOMCTL.oca
2013-05-08 06:10:12 770384 ----a-w- c:\windows\system32\msvcr100.dll
2013-05-08 06:10:12 421200 ----a-w- c:\windows\system32\msvcp100.dll
2013-04-16 22:17:15 920064 ----a-w- c:\windows\system32\wininet.dll
2013-04-16 22:17:14 43520 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-16 22:17:14 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-12 23:28:55 385024 ----a-w- c:\windows\system32\html.iec
2013-04-10 01:31:19 1876352 ----a-w- c:\windows\system32\win32k.sys
2013-03-20 01:19:58 43008 ----a-w- c:\windows\system32\Tabctl32.oca
2013-03-20 01:19:58 25600 ----a-w- c:\windows\system32\MSCOMM32.oca
2013-03-18 16:58:07 249856 ------w- c:\windows\Setup1.exe
2013-03-18 16:58:06 73216 ----a-w- c:\windows\ST6UNST.EXE
2013-03-18 14:08:29 35840 ----a-w- c:\windows\system32\COMDLG32.oca
2013-03-08 08:36:22 293376 ----a-w- c:\windows\system32\winsrv.dll
2013-03-07 01:32:25 2149888 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-07 00:50:30 2028544 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-04 16:10:03 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-03-04 16:10:00 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-03-04 16:09:59 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-03-04 16:09:59 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-27 07:56:51 2067456 ----a-w- c:\windows\system32\mstscax.dll
.
============= FINISH: 1:59:01.62 ===============

ATTACH.TXT
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume4
Install Date: 27/04/2010 2:27:03 PM
System Uptime: 20/05/2013 10:32:02 AM (63 hours ago)
.
Motherboard: PEGATRON CORPORATION | | 2A73h
Processor: Intel Pentium III Xeon processor | CPU 1 | 2499/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 233 GiB total, 9.865 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 80 GiB total, 0.868 GiB free.
F: is FIXED (NTFS) - 75 GiB total, 0.204 GiB free.
G: is FIXED (NTFS) - 48 GiB total, 0.455 GiB free.
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: PS/2 Compatible Mouse
Device ID: ACPI\PNP0F13\4&B6AFFD&0
Manufacturer: Microsoft
Name: PS/2 Compatible Mouse
PNP Device ID: ACPI\PNP0F13\4&B6AFFD&0
Service: i8042prt
.
==== System Restore Points ===================
.
RP1174: 22/02/2013 3:00:22 AM - Software Distribution Service 3.0
RP1175: 23/02/2013 3:00:24 AM - Software Distribution Service 3.0
RP1176: 24/02/2013 3:00:22 AM - Software Distribution Service 3.0
RP1177: 25/02/2013 3:00:22 AM - Software Distribution Service 3.0
RP1178: 26/02/2013 3:00:22 AM - Software Distribution Service 3.0
RP1179: 27/02/2013 3:00:20 AM - Software Distribution Service 3.0
RP1180: 28/02/2013 3:00:23 AM - Software Distribution Service 3.0
RP1181: 01/03/2013 3:00:23 AM - Software Distribution Service 3.0
RP1182: 02/03/2013 3:00:23 AM - Software Distribution Service 3.0
RP1183: 03/03/2013 3:00:41 AM - Software Distribution Service 3.0
RP1184: 04/03/2013 3:00:27 AM - Software Distribution Service 3.0
RP1185: 04/03/2013 10:09:21 AM - Removed Java 7 Update 13
RP1186: 04/03/2013 11:04:05 AM - Installed Compatibility Pack for the 2007 Office system
RP1187: 05/03/2013 3:00:24 AM - Software Distribution Service 3.0
RP1188: 06/03/2013 3:00:25 AM - Software Distribution Service 3.0
RP1189: 07/03/2013 3:58:18 AM - System Checkpoint
RP1190: 08/03/2013 4:58:18 AM - System Checkpoint
RP1191: 09/03/2013 5:58:18 AM - System Checkpoint
RP1192: 10/03/2013 7:58:18 AM - System Checkpoint
RP1193: 11/03/2013 8:58:18 AM - System Checkpoint
RP1194: 12/03/2013 9:10:19 AM - System Checkpoint
RP1195: 13/03/2013 9:58:18 AM - System Checkpoint
RP1196: 14/03/2013 3:00:23 AM - Software Distribution Service 3.0
RP1197: 15/03/2013 3:28:58 AM - System Checkpoint
RP1198: 16/03/2013 3:00:22 AM - Software Distribution Service 3.0
RP1199: 17/03/2013 3:00:24 AM - Software Distribution Service 3.0
RP1200: 18/03/2013 3:00:24 AM - Software Distribution Service 3.0
RP1201: 19/03/2013 3:00:23 AM - Software Distribution Service 3.0
RP1202: 20/03/2013 3:00:23 AM - Software Distribution Service 3.0
RP1203: 21/03/2013 3:00:19 AM - Software Distribution Service 3.0
RP1204: 22/03/2013 3:00:18 AM - Software Distribution Service 3.0
RP1205: 23/03/2013 3:00:20 AM - Software Distribution Service 3.0
RP1206: 24/03/2013 3:00:18 AM - Software Distribution Service 3.0
RP1207: 25/03/2013 3:00:18 AM - Software Distribution Service 3.0
RP1208: 26/03/2013 3:00:19 AM - Software Distribution Service 3.0
RP1209: 27/03/2013 3:00:18 AM - Software Distribution Service 3.0
RP1210: 28/03/2013 3:00:20 AM - Software Distribution Service 3.0
RP1211: 29/03/2013 3:00:18 AM - Software Distribution Service 3.0
RP1212: 30/03/2013 3:00:19 AM - Software Distribution Service 3.0
RP1213: 31/03/2013 3:00:20 AM - Software Distribution Service 3.0
RP1214: 01/04/2013 3:22:00 AM - Software Distribution Service 3.0
RP1215: 02/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1216: 03/04/2013 3:00:20 AM - Software Distribution Service 3.0
RP1217: 04/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1218: 05/04/2013 3:00:23 AM - Software Distribution Service 3.0
RP1219: 06/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1220: 07/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1221: 08/04/2013 3:00:23 AM - Software Distribution Service 3.0
RP1222: 09/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1223: 10/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1224: 11/04/2013 3:42:48 AM - System Checkpoint
RP1225: 12/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1226: 13/04/2013 3:00:19 AM - Software Distribution Service 3.0
RP1227: 14/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1228: 15/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1229: 16/04/2013 3:00:18 AM - Software Distribution Service 3.0
RP1230: 17/04/2013 3:00:25 AM - Software Distribution Service 3.0
RP1231: 18/04/2013 3:00:19 AM - Software Distribution Service 3.0
RP1232: 19/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1233: 20/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1234: 21/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1235: 22/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1236: 23/04/2013 3:00:25 AM - Software Distribution Service 3.0
RP1237: 24/04/2013 3:00:19 AM - Software Distribution Service 3.0
RP1238: 25/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1239: 26/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1240: 27/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1241: 28/04/2013 3:00:22 AM - Software Distribution Service 3.0
RP1242: 29/04/2013 3:00:21 AM - Software Distribution Service 3.0
RP1243: 30/04/2013 3:00:23 AM - Software Distribution Service 3.0
RP1244: 01/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1245: 02/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1246: 03/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1247: 04/05/2013 3:00:23 AM - Software Distribution Service 3.0
RP1248: 05/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1249: 06/05/2013 3:00:22 AM - Software Distribution Service 3.0
RP1250: 07/05/2013 3:00:23 AM - Software Distribution Service 3.0
RP1251: 08/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1252: 09/05/2013 3:00:21 AM - Software Distribution Service 3.0
RP1253: 10/05/2013 3:00:22 AM - Software Distribution Service 3.0
RP1254: 11/05/2013 3:00:28 AM - Software Distribution Service 3.0
RP1255: 12/05/2013 3:00:42 AM - Software Distribution Service 3.0
RP1256: 13/05/2013 3:00:30 AM - Software Distribution Service 3.0
RP1257: 14/05/2013 3:00:28 AM - Software Distribution Service 3.0
RP1258: 15/05/2013 3:00:23 AM - Software Distribution Service 3.0
RP1259: 16/05/2013 3:00:19 AM - Software Distribution Service 3.0
RP1260: 17/05/2013 3:45:18 AM - System Checkpoint
RP1261: 18/05/2013 3:00:24 AM - Software Distribution Service 3.0
RP1262: 19/05/2013 3:01:03 AM - Software Distribution Service 3.0
RP1263: 20/05/2013 10:35:57 AM - Software Distribution Service 3.0
RP1264: 21/05/2013 3:00:19 AM - Software Distribution Service 3.0
RP1265: 22/05/2013 3:00:17 AM - Software Distribution Service 3.0
RP1266: 22/05/2013 10:05:26 AM - Removed Strongvault Online Backup
.
==== Installed Programs ======================
.
Ad-Aware Antivirus
Ad-Aware Browsing Protection
Adobe Audition 1.5
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.5.2
Adobe SVG Viewer
Ahead Nero Burning ROM
AlphaNumeric LED ActiveX
amWavePro
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Communication Manager
Audacity 2.0.2
Avery DesignPro
Avery Template
Bonjour
Business Contact Manager for Outlook 2007 SP2
BW Media OCX 1.2
CCleaner
Compatibility Pack for the 2007 Office system
Cool Edit Pro v1.2a
Coupon Printer for Windows
CrossLoop 2.82
Crowd Control
CSVed
DBImport ActiveX 2.0
dBpowerAMP Music Converter
DesignPro 5
DiskAid 5.31
eMMA The E-Mail Message Assistant
FLV Player
Free M4a to MP3 Converter 7.1
Google Chrome
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
GSplit 3
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB958756)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Deskjet 2050 J510 series Basic Device Software
HP Deskjet 2050 J510 series Help
HP Help and Support
HP Photo Creations
HP Update
HsSmsDll 1.1 Evaluation Version
iExplorer 3.0.1.8
iFunbox (v2.0.2150.728), iFunbox DevTeam
indii.org/tintii
Inno Setup version 5.4.2
Intel(R) Graphics Media Accelerator Driver
InterVideo WinDVD
IrfanView (remove only)
iTunes
Java 7 Update 15
Java Auto Updater
Java(TM) 6 Update 34
Java(TM) 6 Update 7
LG USB Drivers
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Malwarebytes' Anti-Malware
McAfee Browser Protection Service
Microangelo 5.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Help Viewer 1.0
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 97, Professional Edition
Microsoft Office Small Business Connectivity Components
Microsoft Office XP Professional with FrontPage
Microsoft Plus! for Windows XP
Microsoft Silverlight
Microsoft SMS Sender
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual Basic 2010 Express - ENU
Microsoft Visual Basic 6.0 Professional Edition
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Web Publishing Wizard 1.53
Microsoft Windows Theme Nunavut
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MSDN Library - Visual Studio 6.0a
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6.0 Parser
MySQL Connector C 6.0.2
MySQL Connector C++ 1.1.0
MySQL Connector J
MySQL Connector Net 6.4.4
MySQL Connector/ODBC 3.51
MySQL Connector/ODBC 5.1
MySQL Documents 5.5
MySQL Examples and Samples 5.5
MySQL Installer
MySQL Provider
MySQL Server 5.5
MySQL Workbench 5.2 CE
MZ-Tools 3.0 for VB 6.0
OGA Notifier 2.0.0048.0
On the Guard II
OstroSoft SMTP Component
Paint Shop Pro 7
PDF Complete
Prism Video File Converter
QuickTime
Ready Reference CD
Realtek High Definition Audio Driver
Search Protect by conduit
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual Basic 2010 Express - ENU (KB2251489)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2809289)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2829530)
Security Update for Windows Internet Explorer 8 (KB2847204)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2753842)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2761226)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SereneScreen Aquarium
Service Pack 1 for SQL Server 2008 (KB968369)
Sheridan ActiveThreed Plus 3.01
Sing Along
Software Key Lok II Setup
Spybot - Search & Destroy
Sql Server Customer Experience Improvement Program
Symantec pcAnywhere
System Requirements Lab for Intel
TeamViewer 8
TONKA Search & Rescue 2
UltraEdit-32 Uninstall
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vafmusic2 Toolbar
VBVoice 4.2
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
Weather Defender
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Presentation Foundation
WinRAR 4.20 (32-bit)
WinZip
Wise Installation System 6.0
Wise InstallMaster 8.1
XML Paper Specification Shared Components Pack 1.0
.
==== Event Viewer Messages From Past Week ========
.
19/05/2013 4:03:35 AM, error: Service Control Manager [7034] - The Ad-Aware service terminated unexpectedly. It has done this 1 time(s).
18/05/2013 8:04:06 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
18/05/2013 8:04:06 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
18/05/2013 3:05:31 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4 (KB2463332).
18/05/2013 3:04:35 AM, error: Service Control Manager [7024] - The SQL Server (MSSMLBIZ) service terminated with service-specific error 3417 (0xD59).
16/05/2013 8:09:03 AM, error: BROWSER [8007] - The browser was unable to update the service status bits. The data is the error.
16/05/2013 6:43:22 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSHX EterlogicVirtualSerialDriver
16/05/2013 6:42:14 PM, error: Service Control Manager [7000] - The vToolbarUpdater service failed to start due to the following error: The system cannot find the file specified.
16/05/2013 6:42:14 PM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 23rd, 2013, 2:34 pm

Hello moonlighting,

Thank you for proper logs. :) Let continue...

Step 1.
Run CKScanner
  1. Please download CKScanner from Here
  2. Important: - Save it to your Desktop.
  3. Double-click on CKScanner.exe to run it, then click Search For Files.
  4. After a very short time, when the cursor hourglass disappears, click Save List To File.
  5. A message box will verify the file saved.
  6. Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Step 2.
Run CodeCheck Scan
  1. Please download codecheck from here to your Desktop.
  2. Make sure that codecheck.exe is on the your Desktop before running the application!
  3. Double-click on codecheck.exe.
  4. After a very short time a codecheck.txt icon will appear on your Desktop
  5. Double-click on the codecheck.txt icon on your Desktop and copy/paste the contents in your next reply.

Then
Please tell me is this computer used for business purposes and connected to a business or educational network?
I need to know it - so I can provide the proper instructions.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of a log created by CKFiles.txt
  3. Contents of the codecheck.txt log file
  4. Answers for my questions related to type of using of your computer .
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 12:44 am

CKFILES.TXT
CKScanner 2.3 - Additional Security Risks - These are not necessarily bad
c:\icons\iconholic\cracker.ico
scanner sequence 3.AP.11.KBCPRA
----- EOF -----

CODECHECK.TXT
Codecheck Version 1.0

05023



Do you have any problems executing the instructions?
No, the instructions have been very clear thus far.

Answers for my questions related to type of using of your computer .
I am using a home based pc. It is not part of any business or academic network or infrastructure.

Do you see any changes in computer behavior?
I am still getting ad popups in Internet Explorer from ad.extendmedia.com and ad.yieldmanager.com and bidder.tlvmedia.com (I am seeing these .com addresses when I hover my mouse over the ad to see the link at the bottom of the browser. I have not clicked on any of the ads.)
I have not really noticed any changes in computer behavior.
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 24th, 2013, 9:53 am

Hello moonlighting,

WARNING:
Multiple Anti Virus programs detected
  1. It looks like you are operating your computer with multiple Anti Virus programs installed at once:
    AVG Anti-Virus
    Lavasoft Ad-Aware
  2. Running - more than one - antivirus program is not recommended because:
    1. They can conflict with each other.
    2. Report the other antivirus software as malicious.
    3. Antivirus programs use an enormous amount of computer's resources... actively scanning your computer.
    4. Can cause your computer to run slowly, become unstable and crash.
  3. I strongly suggest you uninstall one of them. Which one, is your decision.

For safety reason (to have a good registry to restore if needed), I will ask you to create a System Restore Point (SRP) before most of my instructions sets...

Step 0.
Create a New System Restore Point.
  1. Click Start, select All Programs -> Accessories -> System Tools, then press System Restore.
  2. At the Welcome screen select Create a restore point and then press Next.
  3. In the description box, type a name to describe this restore point.
      System Restore automatically adds (to your description) the current date and time.
  4. Click Create to finish creating this restore point.
  5. Click Close to exit System Restore.
Unless you use some other method to create system restore points, it is advisable to leave this feature ON and active.

If you have successfully created a System Restore Point, we can proceed.
STOP! If you have NOT successfully created a System Restore Point... STOP! do not go any further!
Please post back so we can determine why it was unsuccessful.

Step 1.
Spybot S&D Teatimer

From your log I can see this that you are running a Spybot S&D Teatimer. This might interfere with fixes we are about to do so we need to disable it.

Disable Spybot's TeaTimer. This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new versions starting from 1.5, please click once on Resident Protection, then right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.

Step 2.
Add/Remove Programs
I need you to uninstall some programs from your computer.
  1. Click Start -> Run.
  2. Copy and paste the value below, into the open text entry box:
    appwiz.cpl
  3. Click the OK. It takes a few seconds for the program list to be populated.
  4. Locate the following program(s):
    Coupon Printer for Windows
    Java 7 Update 15
    Java Auto Updater
    Java(TM) 6 Update 34
    Java(TM) 6 Update 7
    Search Protect by conduit
    Vafmusic2 Toolbar
  5. Press the "Remove" or "Change/Remove" button to uninstall the program.
    Carefully read any prompts...
    Some uninstallers prompt in a way to trick you into keeping the program, sometimes, preventing them from being uninstalled again!
    Don't worry if you can not find all programs from the list - some may not have an uninstall feature or may have been removed in previous steps.
  6. Repeat steps 4 - 5 for each program in the list.
  7. When finished, close/exit Add/Remove Programs.

Step 3.
Image Junkware Removal Tool
  1. Please download Junkware Removal Tool and save JRT.exe to your Desktop.
  2. Shut down your protection software as shown in This topic now to avoid potential conflicts.
  3. Double-click on JRT.exe to run it - the tool will open and start scanning your system.
  4. Please be patient as this can take a while to complete depending on your system's specifications.
  5. On completion, a log file JRT.txt is saved to your desktop and will automatically open.
  6. Please post the contents of JRT.txt into your next reply.

Step 4.
OTL - Download
Please download OTL.exe by Old Timer and save it to your Desktop.

OTL Scan
Important! Close all applications and windows so that you have nothing open and are at your Desktop.
  1. Double-click on OTL.exe to run it.
  2. Under Output, ensure that Standard Output is selected.
  3. Check the boxes labeled:
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
  4. Click on Run Scan at the top left hand corner.
  5. When done, two Notepad files will open.
    • OTL.txt <-- Will be opened, maximized
    • Extras.txt <-- Will be minimized on task bar.
  6. Please post the contents of both OTL.txt and Extras.txt files in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the JRT.txt log file
  3. Contents of OTL.txt log file
  4. Contents of Extras.txt log file
  5. Do you see any changes in computer behavior?

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 11:38 am

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Microsoft Windows XP x86
Ran by Administrator on 24/05/2013 at 9:55:45.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sbregrebootcleaner
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\babylon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\escort.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\viprotocol.dll
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\bbylntlbr.bbylntlbrhlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\protocols\handler\viprotocol
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\viprotocol.viprotocolole.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\ctTOOLBAR.ctToolBarCtrl.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\classes\Toolbar.CT3294791



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\pricegong"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Application Data\strongvault"
Successfully deleted: [Folder] "C:\Documents and Settings\Administrator\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\optimizer pro"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
Successfully deleted: [Folder] "C:\ai_recyclebin"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml"
Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\mdn6j4lo.default\user.js
Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\mdn6j4lo.default\searchplugins\askcom.xml
Successfully deleted: [File] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\mdn6j4lo.default\searchplugins\conduit.xml
Successfully deleted: [Folder] C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\mdn6j4lo.default\extensions\LogMeInClient@logmein.com
Successfully deleted the following from C:\Documents and Settings\Administrator\Application Data\mozilla\firefox\profiles\mdn6j4lo.default\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3294791&octid=CT3294791&SearchSource=61&CUI=UN34085625262262725&UM=2&UP=SPB4D2EF62-1E2C-44F6-BB7B
user_pref("Smartbar.ConduitSearchEngineList", "Vafmusic2 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN34085625262262725&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=KW_ss&mntrId=3e6d00b6000000000000002481cb0e60&q=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3294791");
user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
user_pref("browser.search.defaultthis.engineName", "Vafmusic2 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&CUI=UN34085625262262725&UM=2&SearchSource=3&q={searchTerms}");
user_pref("browser.search.order.1", "Search the web (Babylon)");
user_pref("browser.search.selectedEngine", "Vafmusic2 Customized Web Search");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109935&tt=060612_5_");
user_pref("extensions.BabylonToolbar_i.hardId", "3e6d00b6000000000000002481cb0e60");
user_pref("extensions.BabylonToolbar_i.id", "3e6d00b6000000000000002481cb0e60");
user_pref("extensions.BabylonToolbar_i.instlDay", "15510");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109935&tt=060612_5_&babsrc=NT_ss&mntrId=3e6d00b6000000000000002481cb0e60");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:59:58");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms}");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3294791&SearchSource=2&CUI=UN34085625262262725&UM=2&q=");
user_pref("smartbar.machineId", "I/USYYBXNPTEIMPVFPUMAPC0BNWDBE7ZS2DMVT+NYGSEMUHKZBU5YLL+LVOHAN3472XSTNGOF8L4ILCDB9N+AA");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/05/2013 at 9:59:39.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 11:38 am

OTL logfile created on: 24/05/2013 10:11:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.13% Memory free
4.83 Gb Paging File | 4.30 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 9.82 Gb Free Space | 4.22% Space Free | Partition Type: NTFS
Drive E: | 80.00 Gb Total Space | 0.87 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NTFS

Computer Name: MOONLIGHTINGPRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
PRC - [2012/05/03 18:37:50 | 020,221,792 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Ad-Aware Antivirus\AdAware.exe
PRC - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
PRC - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
PRC - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
PRC - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
PRC - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
PRC - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
PRC - [2008/04/14 07:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) -- C:\Program Files\PDF Complete\pdfsvc.exe
PRC - [2000/09/11 05:01:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Microangelo\muamgr.exe
PRC - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Modules (No Company Name) ==========

MOD - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe
MOD - [2012/02/05 13:41:50 | 000,181,616 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libMachoUniv.dll
MOD - [2012/02/05 13:41:48 | 000,210,288 | ---- | M] () -- C:\Program Files\Ad-Aware Antivirus\Definitions\libBase64.dll
MOD - [2011/09/27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/09/27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () -- C:\Program Files\SiteAdvisor\6173\SAService.exe
MOD - [2008/08/07 07:23:24 | 000,025,088 | ---- | M] () -- C:\Program Files\McAfee\Managed VirusScan\Agent\Res\0409\AgtRes_l.dll
MOD - [2000/09/20 14:59:04 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\muadisp.dll
MOD - [2000/09/11 05:01:58 | 000,040,960 | ---- | M] () -- C:\Program Files\Microangelo\muamgr.exe
MOD - [1997/07/11 00:00:00 | 003,782,416 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\MSO97.DLL
MOD - [1997/07/11 00:00:00 | 000,051,984 | ---- | M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\10.0.6\ToolbarUpdater.exe -- (vToolbarUpdater)
SRV - [2013/05/17 12:07:26 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/15 09:52:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 04:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012/05/03 18:37:54 | 001,226,096 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe -- (Ad-Aware Service)
SRV - [2012/03/30 10:49:44 | 008,174,080 | ---- | M] () [Auto | Running] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MoonSQL)
SRV - [2012/01/06 08:35:22 | 000,569,072 | ---- | M] (CrossLoop) [Auto | Running] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe -- (CrossLoopService)
SRV - [2011/12/19 13:20:06 | 003,289,032 | ---- | M] (GFI Software) [Auto | Stopped] -- C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe -- (SBAMSvc)
SRV - [2010/07/21 07:50:26 | 000,814,080 | ---- | M] (GlavSoft LLC.) [On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe -- (tvnserver)
SRV - [2010/03/16 15:13:45 | 000,341,280 | ---- | M] () [Auto | Running] -- C:\Program Files\SiteAdvisor\6173\SAService.exe -- (SiteAdvisor Service)
SRV - [2010/01/25 16:57:54 | 000,121,416 | ---- | M] (SmithMicro Inc.) [On_Demand | Stopped] -- C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe -- (ATTRcAppSvc)
SRV - [2009/02/20 09:46:52 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)
SRV - [2008/08/07 07:57:54 | 000,202,048 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe -- (myAgtSvc)
SRV - [2008/04/07 10:10:52 | 000,576,024 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2001/02/14 10:00:00 | 000,106,552 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE -- (awhost32)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\xiypeuit.sys -- (vspawbrj)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- C:\DOCUME~1\Kevin\LOCALS~1\Temp\VSPE.sys -- (EterlogicVirtualSerialDriver)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsshimx.sys -- (AVGIDSShim)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\avgidshx.sys -- (AVGIDSHX)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\avgidsfilterx.sys -- (AVGIDSFilter)
DRV - [2012/04/09 16:27:34 | 000,299,024 | ---- | M] (EldoS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cbfs3.sys -- (cbfs3)
DRV - [2011/12/19 12:44:24 | 000,335,224 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SbFw.sys -- (SbFw)
DRV - [2011/12/19 12:44:24 | 000,217,976 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbtis.sys -- (sbtis)
DRV - [2011/12/19 12:44:24 | 000,093,816 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sbhips.sys -- (sbhips)
DRV - [2011/11/29 06:59:52 | 000,077,816 | ---- | M] (GFI Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\sbapifs.sys -- (sbapifs)
DRV - [2011/11/29 06:59:48 | 000,021,240 | ---- | M] (GFI Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\sbaphd.sys -- (sbaphd)
DRV - [2011/10/26 14:23:40 | 000,101,112 | ---- | M] (GFI Software) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\SBREDrv.sys -- (SBRE)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCLMP)
DRV - [2011/09/29 12:16:18 | 000,094,584 | ---- | M] (GFI Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbFwIm.sys -- (SBFWIMCL)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2011/05/15 23:29:58 | 000,063,712 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2010/01/25 16:50:24 | 000,024,064 | ---- | M] (Bytemobile, Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\tcpipBM.sys -- (tcpipBM)
DRV - [2010/01/25 16:49:36 | 000,032,408 | ---- | M] (Smith Micro Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCTINDIS5.sys -- (PCTINDIS5)
DRV - [2010/01/05 11:50:40 | 000,027,520 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdmodem.sys -- (USBSADModem)
DRV - [2010/01/05 11:50:40 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbdobex.sys -- (UsbSADObex)
DRV - [2010/01/05 11:50:40 | 000,019,072 | ---- | M] (Icera Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgcpo.sys -- (lgcpo)
DRV - [2010/01/05 11:50:38 | 000,058,624 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dc_enum.sys -- (USBSANDIS)
DRV - [2010/01/05 11:50:38 | 000,045,568 | ---- | M] (Jungo) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cdc_ecm.sys -- (cdc_ecm)
DRV - [2010/01/05 11:50:38 | 000,022,400 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lgusbddiag.sys -- (UsbSADDiag)
DRV - [2009/03/30 04:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008/08/22 10:05:42 | 000,026,760 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\swmsflt.sys -- (swmsflt)
DRV - [2008/04/14 02:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 19:04:34 | 000,019,455 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wVchNTxx.sys -- (iAimFP4)
DRV - [2008/04/13 19:04:32 | 000,012,063 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wSiINTxx.sys -- (iAimFP3)
DRV - [2008/04/13 19:04:30 | 000,033,599 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV04nt.sys -- (iAimTV3)
DRV - [2008/04/13 19:04:30 | 000,029,311 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV01nt.sys -- (iAimTV0)
DRV - [2008/04/13 19:04:30 | 000,025,471 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV10nt.sys -- (iAimTV5)
DRV - [2008/04/13 19:04:30 | 000,023,615 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wCh7xxNT.sys -- (iAimTV4)
DRV - [2008/04/13 19:04:30 | 000,022,271 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV06nt.sys -- (iAimTV6)
DRV - [2008/04/13 19:04:30 | 000,019,551 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wATV02NT.sys -- (iAimTV1)
DRV - [2008/04/13 19:04:28 | 000,161,020 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i81xnt5.sys -- (i81x)
DRV - [2008/04/13 19:04:28 | 000,012,415 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV01nt.sys -- (iAimFP0)
DRV - [2008/04/13 19:04:28 | 000,012,127 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV02NT.sys -- (iAimFP1)
DRV - [2008/04/13 19:04:28 | 000,011,871 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV09NT.sys -- (iAimFP7)
DRV - [2008/04/13 19:04:28 | 000,011,807 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV07nt.sys -- (iAimFP5)
DRV - [2008/04/13 19:04:28 | 000,011,775 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV05NT.sys -- (iAimFP2)
DRV - [2008/04/13 19:04:28 | 000,011,295 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wADV08NT.sys -- (iAimFP6)
DRV - [2008/01/03 17:10:16 | 000,105,856 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007/11/06 12:23:56 | 004,622,848 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2007/08/23 06:29:48 | 000,106,792 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2007/08/23 06:29:48 | 000,080,552 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdbus.sys -- (sscdbus)
DRV - [2007/08/23 06:29:48 | 000,011,944 | R--- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2004/04/01 16:30:46 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/04/04 01:32:06 | 000,028,416 | R--- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\symmpi.sys -- (Symmpi)
DRV - [2001/08/17 15:54:20 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2001/08/17 15:54:20 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2000/09/11 10:00:00 | 000,030,398 | ---- | M] (Symantec Corporation) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\AW_HOST5.SYS -- (AW_HOST)
DRV - [2000/09/11 10:00:00 | 000,014,032 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\GERNUWA.SYS -- (Gernuwa)
DRV - [2000/09/11 10:00:00 | 000,010,816 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AWLEGACY.SYS -- (awlegacy)
DRV - [2000/04/04 13:27:38 | 000,019,824 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\Parclass.sys -- (Parclass)
DRV - [1997/12/22 20:02:46 | 000,023,936 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search


IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.hp.com

IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f%7D:4.9.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/05/17 12:07:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/05/24 09:45:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{1650a312-02bc-40ee-977e-83f158701739}: C:\Program Files\SiteAdvisor\6173\FF\ [2010/03/16 15:13:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\singalong@xenophesoft.com: C:\Program Files\SingAlong\FF\ [2013/05/22 10:00:56 | 000,000,000 | ---D | M]

[2010/07/22 21:03:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2010/04/27 19:24:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013/05/24 09:58:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions
[2011/07/24 22:12:30 | 000,000,000 | ---D | M] (MR Tech Toolkit) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
[2012/04/04 22:53:27 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/02/10 12:37:18 | 000,137,731 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\extensions\{79c50f9a-2ffe-4ee0-8a37-fae4f5dacd4f}.xpi
[2013/05/24 09:48:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/05/17 12:07:27 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/03/14 22:01:53 | 000,003,766 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://search.conduit.com/?ctid=CT32947 ... 10110&UM=2
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.93\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.93\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\27.0.1453.93\pdf.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/14 23:10:29 | 000,000,083 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Sing Along) - {6492E171-2427-4932-B414-33574A089F5E} - C:\Program Files\SingAlong\singalng.dll (Xenophesoft)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited)
O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AT&T Communication Manager] C:\Program Files\AT&T\Communication Manager\ATTCM.exe (ATT)
O4 - HKLM..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe" File not found
O4 - HKLM..\RunOnce: [SpUninstallCleanUp] REG delete HKEY_CURRENT_USER\Software\SearchProtect /f File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microangelo Desktop.lnk = C:\Program Files\Microangelo\muamgr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {EB5FBF0C-B650-41DD-8A69-2A4717FDA737} http://50.26.154.14:81/codebase/TVN20Ne ... eX_V23.cab (TVN20RealPlayActiveX23 Control)
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FFC621CA-ECA7-429E-86BB-90F0D9C9D319}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.387.dll (McAfee, Inc.)
O18 - Protocol\Handler\siteadvisor {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - C:\Program Files\SiteAdvisor\6173\SiteAdv.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O21 - SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O22 - SharedTaskScheduler: {5FF49FE8-B332-4CB9-B102-FB6951629E55} - Virtual Storage Mount Notification - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/07/17 20:30:10 | 000,000,000 | ---D | M] - C:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2005/07/16 14:27:54 | 000,000,000 | -H-- | M] () - E:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2005/12/19 14:09:06 | 000,000,000 | ---D | M] - E:\AutoPlay Menu Studio 3.0 -- [ NTFS ]
O32 - AutoRun File - [2002/06/06 00:36:20 | 000,000,000 | -H-- | M] () - F:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/05/24 09:55:42 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/05/24 09:55:02 | 000,000,000 | ---D | C] -- C:\JRT
[2013/05/24 09:54:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/22 10:05:03 | 000,000,000 | ---D | C] -- C:\Program Files\Uninstaller
[2013/05/22 10:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE
[2013/05/22 10:01:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2013/05/22 10:00:56 | 000,000,000 | ---D | C] -- C:\Program Files\SingAlong
[2013/05/17 12:07:03 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/03/26 21:53:55 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_635.exe
[2012/01/25 20:36:44 | 000,726,008 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_438.exe
[2012/01/04 01:14:09 | 001,393,736 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Administrator\gotomypc_626.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/05/24 10:06:01 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/05/24 10:01:15 | 000,000,338 | ---- | M] () -- C:\WINDOWS\tasks\lf.job
[2013/05/24 09:54:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2013/05/24 09:52:51 | 000,000,384 | ---- | M] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/24 09:52:01 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/05/24 09:44:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011UA.job
[2013/05/24 09:39:01 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/05/24 09:37:35 | 000,001,675 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware Antivirus.lnk
[2013/05/24 09:36:31 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/05/24 09:36:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/05/24 09:35:58 | 3210,985,472 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/24 00:06:22 | 000,001,873 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2013/05/23 22:16:19 | 000,025,088 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/23 14:25:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1920358730-1913087698-391787831-1011Core.job
[2013/05/23 13:56:00 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\DealPlyUpdate.job
[2013/05/22 11:55:44 | 000,003,141 | ---- | M] () -- C:\WINDOWS\UEDIT32.INI
[2013/05/22 11:42:23 | 000,090,624 | ---- | M] () -- C:\WINDOWS\System32\MSHFLXGD.oca
[2013/05/22 11:42:22 | 000,069,632 | ---- | M] () -- C:\WINDOWS\System32\MSDATLST.oca
[2013/05/22 11:42:22 | 000,035,840 | ---- | M] () -- C:\WINDOWS\System32\MSADODC.oca
[2013/05/22 11:42:21 | 000,065,536 | ---- | M] () -- C:\WINDOWS\System32\MSDATGRD.oca
[2013/05/22 11:42:21 | 000,017,408 | ---- | M] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | M] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | M] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | M] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/20 17:48:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/05/19 02:00:06 | 000,000,960 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Antivirus Scheduled Scan.job
[2013/05/18 14:14:25 | 019,407,872 | ---- | M] () -- C:\WINDOWS\outlook.pst
[2013/05/18 10:50:43 | 000,001,416 | ---- | M] () -- C:\WINDOWS\CDPlayer.ini
[2013/05/16 03:31:34 | 000,439,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/05/16 03:13:59 | 000,619,362 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/05/16 03:13:59 | 000,132,314 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/05/16 03:05:28 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/05/15 09:52:47 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/05/15 09:52:47 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/05/10 11:42:15 | 000,061,952 | ---- | M] () -- C:\WINDOWS\System32\MMWaveX2.oca
[2013/05/10 11:42:15 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\HyperLabel.oca
[2013/05/10 11:42:14 | 000,135,168 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCT2.oca
[2013/05/10 11:42:14 | 000,048,640 | ---- | M] () -- C:\WINDOWS\System32\MSMASK32.oca
[2013/05/10 11:42:14 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcombo.oca
[2013/05/10 11:42:14 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctimage.oca
[2013/05/10 11:42:13 | 000,240,128 | ---- | M] () -- C:\WINDOWS\System32\COMCTL32.oca
[2013/05/10 11:42:13 | 000,076,288 | ---- | M] () -- C:\WINDOWS\System32\MSFLXGRD.oca
[2013/05/10 11:42:13 | 000,069,120 | ---- | M] () -- C:\WINDOWS\System32\DBLIST32.oca
[2013/05/10 11:42:13 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\cthtml.oca
[2013/05/10 11:42:12 | 000,062,464 | ---- | M] () -- C:\WINDOWS\System32\DBGRID32.oca
[2013/05/10 11:42:12 | 000,042,496 | ---- | M] () -- C:\WINDOWS\System32\ctmonth.oca
[2013/05/10 11:42:12 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctnedit.oca
[2013/05/10 11:42:12 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctcheck.oca
[2013/05/10 11:42:12 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctfill.oca
[2013/05/10 11:42:11 | 000,043,520 | ---- | M] () -- C:\WINDOWS\System32\Ctlist.oca
[2013/05/10 11:42:11 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctpush.oca
[2013/05/10 11:42:11 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\Cttips.oca
[2013/05/10 11:42:11 | 000,020,992 | ---- | M] () -- C:\WINDOWS\System32\ctcalc.oca
[2013/05/10 11:42:11 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\Cthyplnk.oca
[2013/05/10 11:42:11 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctwave.oca
[2013/05/10 11:42:10 | 000,031,232 | ---- | M] () -- C:\WINDOWS\System32\ctdate.oca
[2013/05/10 11:42:10 | 000,026,112 | ---- | M] () -- C:\WINDOWS\System32\ctvlist.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctradio.oca
[2013/05/10 11:42:10 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctmeter.oca
[2013/05/10 11:42:10 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctdial.oca
[2013/05/10 11:42:10 | 000,014,336 | ---- | M] () -- C:\WINDOWS\System32\ctcpick.oca
[2013/05/10 11:42:09 | 000,029,184 | ---- | M] () -- C:\WINDOWS\System32\Ctyear.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctsize.oca
[2013/05/10 11:42:09 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctgauge.oca
[2013/05/10 11:42:09 | 000,022,528 | ---- | M] () -- C:\WINDOWS\System32\ctclock.oca
[2013/05/10 11:42:09 | 000,019,968 | ---- | M] () -- C:\WINDOWS\System32\ctgroup.oca
[2013/05/10 11:42:09 | 000,007,680 | ---- | M] () -- C:\WINDOWS\System32\ctmenu.oca
[2013/05/10 11:42:08 | 000,027,648 | ---- | M] () -- C:\WINDOWS\System32\ctdedit.oca
[2013/05/10 11:42:08 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctslide.oca
[2013/05/10 11:42:08 | 000,011,264 | ---- | M] () -- C:\WINDOWS\System32\ctPrint.oca
[2013/05/10 11:42:08 | 000,010,240 | ---- | M] () -- C:\WINDOWS\System32\ctfile.oca
[2013/05/10 11:42:08 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctcolor.oca
[2013/05/10 11:42:08 | 000,009,216 | ---- | M] () -- C:\WINDOWS\System32\ctTray.oca
[2013/05/10 11:42:07 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\Ctfold.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctsplit.oca
[2013/05/10 11:42:07 | 000,021,504 | ---- | M] () -- C:\WINDOWS\System32\ctscroll.oca
[2013/05/10 11:42:07 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctspin.oca
[2013/05/10 11:42:07 | 000,012,800 | ---- | M] () -- C:\WINDOWS\System32\ctformfx.oca
[2013/05/10 11:42:07 | 000,009,728 | ---- | M] () -- C:\WINDOWS\System32\ctfont.oca
[2013/05/10 11:42:06 | 000,051,200 | ---- | M] () -- C:\WINDOWS\System32\cttree.oca
[2013/05/10 11:42:06 | 000,030,720 | ---- | M] () -- C:\WINDOWS\System32\ctbutton.oca
[2013/05/10 11:42:06 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctruler.oca
[2013/05/10 11:42:06 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctsched.oca
[2013/05/10 11:42:06 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\cttabs.oca
[2013/05/10 11:42:05 | 000,028,160 | ---- | M] () -- C:\WINDOWS\System32\ctlstbar.oca
[2013/05/10 11:42:05 | 000,025,088 | ---- | M] () -- C:\WINDOWS\System32\ctmedit.oca
[2013/05/10 11:42:05 | 000,023,552 | ---- | M] () -- C:\WINDOWS\System32\ctpaper.oca
[2013/05/10 11:42:05 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\Ctframe.oca
[2013/05/10 11:42:05 | 000,019,456 | ---- | M] () -- C:\WINDOWS\System32\ctrotate.oca
[2013/05/10 11:42:05 | 000,018,944 | ---- | M] () -- C:\WINDOWS\System32\ctclip.oca
[2013/05/10 11:42:04 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\cttext.oca
[2013/05/10 11:42:04 | 000,024,064 | ---- | M] () -- C:\WINDOWS\System32\ctspiral.oca
[2013/05/10 11:42:04 | 000,023,040 | ---- | M] () -- C:\WINDOWS\System32\ctbanner.oca
[2013/05/10 11:42:04 | 000,020,480 | ---- | M] () -- C:\WINDOWS\System32\ctdata.oca
[2013/05/10 11:42:03 | 000,022,016 | ---- | M] () -- C:\WINDOWS\System32\ctmove.oca
[2013/05/08 09:01:08 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info067
[2013/05/08 09:01:08 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info066
[2013/05/08 09:01:07 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info070
[2013/05/08 09:01:07 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info069
[2013/05/08 09:01:07 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info068
[2013/05/08 09:01:07 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info051
[2013/05/08 09:01:07 | 000,000,019 | ---- | M] () -- C:\WINDOWS\info049
[2013/05/08 08:52:54 | 000,265,728 | ---- | M] () -- C:\WINDOWS\System32\MSCOMCTL.oca
[2013/05/08 01:10:12 | 000,770,384 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcr100.dll
[2013/05/08 01:10:12 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\msvcp100.dll
[2013/05/06 23:27:31 | 006,015,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/05/04 12:47:18 | 000,065,024 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/05/02 22:19:50 | 000,576,460 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/05/23 22:16:19 | 000,025,088 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\codecheck.exe
[2013/05/22 11:42:21 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\SYSINFO.oca
[2013/05/22 11:42:20 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\MCI32.oca
[2013/05/22 11:42:20 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\PICCLP32.oca
[2013/05/22 11:42:19 | 000,166,400 | ---- | C] () -- C:\WINDOWS\System32\MSCHRT20.oca
[2013/05/22 11:42:18 | 000,064,000 | ---- | C] () -- C:\WINDOWS\System32\RICHTX32.oca
[2013/05/22 10:00:59 | 000,000,384 | ---- | C] () -- C:\WINDOWS\tasks\Sing Along Update.job
[2013/05/08 09:01:08 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info067
[2013/05/08 09:01:08 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info066
[2013/05/08 09:01:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info070
[2013/05/08 09:01:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info069
[2013/05/08 09:01:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info068
[2013/05/08 09:01:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info051
[2013/05/08 09:01:07 | 000,000,019 | ---- | C] () -- C:\WINDOWS\info049
[2013/05/02 22:19:50 | 000,576,460 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\MidlandMortgage_KevinMoon_LoanNumber_53107673.pdf
[2012/12/16 20:48:19 | 000,000,013 | ---- | C] () -- C:\WINDOWS\ffs.dat
[2012/12/15 19:42:12 | 000,111,234 | ---- | C] () -- C:\Program Files\9876~20121215_184210.new
[2012/11/19 18:09:44 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-1012-0.dat
[2012/10/15 10:46:35 | 000,000,588 | ---- | C] () -- C:\WINDOWS\vbv4.ini
[2012/10/15 10:46:31 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\VBV32hh.dll
[2012/09/09 20:07:52 | 000,090,500 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/09/01 22:16:20 | 000,038,498 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (DOS).ADR
[2012/09/01 21:06:06 | 000,037,898 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Comma Separated Values (Windows).ADR
[2012/08/27 21:17:43 | 000,000,022 | ---- | C] () -- C:\WINDOWS\exchng.ini
[2012/04/28 01:22:12 | 000,018,251 | ---- | C] () -- C:\WINDOWS\wise.ini
[2012/02/28 13:38:35 | 000,000,028 | ---- | C] () -- C:\WINDOWS\Wise32.INI
[2012/02/15 04:28:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/09 22:30:20 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/02 20:49:33 | 000,013,868 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\vfa226ni8vdg40wc4k082i1bxnspx1sa1vpji
[2011/12/20 20:50:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/20 20:50:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/20 20:50:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/20 20:50:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/20 20:50:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/20 01:02:06 | 000,013,132 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\b2ml23h4pd6pnu
[2011/12/16 18:00:46 | 000,001,416 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2011/12/16 17:59:43 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall.exe
[2011/12/16 17:59:43 | 000,020,898 | ---- | C] () -- C:\WINDOWS\System32\SpoonUninstall-dBpowerAMP Music Converter.dat
[2011/10/06 20:11:40 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/10/02 23:28:25 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\muangsys.dll
[2011/10/02 23:28:25 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\muadisp.dll
[2011/09/18 19:04:09 | 000,137,572 | ---- | C] () -- C:\WINDOWS\cep1unin.exe
[2011/09/18 19:02:36 | 000,000,163 | ---- | C] () -- C:\WINDOWS\cool.ini
[2011/09/18 15:12:16 | 000,000,135 | ---- | C] () -- C:\WINDOWS\VB5.INI
[2011/09/18 14:56:50 | 000,012,048 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.exe
[2011/09/18 14:56:50 | 000,007,440 | ---- | C] () -- C:\WINDOWS\System32\Ppmon.dll
[2011/09/18 14:55:41 | 000,748,160 | ---- | C] () -- C:\WINDOWS\System32\Co2c40en.dll
[2011/09/18 14:55:41 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\P2sodbc.dll
[2011/09/18 14:55:41 | 000,054,272 | ---- | C] () -- C:\WINDOWS\System32\P2irdao.dll
[2011/09/18 14:55:41 | 000,050,176 | ---- | C] () -- C:\WINDOWS\System32\P2ctdao.dll
[2011/09/18 14:55:41 | 000,036,352 | ---- | C] () -- C:\WINDOWS\System32\P2bbnd.dll
[2011/09/18 14:55:41 | 000,018,944 | ---- | C] ( ) -- C:\WINDOWS\System32\Implode.dll
[2011/08/14 23:16:29 | 000,003,141 | ---- | C] () -- C:\WINDOWS\UEDIT32.INI
[2011/08/11 03:10:15 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011/07/17 21:25:07 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\AXDIST.EXE
[2011/05/16 18:58:39 | 000,000,022 | ---- | C] () -- C:\Documents and Settings\Administrator\com10
[2011/02/14 19:11:44 | 000,000,272 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xQc8sJtHMfo7
[2011/02/14 19:11:44 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~xQc8sJtHMfo7r
[2011/02/14 19:11:35 | 000,000,520 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\xQc8sJtHMfo7
[2011/02/14 08:29:55 | 001,547,458 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1920358730-1913087698-391787831-500-0.dat
[2011/02/14 08:29:54 | 000,357,378 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2011/02/11 21:03:54 | 000,000,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0pGQnODnIBa
[2011/02/11 21:03:54 | 000,000,144 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~0pGQnODnIBar
[2011/02/11 21:03:48 | 000,000,344 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\0pGQnODnIBa
[2010/07/23 10:15:28 | 000,065,024 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/03/16 14:52:16 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/14 07:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/14 07:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/04/27 12:15:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\.minecraft
[2012/09/29 00:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ad-Aware Antivirus
[2011/04/05 09:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AT&T
[2012/09/22 20:49:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Audacity
[2012/03/26 23:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Avery
[2012/08/21 20:57:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskAid
[2011/04/05 10:25:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FrostWire
[2012/12/16 21:09:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GSplit
[2013/05/18 15:06:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\iFunbox_UserCache
[2012/05/03 11:41:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MySQL
[2011/07/24 13:31:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\MZTools Software
[2012/08/25 16:33:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\redsn0w
[2011/10/06 21:26:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SMSSender
[2012/04/27 12:29:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2013/02/08 18:04:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\TeamViewer
[2010/04/27 23:04:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Thunderbird
[2012/08/21 22:56:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2012/08/22 21:44:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2012/12/25 11:43:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012/09/24 01:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ad-Aware Browsing Protection
[2011/03/15 23:01:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AT&T
[2012/06/10 14:12:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/03/26 23:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avery
[2012/03/14 22:49:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Secure Search
[2012/06/10 14:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2011/03/15 07:58:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2012/01/09 22:30:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/12/20 21:29:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/16 07:49:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LG
[2011/05/15 23:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LogMeIn
[2012/06/10 14:00:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2012/08/21 20:50:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MGTEK
[2011/07/24 22:40:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motorola Media Link
[2012/05/02 13:52:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2013/05/22 10:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/08/21 22:55:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2010/12/20 18:04:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/06/23 17:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\AT&T
[2010/05/24 14:27:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Andrew\Application Data\Weather Defender
[2011/03/15 07:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\AT&T
[2011/03/15 07:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Sierra Wireless
[2010/05/24 14:26:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Kevin\Application Data\Weather Defender
[2012/06/11 21:13:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Ad-Aware Antivirus
[2013/03/19 01:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\.minecraft
[2011/12/20 07:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\3E6D0
[2012/06/12 02:58:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\Ad-Aware Antivirus
[2011/03/15 08:11:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AT&T
[2012/01/01 14:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AVG Secure Search
[2012/03/14 22:03:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\AVG2012
[2011/12/20 01:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\D00B6
[2012/01/01 15:22:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\MP3Rocket
[2013/05/23 16:16:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\PriceGong
[2013/05/23 16:11:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\SearchProtect
[2012/02/25 23:13:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Matthew\Application Data\TeamViewer
[2011/03/16 22:05:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Melanie\Application Data\AT&T
[2011/03/15 08:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile
[2011/09/14 13:04:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\TightVNC

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 7024 bytes -> C:\Documents and Settings\Administrator\My Documents\18413787.gif:Q30lsldxJoudresxAaaqpcawXc

< End of report >
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 11:38 am

OTL Extras logfile created on: 24/05/2013 10:11:19 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.13% Memory free
4.83 Gb Paging File | 4.30 Gb Available in Paging File | 89.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 232.88 Gb Total Space | 9.82 Gb Free Space | 4.22% Space Free | Partition Type: NTFS
Drive E: | 80.00 Gb Total Space | 0.87 Gb Free Space | 1.09% Space Free | Partition Type: NTFS
Drive F: | 74.52 Gb Total Space | 0.20 Gb Free Space | 0.27% Space Free | Partition Type: NTFS

Computer Name: MOONLIGHTINGPRO | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
piffile [open] -- "%1" %*
regfile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" %*
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3306:TCP" = 3306:TCP:*:Enabled:MoonSQL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"5910:TCP" = 5910:TCP:*:Enabled:vnc5910
"3306:TCP" = 3306:TCP:*:Enabled:MoonSQL

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe" = C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe:*:Enabled:Managed Services Agent -- (McAfee, Inc.)
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- (FrostWire Group)
"C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE" = C:\Program Files\Symantec\pcAnywhere\WINAW32.EXE:*:Enabled:pcAnywhere Main Program -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE" = C:\Program Files\Symantec\pcAnywhere\AWHOST32.EXE:*:Enabled:pcAnywhere Host Service -- (Symantec Corporation)
"C:\Program Files\Symantec\pcAnywhere\awrem32.exe" = C:\Program Files\Symantec\pcAnywhere\awrem32.exe:*:Enabled:pcAnywhere Remote Service -- (Symantec Corporation)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service -- (Apple Inc.)
"C:\Program Files\Mozilla Firefox\plugin-container.exe" = C:\Program Files\Mozilla Firefox\plugin-container.exe:*:Enabled:Plugin Container for Firefox -- (Mozilla Corporation)
"C:\WINDOWS\system32\ZoneLabs\vsmon.exe" = C:\WINDOWS\system32\ZoneLabs\vsmon.exe:*:Enabled:TrueVector Service
"C:\Documents and Settings\Administrator\Local Settings\temp\G2_626\g2viewer.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\G2_626\g2viewer.exe:*:Enabled:GoToMyPC Viewer
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe" = C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:HP Device Setup -- (Hewlett-Packard Co.)
"C:\Documents and Settings\Administrator\Local Settings\temp\G2_635\g2viewer.exe" = C:\Documents and Settings\Administrator\Local Settings\temp\G2_635\g2viewer.exe:*:Enabled:GoToMyPC Viewer
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe:*:Enabled:tvnserver.exe -- (GlavSoft LLC.)
"C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe" = C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopConnect.exe:*:Enabled:CrossLoop - Simple Secure Screen Sharing -- (CrossLoop)
"C:\My Downloads\IPhoneStuff\tinyumbrella-5.11.00b.exe" = C:\My Downloads\IPhoneStuff\tinyumbrella-5.11.00b.exe:*:Enabled:TinyUmbrella - Save your SHSH!
"C:\Documents and Settings\Administrator\Desktop\PWNAge\tinyumbrella-5.11.00b.exe" = C:\Documents and Settings\Administrator\Desktop\PWNAge\tinyumbrella-5.11.00b.exe:*:Enabled:TinyUmbrella - Save your SHSH! -- ()
"C:\Documents and Settings\Administrator\Desktop\PWNAge\tinyumbrella-5.11.01.exe" = C:\Documents and Settings\Administrator\Desktop\PWNAge\tinyumbrella-5.11.01.exe:*:Enabled:TinyUmbrella - Save your SHSH! -- ()
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)
"C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE" = C:\Program Files\Microsoft Visual Studio\VB98\VB6.EXE:*:Enabled:Visual Basic -- (Microsoft Corporation)
"C:\Program Files\TeamViewer\Version8\TeamViewer.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe" = C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service -- (TeamViewer GmbH)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{047815FB-4E38-42D5-95CB-8A131DDD8668}" = Microsoft Windows Theme Nunavut
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CDC240E-86BF-4793-8C9B-BDB324F8F9A3}" = MySQL Provider
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{145A09DE-8628-4F54-ACA2-45507391CDFB}" = MySQL Connector J
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{19AE1804-C820-45c4-8CD0-79A78D6C0D3C}_is1" = MZ-Tools 3.0 for VB 6.0
"{1AD7FFF3-B4CE-4745-9D6B-DE1AE4D53EAA}" = OstroSoft SMTP Component
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20381839-62AB-4689-8FF2-24C4C3E18B08}" = MySQL Server 5.5
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2AFFFDD7-ED85-4A90-8C52-5DA9EBDC9B8F}" = Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery DesignPro
"{2DDC7E93-29AB-4260-A9DB-697F7FA88157}" = MySQL Connector Net 6.4.4
"{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{34A350D1-64FB-36D8-9D0C-1CD8E392DBA5}" = Google Talk Plugin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{394BE3D9-7F57-4638-A8D1-1D88671913B7}" = Microsoft SMS Sender
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C79DC59-6099-323B-B27B-90B45542B270}" = Google Talk Plugin
"{4112625F-2D38-49EF-924F-48511BC5CD34}" = Microsoft SQL Server 2008 Database Engine Services
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4F44B5AE-82A6-4A8A-A3E3-E24D489728E3}" = Microsoft SQL Server 2008 Native Client
"{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}" = Microsoft SQL Server Setup Support Files (English)
"{561BD069-5C63-4B48-98BD-91B743142304}" = MySQL Workbench 5.2 CE
"{64236D72-5D68-44C5-A5F6-C152CED274B8}" = AT&T Communication Manager
"{669A032D-4E28-3D11-BB26-8AD5D51EFE87}" = Google Talk Plugin
"{66F9302D-E145-4375-8C84-54DA2339C483}" = MySQL Connector C 6.0.2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7293D767-036E-46F2-960C-C017280D589E}" = MySQL Installer
"{7670D32F-DAE6-4E49-8C8B-B3F08B5B1686}" = Microsoft SQL Server Native Client
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Help
"{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1" = iExplorer 3.0.1.8
"{86EF9FC4-F209-4520-B7E1-C7FF0EEBDFFF}" = Adobe Audition 1.5
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1610D3-293C-4A23-8059-7401C2997420}" = MySQL Documents 5.5
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A760067A-C07E-1033-0000-A764AC000010}" = Avery Template
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A939D341-5A04-4E0A-BB55-3E65B386432D}" = Microsoft Office Small Business Connectivity Components
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.2
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B05E8183-866A-11D3-97DF-0000F8D8F2E9}" = Symantec pcAnywhere
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B32C4059-6E7A-41EF-AD20-56DF1872B923}" = Business Contact Manager for Outlook 2007 SP2
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B8E9F8A1-9F4D-43D5-ABD6-1DF067FAA469}" = Microsoft SQL Server 2008 Database Engine Services
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBFD9BC5-BB9A-4F9C-AD77-0BE3897FFE0F}" = MySQL Connector/ODBC 3.51
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C36A15FB-9882-4CB7-B128-239AACBB9BCD}" = MySQL Connector/ODBC 5.1
"{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}" = System Requirements Lab for Intel
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D441BD04-E548-4F8E-97A4-1B66135BAAA8}" = Microsoft SQL Server 2008 Setup Support Files
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7
"{E654D1E3-B18B-4953-BFBC-F16227323E05}" = HP Deskjet 2050 J510 series Basic Device Software
"{E7E254C0-94AA-4B33-AF6D-5276A169A680}" = TONKA Search & Rescue 2
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{EEC2DAFD-5558-40AC-8E9C-5005C8F810E8}" = Microsoft Plus! for Windows XP
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F8E14F33-774C-43CC-8441-E138A5B5EC71}" = Weather Defender
"{F9D6CBE7-6002-4B5C-A78A-32A823BDC71D}" = MySQL Examples and Samples 5.5
"{fc8208f2-b1c1-4253-9e89-d518e983b7bb}" = Ad-Aware Antivirus
"{FD753E57-1F44-41E6-B962-E01D76676206}" = MySQL Connector C++ 1.1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Ad-Aware Browsing Protection" = Ad-Aware Browsing Protection
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"AlphaNumeric LED ActiveX" = AlphaNumeric LED ActiveX
"amWavePro" = amWavePro
"Audacity_is1" = Audacity 2.0.2
"Business Contact Manager" = Business Contact Manager for Outlook 2007 SP2
"CCleaner" = CCleaner
"Cool Edit Pro v1.2a" = Cool Edit Pro v1.2a
"CrossLoop_is1" = CrossLoop 2.82
"Crowd Control" = Crowd Control
"CSVed" = CSVed
"DBImport ActiveX 2.0" = DBImport ActiveX 2.0
"dBpowerAMP Music Converter" = dBpowerAMP Music Converter
"DiskAid_is1" = DiskAid 5.31
"eMMA The E-Mail Message Assistant" = eMMA The E-Mail Message Assistant
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.1
"Google Chrome" = Google Chrome
"GSplit3Set" = GSplit 3
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"HP Photo Creations" = HP Photo Creations
"HsSmsDll 1.1 - Evaluation Version_is1" = HsSmsDll 1.1 Evaluation Version
"ie8" = Windows Internet Explorer 8
"iFunbox_is1" = iFunbox (v2.0.2150.728), iFunbox DevTeam
"Inno Setup 5_is1" = Inno Setup version 5.4.2
"InstallShield_{32821558-2C36-4FD0-A891-CA65360B0EC7}" = DesignPro 5
"InterVideo WinDVD" = InterVideo WinDVD
"IrfanView" = IrfanView (remove only)
"LG USB Drivers" = LG USB Drivers
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate1.6" = LiveUpdate 1.6 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee SiteAdvisor" = McAfee Browser Protection Service
"Microangelo 5.0" = Microangelo 5.0
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Developer Network - Visual Studio 6.0a" = MSDN Library - Visual Studio 6.0a
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft SQL Server 2005" = Microsoft SQL Server 2005
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Mozilla Firefox 21.0 (x86 en-US)" = Mozilla Firefox 21.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"Office8.0" = Microsoft Office 97, Professional Edition
"PDF Complete" = PDF Complete
"Prism" = Prism Video File Converter
"Product_Name" = On the Guard II
"Ready Reference CD" = Ready Reference CD
"SereneScreen Aquarium_is1" = SereneScreen Aquarium
"Sheridan ActiveThreed Plus 3.01" = Sheridan ActiveThreed Plus 3.01
"singalong@xenophesoft.com" = Sing Along
"Software Key Lok II Setup" = Software Key Lok II Setup
"ST5UNST #1" = BW Media OCX 1.2
"TeamViewer 8" = TeamViewer 8
"tintii" = indii.org/tintii
"UltraEdit-32" = UltraEdit-32 Uninstall
"VBVoice 4.2" = VBVoice 4.2
"Visual Basic 6.0 Professional Edition" = Microsoft Visual Basic 6.0 Professional Edition
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WebPost" = Microsoft Web Publishing Wizard 1.53
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.20 (32-bit)
"WinZip" = WinZip
"Wise Installation System 6.0" = Wise Installation System 6.0
"Wise InstallMaster 8.1" = Wise InstallMaster 8.1
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"FLV Player" = FLV Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/05/2013 4:03:12 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.4'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 24/05/2013 4:03:12 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.3'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 24/05/2013 4:03:12 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.2'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 24/05/2013 4:03:12 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17049
Description = Unable to cycle error log file from 'c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\LOG\ERRORLOG' to 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\LOG\ERRORLOG.1'
due to OS error '5(Access is denied.)'. A process outside of SQL Server may be
preventing SQL Server from reading the files. As a result, errorlog entries may
be lost and it may not be possible to view some SQL Server errorlogs. Make sure
no other processes have locked the file with write-only access."

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\master.mdf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\master.mdf for file number 1. OS error: 5(Access is
denied.).

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17207
Description = FCB::Open: Operating system error 5(Access is denied.) occurred while
creating or opening file 'c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\DATA\mastlog.ldf'.
Diagnose and correct the operating system error, and retry the operation.

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = MSSQL$MSSMLBIZ | ID = 17204
Description = FCB::Open failed: Could not open file c:\Program Files\Microsoft SQL
Server\MSSQL.1\MSSQL\DATA\mastlog.ldf for file number 2. OS error: 5(Access is
denied.).

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = MsiInstaller | ID = 10005
Description =

Error - 24/05/2013 10:50:38 AM | Computer Name = MOONLIGHTINGPRO | Source = CltMngSvc | ID = 1000
Description =

[ System Events ]
Error - 22/05/2013 4:03:07 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 22/05/2013 4:03:45 AM | Computer Name = MOONLIGHTINGPRO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 23/05/2013 4:07:02 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 23/05/2013 4:07:37 AM | Computer Name = MOONLIGHTINGPRO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 23/05/2013 12:11:00 PM | Computer Name = MOONLIGHTINGPRO | Source = Print | ID = 6161
Description = The document Microsoft Word - Document2 owned by Administrator failed
to print on printer HP Deskjet 2050 J510 series. Data type: NT EMF 1.008. Size
of the spool file in bytes: 65536. Number of bytes printed: 0. Total number of pages
in the document: 1. Number of pages printed: 0. Client machine: \\MOONLIGHTINGPRO.
Win32 error code returned by the print processor: 183 (0xb7).

Error - 24/05/2013 4:03:13 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7024
Description = The SQL Server (MSSMLBIZ) service terminated with service-specific
error 3417 (0xD59).

Error - 24/05/2013 4:03:53 AM | Computer Name = MOONLIGHTINGPRO | Source = Windows Update Agent | ID = 20
Description = Installation Failure: Windows failed to install the following update
with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 4
(KB2463332).

Error - 24/05/2013 10:38:03 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7000
Description = The Parallel port driver service failed to start due to the following
error: %%1058

Error - 24/05/2013 10:38:03 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7000
Description = The vToolbarUpdater service failed to start due to the following error:
%%2

Error - 24/05/2013 10:38:43 AM | Computer Name = MOONLIGHTINGPRO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVGIDSHX EterlogicVirtualSerialDriver


< End of report >
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 11:40 am

I am not have any problems running the instructions you have given me.
The computer seems to be operating at normal speed. Firefox is no longer my default browser and the ads described in my previous post are still coming up in Internet Explorer.
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby pgmigg » May 24th, 2013, 1:09 pm

Hello moonlighting,
The computer seems to be operating at normal speed. Firefox is no longer my default browser and the ads described in my previous post are still coming up in Internet Explorer.
Very good! :D But we are not finished yet. Let continue...

Step 1.
AdwCleaner - Search
Please download AdwCleaner by Xplode onto your desktop.
  1. Close all open programs and internet browsers.
  2. Double-click on adwcleaner.exe to run it.
  3. Click on Search.
  4. A logfile will automatically open after the scan has finished.
  5. Please post the content of that logfile with your next reply.
  6. You can find the logfile at C:\AdwCleaner[R1].txt as well.

Step 2.
TDSSKiller - Rootkit Removal Tool - Scan only
Please download the TDSSKiller.exe by Kaspersky and save it to your Desktop. <-Important!!!
  1. Double-click on TDSSKiller.exe to run the tool for known TDSS/TDL variants.
    If TDSSKiller does not run, please rename it. Right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. zarodinu.com).
    If you don't see file extensions, please see: How to change the file extension.
  2. Click the Start Scan button. Do not use the computer during the scan!
  3. If the scan completes with nothing found, click Close to exit.
  4. If malicious objects are found, they will show in the "Scan results - Select action for found objects" and offer 3 options.
    • Please select Skip instead of Cure (default).
  5. Then click Continue, then Close and then Close again.
  6. A log file named TDSSKiller_version_dd.mm.yyyy_hh.mm.ss_log.txt will be created and saved to the root directory (usually Local Disk C:).
  7. Copy and paste the contents of that file in your next reply.

Step 3.
SystemLook
Please download SystemLook.exe by jpshortstuff and save it to your Desktop.
Alternate download site.
  1. Double-click SystemLook.exe to run it.
    If you receive an "Open file - security warning"... asking "Do you want to run this file?", press the Run button.
  2. Highlight and copy the following entries: into SystemLook's main text entry window.
    Code: Select all
    :filefind
    *AskToolbar*
    *Ask.com*
    *Bandoo*
    *Babylon*
    *Conduit*
    *datamngr*
    *searchab*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *smartbar*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :folderfind
    *AskToolbar*
    *Ask.com*
    *Babylon*
    *Bandoo*
    *Conduit*
    *datamngr*
    *searchab*
    *smartbar*
    *Fun4IM*
    *Funmoods*
    *iLivid*
    *IObit*
    *Iminent*
    *Searchqu*
    *Searchnu*
    *Tarma*
    *trolltech*
    *Vafmusic2*
    *vshare*
    *whitesmoke*
    *Yontoo*
    
    :Regfind
    AskToolbar
    Ask.com
    Babylon
    Bandoo
    Conduit
    datamngr
    searchab
    Fun4IM
    Funmoods
    iLivid
    IObit
    Iminent
    Searchqu
    Searchnu
    smartbar
    Tarma
    trolltech
    Vafmusic2
    vshare
    whitesmoke
    Yontoo
    
  3. Press the Look button to start the scan.
    When finished, a Notepad window will open with the results of the scan.
    A file will be created (on your Desktop) with the results of the scan, named SystemLook.txt
  4. Please post the contents of the SystemLook.txt file in your next reply.

Please include in your next reply:
  1. Do you have any problems executing the instructions?
  2. Contents of the AdwCleaner[R1].txt log file
  3. Contents of TDSSKiller report file.
  4. Contents of the SystemLook.txt log file

Please do not hesitate to divide the post into multiple if it is too long...

Thanks,
pgmigg

Failure to post replies within 72 hours will result in this thread being closed
User avatar
pgmigg
MRU Teacher
MRU Teacher
 
Posts: 3180
Joined: July 8th, 2008, 1:25 pm
Location: GMT-05:00

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 8:53 pm

# AdwCleaner v2.301 - Logfile created 05/24/2013 at 14:08:39
# Updated 16/05/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - MOONLIGHTINGPRO
# Boot Mode : Normal
# Running from : C:\SpywareStuff\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\WINDOWS\Tasks\DealPlyUpdate.job
Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\avg@toolbar
Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\BabylonToolbar
Folder Found : C:\Documents and Settings\All Users\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Andrew\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Kevin\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Matthew\Application Data\AVG Secure Search
Folder Found : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
Folder Found : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\Documents and Settings\Matthew\Application Data\PriceGong
Folder Found : C:\Documents and Settings\Matthew\Application Data\SearchProtect
Folder Found : C:\Documents and Settings\Matthew\Local Settings\Application Data\APN
Folder Found : C:\Documents and Settings\Matthew\Local Settings\Application Data\AskToolbar
Folder Found : C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Melanie\Local Settings\Application Data\AskToolbar
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\SingAlong

***** [Registry] *****

Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\DomaIQ
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6492E171-2427-4932-B414-33574A089F5E}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [singalong@xenophesoft.com]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Documents and Settings\Kevin\Application Data\Mozilla\Firefox\Profiles\1zgwmt45.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Melanie\Application Data\Mozilla\Firefox\Profiles\w2l75t4j.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Andrew\Application Data\Mozilla\Firefox\Profiles\6jtlqot1.default\prefs.js

[OK] File is clean.

File : C:\Documents and Settings\Matthew\Application Data\Mozilla\Firefox\Profiles\1plraout.default\prefs.js

Found : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AV[...]
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B5c164dde-a340-480f-a84f-6cf2e803d324%[...]

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mdn6j4lo.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v27.0.1453.94

File : C:\Documents and Settings\Matthew\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.457] : homepage = "hxxp://search.conduit.com/?ctid=CT3294791&SearchSource=48&CUI=UN38891505153510110&UM=2",

*************************

AdwCleaner[R1].txt - [6198 octets] - [24/05/2013 14:08:39]

########## EOF - C:\AdwCleaner[R1].txt - [6258 octets] ##########
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 8:53 pm

14:11:31.0703 1668 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
14:11:32.0250 1668 ============================================================
14:11:32.0250 1668 Current date / time: 2013/05/24 14:11:32.0250
14:11:32.0250 1668 SystemInfo:
14:11:32.0250 1668
14:11:32.0250 1668 OS Version: 5.1.2600 ServicePack: 3.0
14:11:32.0250 1668 Product type: Workstation
14:11:32.0250 1668 ComputerName: MOONLIGHTINGPRO
14:11:32.0250 1668 UserName: Administrator
14:11:32.0250 1668 Windows directory: C:\WINDOWS
14:11:32.0250 1668 System windows directory: C:\WINDOWS
14:11:32.0250 1668 Processor architecture: Intel x86
14:11:32.0250 1668 Number of processors: 2
14:11:32.0250 1668 Page size: 0x1000
14:11:32.0250 1668 Boot type: Normal boot
14:11:32.0250 1668 ============================================================
14:11:33.0703 1668 Drive \Device\Harddisk1\DR1 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
14:11:33.0718 1668 Drive \Device\Harddisk2\DR2 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
14:11:33.0750 1668 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
14:11:33.0750 1668 ============================================================
14:11:33.0750 1668 \Device\Harddisk1\DR1:
14:11:33.0750 1668 MBR partitions:
14:11:33.0750 1668 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x9FFEACC
14:11:33.0765 1668 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x9FFEB4A, BlocksNum 0x5FFC0FA
14:11:33.0765 1668 \Device\Harddisk2\DR2:
14:11:33.0765 1668 MBR partitions:
14:11:33.0765 1668 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
14:11:33.0765 1668 \Device\Harddisk0\DR0:
14:11:33.0765 1668 MBR partitions:
14:11:33.0765 1668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1C4542
14:11:33.0765 1668 ============================================================
14:11:33.0796 1668 C: <-> \Device\Harddisk0\DR0\Partition1
14:11:34.0109 1668 E: <-> \Device\Harddisk1\DR1\Partition1
14:11:34.0187 1668 F: <-> \Device\Harddisk2\DR2\Partition1
14:11:34.0515 1668 G: <-> \Device\Harddisk1\DR1\Partition2
14:11:34.0515 1668 ============================================================
14:11:34.0515 1668 Initialize success
14:11:34.0515 1668 ============================================================
14:12:01.0593 2816 ============================================================
14:12:01.0593 2816 Scan started
14:12:01.0593 2816 Mode: Manual;
14:12:01.0593 2816 ============================================================
14:12:03.0000 2816 ================ Scan system memory ========================
14:12:03.0000 2816 System memory - ok
14:12:03.0000 2816 ================ Scan services =============================
14:12:03.0109 2816 [ C07D5197410AAB28D0D93F943F59656D ] 6to4 C:\WINDOWS\System32\6to4svc.dll
14:12:03.0125 2816 6to4 - ok
14:12:03.0140 2816 Abiosdsk - ok
14:12:03.0140 2816 abp480n5 - ok
14:12:03.0203 2816 [ 0F2D66D5F08EBE2F77BB904288DCF6F0 ] ac97intc C:\WINDOWS\system32\drivers\ac97intc.sys
14:12:03.0218 2816 ac97intc - ok
14:12:03.0234 2816 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:12:03.0250 2816 ACPI - ok
14:12:03.0265 2816 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
14:12:03.0281 2816 ACPIEC - ok
14:12:03.0453 2816 [ 09E61047B0CEF21559CFCEDF4F14D216 ] Ad-Aware Service C:\Program Files\Ad-Aware Antivirus\AdAwareService.exe
14:12:03.0468 2816 Ad-Aware Service - ok
14:12:03.0562 2816 [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
14:12:03.0562 2816 AdobeFlashPlayerUpdateSvc - ok
14:12:03.0593 2816 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
14:12:03.0593 2816 adpu160m - ok
14:12:03.0609 2816 [ 0EA9B1F0C6C90A509C8603775366ADB7 ] adpu320 C:\WINDOWS\system32\DRIVERS\adpu320.sys
14:12:03.0640 2816 adpu320 - ok
14:12:03.0656 2816 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
14:12:03.0687 2816 aec - ok
14:12:03.0718 2816 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
14:12:03.0750 2816 AFD - ok
14:12:03.0750 2816 Aha154x - ok
14:12:03.0765 2816 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
14:12:03.0765 2816 aic78u2 - ok
14:12:03.0781 2816 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
14:12:03.0796 2816 aic78xx - ok
14:12:03.0812 2816 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
14:12:03.0843 2816 Alerter - ok
14:12:03.0859 2816 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
14:12:03.0875 2816 ALG - ok
14:12:03.0890 2816 AliIde - ok
14:12:03.0890 2816 amsint - ok
14:12:04.0015 2816 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
14:12:04.0031 2816 Apple Mobile Device - ok
14:12:04.0046 2816 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
14:12:04.0046 2816 AppMgmt - ok
14:12:04.0046 2816 asc - ok
14:12:04.0062 2816 asc3350p - ok
14:12:04.0062 2816 asc3550 - ok
14:12:04.0109 2816 [ 20D04091EBA710F6988F710507D85868 ] Aspi32 C:\WINDOWS\system32\drivers\Aspi32.sys
14:12:04.0125 2816 Aspi32 - ok
14:12:04.0250 2816 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
14:12:04.0250 2816 aspnet_state - ok
14:12:04.0281 2816 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:12:04.0312 2816 AsyncMac - ok
14:12:04.0359 2816 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
14:12:04.0375 2816 atapi - ok
14:12:04.0375 2816 Atdisk - ok
14:12:04.0421 2816 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:12:04.0437 2816 Atmarpc - ok
14:12:04.0500 2816 [ C9B922323F9AA74EB3B32A72BDA5BAEF ] ATTRcAppSvc C:\Program Files\AT&T\Communication Manager\RcAppSvc.exe
14:12:04.0531 2816 ATTRcAppSvc - ok
14:12:04.0593 2816 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
14:12:04.0609 2816 AudioSrv - ok
14:12:04.0625 2816 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
14:12:04.0640 2816 audstub - ok
14:12:04.0640 2816 AVGIDSFilter - ok
14:12:04.0656 2816 AVGIDSHX - ok
14:12:04.0656 2816 AVGIDSShim - ok
14:12:04.0734 2816 [ 374B8CBBD42C99FB2A4799CCBB3234EF ] awhost32 C:\Program Files\Symantec\pcAnywhere\awhost32.exe
14:12:04.0750 2816 awhost32 - ok
14:12:04.0796 2816 [ F7E75C620A04963C9A53C3B47DA80405 ] awlegacy C:\WINDOWS\System32\Drivers\awlegacy.sys
14:12:04.0812 2816 awlegacy - ok
14:12:04.0843 2816 [ CA5F2EB69105A4DB4F5CED1A9A2AD69C ] AW_HOST C:\WINDOWS\system32\drivers\aw_host5.sys
14:12:04.0875 2816 AW_HOST - ok
14:12:04.0937 2816 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
14:12:04.0953 2816 BcmSqlStartupSvc - ok
14:12:04.0968 2816 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
14:12:04.0984 2816 Beep - ok
14:12:05.0046 2816 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
14:12:05.0078 2816 BITS - ok
14:12:05.0156 2816 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
14:12:05.0156 2816 Bonjour Service - ok
14:12:05.0187 2816 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
14:12:05.0250 2816 Browser - ok
14:12:05.0265 2816 catchme - ok
14:12:05.0312 2816 [ F6B032F03602321CBAD380A6EB883525 ] cbfs3 C:\WINDOWS\system32\DRIVERS\cbfs3.sys
14:12:05.0328 2816 cbfs3 - ok
14:12:05.0390 2816 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
14:12:05.0406 2816 cbidf2k - ok
14:12:05.0406 2816 cd20xrnt - ok
14:12:05.0421 2816 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
14:12:05.0437 2816 Cdaudio - ok
14:12:05.0484 2816 [ 1D379C7B4C381F2DB57F58EC24645BAB ] cdc_ecm C:\WINDOWS\system32\DRIVERS\cdc_ecm.sys
14:12:05.0828 2816 cdc_ecm - ok
14:12:05.0843 2816 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
14:12:05.0843 2816 Cdfs - ok
14:12:05.0859 2816 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:12:05.0875 2816 Cdrom - ok
14:12:05.0890 2816 Changer - ok
14:12:05.0937 2816 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
14:12:05.0953 2816 CiSvc - ok
14:12:05.0984 2816 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
14:12:06.0015 2816 ClipSrv - ok
14:12:06.0078 2816 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
14:12:06.0109 2816 clr_optimization_v2.0.50727_32 - ok
14:12:06.0156 2816 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
14:12:06.0171 2816 clr_optimization_v4.0.30319_32 - ok
14:12:06.0171 2816 CmdIde - ok
14:12:06.0187 2816 COMSysApp - ok
14:12:06.0187 2816 Cpqarray - ok
14:12:06.0234 2816 [ D01F685F8B4598D144B0CCE9FF95D8D5 ] cpudrv C:\Program Files\SystemRequirementsLab\cpudrv.sys
14:12:06.0265 2816 cpudrv - ok
14:12:06.0406 2816 [ 97558F429F8F09446AE51C1AA88C9B9B ] CrossLoopService C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\CrossLoopService.exe
14:12:06.0421 2816 CrossLoopService - ok
14:12:06.0468 2816 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
14:12:06.0484 2816 CryptSvc - ok
14:12:06.0484 2816 dac2w2k - ok
14:12:06.0484 2816 dac960nt - ok
14:12:06.0546 2816 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
14:12:06.0562 2816 DcomLaunch - ok
14:12:06.0609 2816 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
14:12:06.0625 2816 Dhcp - ok
14:12:06.0671 2816 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
14:12:06.0671 2816 Disk - ok
14:12:06.0671 2816 dmadmin - ok
14:12:06.0718 2816 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
14:12:06.0781 2816 dmboot - ok
14:12:06.0781 2816 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
14:12:06.0781 2816 dmio - ok
14:12:06.0796 2816 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
14:12:06.0796 2816 dmload - ok
14:12:06.0796 2816 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
14:12:06.0812 2816 dmserver - ok
14:12:06.0859 2816 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
14:12:06.0875 2816 DMusic - ok
14:12:06.0906 2816 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
14:12:06.0921 2816 Dnscache - ok
14:12:06.0937 2816 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
14:12:06.0953 2816 Dot3svc - ok
14:12:06.0953 2816 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
14:12:06.0968 2816 dpti2o - ok
14:12:07.0015 2816 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
14:12:07.0031 2816 drmkaud - ok
14:12:07.0062 2816 [ 3FCA03CBCA11269F973B70FA483C88EF ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
14:12:07.0078 2816 E100B - ok
14:12:07.0109 2816 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
14:12:07.0140 2816 EapHost - ok
14:12:07.0140 2816 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
14:12:07.0156 2816 ERSvc - ok
14:12:07.0234 2816 EterlogicVirtualSerialDriver - ok
14:12:07.0265 2816 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
14:12:07.0296 2816 Eventlog - ok
14:12:07.0343 2816 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
14:12:07.0343 2816 EventSystem - ok
14:12:07.0390 2816 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
14:12:07.0421 2816 Fastfat - ok
14:12:07.0468 2816 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
14:12:07.0500 2816 FastUserSwitchingCompatibility - ok
14:12:07.0515 2816 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
14:12:07.0531 2816 Fdc - ok
14:12:07.0562 2816 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
14:12:07.0578 2816 Fips - ok
14:12:07.0593 2816 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\drivers\Flpydisk.sys
14:12:07.0625 2816 Flpydisk - ok
14:12:07.0625 2816 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
14:12:07.0625 2816 FltMgr - ok
14:12:07.0718 2816 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
14:12:07.0718 2816 FontCache3.0.0.0 - ok
14:12:07.0718 2816 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:12:07.0734 2816 Fs_Rec - ok
14:12:07.0750 2816 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:12:07.0750 2816 Ftdisk - ok
14:12:07.0781 2816 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
14:12:07.0796 2816 GEARAspiWDM - ok
14:12:07.0812 2816 [ 5B8F60F7BFEC67CE2491FBAD799CC058 ] Gernuwa C:\WINDOWS\system32\drivers\Gernuwa.sys
14:12:07.0812 2816 Gernuwa - ok
14:12:07.0859 2816 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:12:07.0890 2816 Gpc - ok
14:12:07.0968 2816 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:07.0984 2816 gupdate - ok
14:12:07.0984 2816 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
14:12:07.0984 2816 gupdatem - ok
14:12:08.0031 2816 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
14:12:08.0078 2816 gusvc - ok
14:12:08.0109 2816 [ 573C7D0A32852B48F3058CFD8026F511 ] HDAudBus C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
14:12:08.0156 2816 HDAudBus - ok
14:12:08.0281 2816 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
14:12:08.0281 2816 helpsvc - ok
14:12:08.0312 2816 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
14:12:08.0312 2816 HidServ - ok
14:12:08.0343 2816 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:12:08.0343 2816 HidUsb - ok
14:12:08.0375 2816 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
14:12:08.0406 2816 hkmsvc - ok
14:12:08.0406 2816 hpn - ok
14:12:08.0453 2816 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
14:12:08.0500 2816 HTTP - ok
14:12:08.0562 2816 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
14:12:08.0578 2816 HTTPFilter - ok
14:12:08.0593 2816 i2omgmt - ok
14:12:08.0593 2816 i2omp - ok
14:12:08.0640 2816 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:12:08.0671 2816 i8042prt - ok
14:12:08.0687 2816 [ 06B7EF73BA5F302EECC294CDF7E19702 ] i81x C:\WINDOWS\system32\DRIVERS\i81xnt5.sys
14:12:08.0703 2816 i81x - ok
14:12:08.0734 2816 [ 7B5B44EFE5EB9DADFB8EE29700885D23 ] iAimFP0 C:\WINDOWS\system32\DRIVERS\wADV01nt.sys
14:12:08.0765 2816 iAimFP0 - ok
14:12:08.0781 2816 [ EB1F6BAB6C22EDE0BA551B527475F7E9 ] iAimFP1 C:\WINDOWS\system32\DRIVERS\wADV02NT.sys
14:12:08.0812 2816 iAimFP1 - ok
14:12:08.0828 2816 [ 03CE989D846C1AA81145CB22FCB86D06 ] iAimFP2 C:\WINDOWS\system32\DRIVERS\wADV05NT.sys
14:12:08.0859 2816 iAimFP2 - ok
14:12:08.0875 2816 [ 525849B4469DE021D5D61B4DB9BE3A9D ] iAimFP3 C:\WINDOWS\system32\DRIVERS\wSiINTxx.sys
14:12:08.0906 2816 iAimFP3 - ok
14:12:08.0921 2816 [ 589C2BCDB5BD602BF7B63D210407EF8C ] iAimFP4 C:\WINDOWS\system32\DRIVERS\wVchNTxx.sys
14:12:08.0937 2816 iAimFP4 - ok
14:12:08.0937 2816 [ 0308AEF61941E4AF478FA1A0F83812F5 ] iAimFP5 C:\WINDOWS\system32\DRIVERS\wADV07nt.sys
14:12:08.0968 2816 iAimFP5 - ok
14:12:08.0968 2816 [ 714038A8AA5DE08E12062202CD7EAEB5 ] iAimFP6 C:\WINDOWS\system32\DRIVERS\wADV08nt.sys
14:12:08.0984 2816 iAimFP6 - ok
14:12:08.0984 2816 [ 7BB3AA595E4507A788DE1CDC63F4C8C4 ] iAimFP7 C:\WINDOWS\system32\DRIVERS\wADV09nt.sys
14:12:09.0000 2816 iAimFP7 - ok
14:12:09.0000 2816 [ D83BDD5C059667A2F647A6BE5703A4D2 ] iAimTV0 C:\WINDOWS\system32\DRIVERS\wATV01nt.sys
14:12:09.0015 2816 iAimTV0 - ok
14:12:09.0015 2816 [ ED968D23354DAA0D7C621580C012A1F6 ] iAimTV1 C:\WINDOWS\system32\DRIVERS\wATV02NT.sys
14:12:09.0031 2816 iAimTV1 - ok
14:12:09.0031 2816 [ D738273F218A224C1DDAC04203F27A84 ] iAimTV3 C:\WINDOWS\system32\DRIVERS\wATV04nt.sys
14:12:09.0046 2816 iAimTV3 - ok
14:12:09.0046 2816 [ 0052D118995CBAB152DAABE6106D1442 ] iAimTV4 C:\WINDOWS\system32\DRIVERS\wCh7xxNT.sys
14:12:09.0062 2816 iAimTV4 - ok
14:12:09.0062 2816 [ 791CC45DE6E50445BE72E8AD6401FF45 ] iAimTV5 C:\WINDOWS\system32\DRIVERS\wATV10nt.sys
14:12:09.0078 2816 iAimTV5 - ok
14:12:09.0078 2816 [ 352FA0E98BC461CE1CE5D41F64DB558D ] iAimTV6 C:\WINDOWS\system32\DRIVERS\wATV06nt.sys
14:12:09.0093 2816 iAimTV6 - ok
14:12:09.0171 2816 [ C5DB546F9028CD00E64335091860D8F3 ] ialm C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
14:12:09.0546 2816 ialm - ok
14:12:09.0609 2816 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
14:12:09.0656 2816 idsvc - ok
14:12:09.0718 2816 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
14:12:09.0718 2816 Imapi - ok
14:12:09.0750 2816 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
14:12:09.0781 2816 ImapiService - ok
14:12:09.0781 2816 ini910u - ok
14:12:09.0937 2816 [ E5C925B50154D102734AB446ADE781F4 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
14:12:10.0062 2816 IntcAzAudAddService - ok
14:12:10.0093 2816 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
14:12:10.0125 2816 IntelIde - ok
14:12:10.0125 2816 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
14:12:10.0125 2816 intelppm - ok
14:12:10.0140 2816 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
14:12:10.0140 2816 Ip6Fw - ok
14:12:10.0140 2816 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:12:10.0156 2816 IpFilterDriver - ok
14:12:10.0156 2816 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:12:10.0171 2816 IpInIp - ok
14:12:10.0187 2816 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:12:10.0203 2816 IpNat - ok
14:12:10.0234 2816 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
14:12:10.0250 2816 iPod Service - ok
14:12:10.0265 2816 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:12:10.0296 2816 IPSec - ok
14:12:10.0328 2816 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
14:12:10.0343 2816 IRENUM - ok
14:12:10.0406 2816 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:12:10.0406 2816 isapnp - ok
14:12:10.0421 2816 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:12:10.0437 2816 Kbdclass - ok
14:12:10.0453 2816 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:12:10.0468 2816 kbdhid - ok
14:12:10.0484 2816 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
14:12:10.0500 2816 kmixer - ok
14:12:10.0531 2816 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
14:12:10.0531 2816 KSecDD - ok
14:12:10.0562 2816 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
14:12:10.0609 2816 LanmanServer - ok
14:12:10.0656 2816 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
14:12:10.0734 2816 lanmanworkstation - ok
14:12:10.0734 2816 lbrtfdc - ok
14:12:10.0781 2816 LF30FS - ok
14:12:10.0828 2816 [ 6B052FF40D8162738CA611162CA11244 ] lgcpo C:\WINDOWS\system32\DRIVERS\lgcpo.sys
14:12:11.0109 2816 lgcpo - ok
14:12:11.0156 2816 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
14:12:11.0171 2816 LmHosts - ok
14:12:11.0296 2816 [ 11F714F85530A2BD134074DC30E99FCA ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
14:12:11.0296 2816 MDM - ok
14:12:11.0343 2816 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
14:12:11.0375 2816 Messenger - ok
14:12:11.0421 2816 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
14:12:11.0437 2816 mnmdd - ok
14:12:11.0484 2816 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
14:12:11.0500 2816 mnmsrvc - ok
14:12:11.0515 2816 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
14:12:11.0546 2816 Modem - ok
14:12:11.0625 2816 MoonSQL - ok
14:12:11.0656 2816 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:12:11.0656 2816 Mouclass - ok
14:12:11.0671 2816 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:12:11.0703 2816 mouhid - ok
14:12:11.0718 2816 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
14:12:11.0718 2816 MountMgr - ok
14:12:11.0796 2816 [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
14:12:11.0812 2816 MozillaMaintenance - ok
14:12:11.0812 2816 mraid35x - ok
14:12:11.0828 2816 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:12:11.0828 2816 MRxDAV - ok
14:12:11.0875 2816 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:12:11.0890 2816 MRxSmb - ok
14:12:11.0937 2816 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
14:12:11.0953 2816 MSDTC - ok
14:12:11.0953 2816 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
14:12:11.0953 2816 Msfs - ok
14:12:11.0968 2816 MSIServer - ok
14:12:11.0984 2816 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:12:12.0000 2816 MSKSSRV - ok
14:12:12.0015 2816 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:12:12.0015 2816 MSPCLOCK - ok
14:12:12.0031 2816 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
14:12:12.0031 2816 MSPQM - ok
14:12:12.0062 2816 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:12:12.0062 2816 mssmbios - ok
14:12:12.0203 2816 MSSQL$MSSMLBIZ - ok
14:12:12.0218 2816 MSSQL$SQLEXPRESS - ok
14:12:12.0328 2816 [ ADAF062116B4E6D96E44D26486A87AF6 ] MSSQLServerADHelper c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
14:12:12.0359 2816 MSSQLServerADHelper - ok
14:12:12.0437 2816 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 c:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
14:12:12.0453 2816 MSSQLServerADHelper100 - ok
14:12:12.0484 2816 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
14:12:12.0484 2816 Mup - ok
14:12:12.0546 2816 myAgtSvc - ok
14:12:12.0578 2816 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
14:12:12.0640 2816 napagent - ok
14:12:12.0687 2816 [ 8716356E49A665BDC7B114725B60A456 ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
14:12:12.0703 2816 NDIS - ok
14:12:12.0734 2816 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:12:12.0734 2816 NdisTapi - ok
14:12:12.0765 2816 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:12:12.0796 2816 Ndisuio - ok
14:12:12.0843 2816 [ 5526CFEBB619F7F763BD6A2E1B618078 ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:12:13.0093 2816 NdisWan - ok
14:12:13.0125 2816 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
14:12:13.0140 2816 NDProxy - ok
14:12:13.0156 2816 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
14:12:13.0156 2816 NetBIOS - ok
14:12:13.0171 2816 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
14:12:13.0187 2816 NetBT - ok
14:12:13.0234 2816 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
14:12:13.0265 2816 NetDDE - ok
14:12:13.0265 2816 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
14:12:13.0265 2816 NetDDEdsdm - ok
14:12:13.0328 2816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
14:12:13.0328 2816 Netlogon - ok
14:12:13.0359 2816 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
14:12:13.0359 2816 Netman - ok
14:12:13.0390 2816 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
14:12:13.0421 2816 NetTcpPortSharing - ok
14:12:13.0437 2816 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
14:12:13.0453 2816 Nla - ok
14:12:13.0500 2816 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
14:12:13.0500 2816 Npfs - ok
14:12:13.0515 2816 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
14:12:13.0515 2816 Ntfs - ok
14:12:13.0515 2816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
14:12:13.0515 2816 NtLmSsp - ok
14:12:13.0562 2816 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
14:12:13.0609 2816 NtmsSvc - ok
14:12:13.0656 2816 [ CF7E041663119E09D2E118521ADA9300 ] NuidFltr C:\WINDOWS\system32\DRIVERS\NuidFltr.sys
14:12:13.0687 2816 NuidFltr - ok
14:12:13.0703 2816 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
14:12:13.0703 2816 Null - ok
14:12:13.0734 2816 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:12:13.0750 2816 NwlnkFlt - ok
14:12:13.0765 2816 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:12:13.0765 2816 NwlnkFwd - ok
14:12:13.0781 2816 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
14:12:13.0796 2816 NwlnkIpx - ok
14:12:13.0812 2816 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
14:12:13.0812 2816 NwlnkNb - ok
14:12:13.0875 2816 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
14:12:13.0890 2816 NwlnkSpx - ok
14:12:13.0906 2816 [ C90018BAFDC7098619A4A95B046B30F3 ] P3 C:\WINDOWS\system32\DRIVERS\p3.sys
14:12:13.0937 2816 P3 - ok
14:12:13.0968 2816 [ 4512940ECD930438670CDCA7FFF1A878 ] Parclass C:\WINDOWS\System32\Drivers\Parclass.sys
14:12:14.0265 2816 Parclass - ok
14:12:14.0296 2816 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
14:12:14.0328 2816 Parport - ok
14:12:14.0343 2816 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
14:12:14.0343 2816 PartMgr - ok
14:12:14.0359 2816 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
14:12:14.0375 2816 ParVdm - ok
14:12:14.0390 2816 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
14:12:14.0390 2816 PCI - ok
14:12:14.0390 2816 PCIDump - ok
14:12:14.0390 2816 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
14:12:14.0390 2816 PCIIde - ok
14:12:14.0437 2816 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
14:12:14.0468 2816 Pcmcia - ok
14:12:14.0500 2816 [ 1E715247EFFFDDA938C085913045D599 ] PCTINDIS5 C:\WINDOWS\system32\PCTINDIS5.SYS
14:12:14.0531 2816 PCTINDIS5 - ok
14:12:14.0531 2816 PDCOMP - ok
14:12:14.0578 2816 pdfcDispatcher - ok
14:12:14.0578 2816 PDFRAME - ok
14:12:14.0578 2816 PDRELI - ok
14:12:14.0593 2816 PDRFRAME - ok
14:12:14.0593 2816 perc2 - ok
14:12:14.0593 2816 perc2hib - ok
14:12:14.0625 2816 [ 444F122E68DB44C0589227781F3C8B3F ] pfc C:\WINDOWS\system32\drivers\pfc.sys
14:12:14.0656 2816 pfc - ok
14:12:14.0687 2816 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
14:12:14.0687 2816 PlugPlay - ok
14:12:14.0703 2816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
14:12:14.0703 2816 PolicyAgent - ok
14:12:14.0734 2816 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:12:14.0750 2816 PptpMiniport - ok
14:12:14.0750 2816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
14:12:14.0750 2816 ProtectedStorage - ok
14:12:14.0750 2816 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
14:12:14.0796 2816 PSched - ok
14:12:14.0812 2816 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:12:14.0812 2816 Ptilink - ok
14:12:14.0828 2816 ql1080 - ok
14:12:14.0828 2816 Ql10wnt - ok
14:12:14.0828 2816 ql12160 - ok
14:12:14.0843 2816 ql1240 - ok
14:12:14.0843 2816 ql1280 - ok
14:12:14.0859 2816 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:12:14.0875 2816 RasAcd - ok
14:12:14.0921 2816 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
14:12:14.0953 2816 RasAuto - ok
14:12:14.0968 2816 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:12:14.0984 2816 Rasl2tp - ok
14:12:15.0015 2816 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
14:12:15.0046 2816 RasMan - ok
14:12:15.0062 2816 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:12:15.0062 2816 RasPppoe - ok
14:12:15.0078 2816 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
14:12:15.0093 2816 Raspti - ok
14:12:15.0140 2816 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:12:15.0156 2816 Rdbss - ok
14:12:15.0171 2816 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:12:15.0187 2816 RDPCDD - ok
14:12:15.0203 2816 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:12:15.0203 2816 rdpdr - ok
14:12:15.0250 2816 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
14:12:15.0500 2816 RDPWD - ok
14:12:15.0531 2816 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
14:12:15.0562 2816 RDSessMgr - ok
14:12:15.0609 2816 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
14:12:15.0640 2816 redbook - ok
14:12:15.0687 2816 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
14:12:15.0703 2816 RemoteAccess - ok
14:12:15.0750 2816 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
14:12:15.0765 2816 RemoteRegistry - ok
14:12:15.0796 2816 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
14:12:15.0796 2816 RimVSerPort - ok
14:12:15.0828 2816 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
14:12:15.0828 2816 ROOTMODEM - ok
14:12:15.0859 2816 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
14:12:15.0859 2816 RpcLocator - ok
14:12:15.0890 2816 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
14:12:15.0906 2816 RpcSs - ok
14:12:15.0937 2816 [ FD692C6FFADE58F7C4C3C3C9A0EC35BD ] RsFx0103 C:\WINDOWS\system32\DRIVERS\RsFx0103.sys
14:12:15.0968 2816 RsFx0103 - ok
14:12:16.0000 2816 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
14:12:16.0031 2816 RSVP - ok
14:12:16.0078 2816 [ 89619EF503F949FAE09252A8B883EE11 ] RTLE8023xp C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
14:12:16.0109 2816 RTLE8023xp - ok
14:12:16.0125 2816 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
14:12:16.0140 2816 SamSs - ok
14:12:16.0281 2816 [ BCE943896289A91AD75CC5652620B1C6 ] SBAMSvc C:\Program Files\Ad-Aware Antivirus\SBAMSvc.exe
14:12:16.0312 2816 SBAMSvc - ok
14:12:16.0359 2816 [ 62BA65CC0B4A4BD1EAFF5FED6E2B5069 ] sbaphd C:\WINDOWS\system32\drivers\sbaphd.sys
14:12:16.0390 2816 sbaphd - ok
14:12:16.0406 2816 [ 3FFF8CDA4D2F29CA06F1557E85163C30 ] sbapifs C:\WINDOWS\system32\drivers\sbapifs.sys
14:12:16.0406 2816 sbapifs - ok
14:12:16.0453 2816 [ DC19FF9879775AC86BAA9C9282573E87 ] SbFw C:\WINDOWS\system32\drivers\SbFw.sys
14:12:16.0500 2816 SbFw - ok
14:12:16.0531 2816 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCL C:\WINDOWS\system32\DRIVERS\sbfwim.sys
14:12:16.0546 2816 SBFWIMCL - ok
14:12:16.0562 2816 [ 1DCAD90CC9C0DDC7D060FD97854F8518 ] SBFWIMCLMP C:\WINDOWS\system32\DRIVERS\SBFWIM.sys
14:12:16.0562 2816 SBFWIMCLMP - ok
14:12:16.0593 2816 [ 1AFD7178AB9C4FCE2D332DA7AA474FA6 ] sbhips C:\WINDOWS\system32\drivers\sbhips.sys
14:12:16.0625 2816 sbhips - ok
14:12:16.0656 2816 [ 1FD538C4FEB36B793D2121F20BBDC16F ] SBRE C:\WINDOWS\system32\drivers\SBREdrv.sys
14:12:16.0687 2816 SBRE - ok
14:12:16.0718 2816 [ 3CCB4C5686D23033FD01835BED868B4B ] sbtis C:\WINDOWS\system32\drivers\sbtis.sys
14:12:16.0734 2816 sbtis - ok
14:12:16.0765 2816 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
14:12:16.0812 2816 SCardSvr - ok
14:12:16.0828 2816 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
14:12:16.0859 2816 Schedule - ok
14:12:16.0875 2816 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:12:16.0890 2816 Secdrv - ok
14:12:16.0921 2816 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
14:12:16.0937 2816 seclogon - ok
14:12:16.0953 2816 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
14:12:16.0984 2816 SENS - ok
14:12:17.0015 2816 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
14:12:17.0031 2816 serenum - ok
14:12:17.0031 2816 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
14:12:17.0046 2816 Serial - ok
14:12:17.0062 2816 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
14:12:17.0093 2816 Sfloppy - ok
14:12:17.0156 2816 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
14:12:17.0187 2816 SharedAccess - ok
14:12:17.0218 2816 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
14:12:17.0234 2816 ShellHWDetection - ok
14:12:17.0234 2816 Simbad - ok
14:12:17.0296 2816 [ BB2FACF58F87C299E823110C7921619C ] SiteAdvisor Service C:\Program Files\SiteAdvisor\6173\SAService.exe
14:12:17.0312 2816 SiteAdvisor Service - ok
14:12:17.0328 2816 Sparrow - ok
14:12:17.0359 2816 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
14:12:17.0375 2816 splitter - ok
14:12:17.0421 2816 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
14:12:17.0453 2816 Spooler - ok
14:12:17.0500 2816 [ A687B5B326AFCFCF182C4931D1FF9771 ] SQLAgent$SQLEXPRESS c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
14:12:17.0531 2816 SQLAgent$SQLEXPRESS - ok
14:12:17.0578 2816 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
14:12:17.0609 2816 SQLBrowser - ok
14:12:17.0640 2816 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
14:12:17.0671 2816 SQLWriter - ok
14:12:17.0687 2816 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
14:12:17.0687 2816 sr - ok
14:12:17.0734 2816 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
14:12:17.0765 2816 srservice - ok
14:12:17.0796 2816 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
14:12:17.0796 2816 Srv - ok
14:12:17.0843 2816 [ D6870895FE46A464A19141440EB6CC1E ] sscdbus C:\WINDOWS\system32\DRIVERS\sscdbus.sys
14:12:17.0875 2816 sscdbus - ok
14:12:17.0921 2816 [ 0FE167362E4689B716CDC8D93ADEDDA8 ] sscdmdfl C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
14:12:17.0953 2816 sscdmdfl - ok
14:12:18.0000 2816 [ 55A15707E32B6709242AD127E62CA55A ] sscdmdm C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
14:12:18.0031 2816 sscdmdm - ok
14:12:18.0046 2816 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
14:12:18.0093 2816 SSDPSRV - ok
14:12:18.0156 2816 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
14:12:18.0187 2816 stisvc - ok
14:12:18.0234 2816 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
14:12:18.0250 2816 swenum - ok
14:12:18.0281 2816 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
14:12:18.0296 2816 swmidi - ok
14:12:18.0328 2816 [ 57BBAEF27DC790160245B43EB6DCD576 ] swmsflt C:\WINDOWS\System32\drivers\swmsflt.sys
14:12:18.0359 2816 swmsflt - ok
14:12:18.0359 2816 SwPrv - ok
14:12:18.0406 2816 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
14:12:18.0421 2816 symc810 - ok
14:12:18.0421 2816 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
14:12:18.0453 2816 symc8xx - ok
14:12:18.0531 2816 [ E5E87F27CB2AF84472FB57566FB10BC5 ] SymEvent C:\Program Files\Symantec\SYMEVENT.SYS
14:12:18.0531 2816 SymEvent - ok
14:12:18.0578 2816 [ F2B7E8416F508368AC6730E2AE1C614F ] Symmpi C:\WINDOWS\system32\DRIVERS\symmpi.sys
14:12:18.0609 2816 Symmpi - ok
14:12:18.0625 2816 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
14:12:18.0656 2816 sym_hi - ok
14:12:18.0671 2816 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
14:12:18.0671 2816 sym_u3 - ok
14:12:18.0703 2816 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
14:12:18.0718 2816 sysaudio - ok
14:12:18.0781 2816 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
14:12:18.0828 2816 SysmonLog - ok
14:12:18.0875 2816 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
14:12:18.0953 2816 TapiSrv - ok
14:12:19.0000 2816 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:12:19.0046 2816 Tcpip - ok
14:12:19.0093 2816 [ 4E53BBCC4BE37D7A4BD6EF1098C89FF7 ] Tcpip6 C:\WINDOWS\system32\DRIVERS\tcpip6.sys
14:12:19.0109 2816 Tcpip6 - ok
14:12:19.0140 2816 [ C779BEFC948E365CDB271B98CADE6B29 ] tcpipBM C:\WINDOWS\system32\drivers\tcpipBM.sys
14:12:19.0406 2816 tcpipBM - ok
14:12:19.0453 2816 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
14:12:19.0453 2816 TDPIPE - ok
14:12:19.0468 2816 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
14:12:19.0484 2816 TDTCP - ok
14:12:19.0625 2816 [ 9F3E7CABE86BBDECA009DE291DB6D9E2 ] TeamViewer8 C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
14:12:20.0625 2816 TeamViewer8 - ok
14:12:20.0640 2816 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
14:12:20.0656 2816 TermDD - ok
14:12:20.0687 2816 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
14:12:20.0703 2816 TermService - ok
14:12:20.0718 2816 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
14:12:20.0734 2816 Themes - ok
14:12:20.0765 2816 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
14:12:20.0796 2816 TlntSvr - ok
14:12:20.0796 2816 TosIde - ok
14:12:20.0828 2816 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
14:12:20.0843 2816 TrkWks - ok
14:12:20.0859 2816 [ 8F861EDA21C05857EB8197300A92501C ] tunmp C:\WINDOWS\system32\DRIVERS\tunmp.sys
14:12:20.0890 2816 tunmp - ok
14:12:20.0953 2816 [ 7694DCA064D0B7E0D1A6972BB9C71B39 ] tvnserver C:\Documents and Settings\Administrator\Local Settings\Application Data\CrossLoop\tvnserver.exe
14:12:21.0000 2816 tvnserver - ok
14:12:21.0015 2816 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
14:12:21.0031 2816 Udfs - ok
14:12:21.0062 2816 [ 41202827A5D13905DDD84E9F3219DDFC ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
14:12:21.0062 2816 ultra - ok
14:12:21.0078 2816 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
14:12:21.0109 2816 upnphost - ok
14:12:21.0125 2816 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
14:12:21.0156 2816 UPS - ok
14:12:21.0187 2816 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\WINDOWS\system32\Drivers\usbaapl.sys
14:12:21.0484 2816 USBAAPL - ok
14:12:21.0531 2816 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:12:21.0546 2816 usbccgp - ok
14:12:21.0578 2816 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:12:21.0609 2816 usbehci - ok
14:12:21.0656 2816 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:12:21.0687 2816 usbhub - ok
14:12:21.0718 2816 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:12:21.0750 2816 usbprint - ok
14:12:21.0781 2816 [ FE116BD74893B97FFC65BF6100A1C5C0 ] UsbSADDiag C:\WINDOWS\system32\DRIVERS\lgusbddiag.sys
14:12:21.0953 2816 UsbSADDiag - ok
14:12:21.0984 2816 [ 9755A0DDD3AB72BEA7114E6BDCF16A54 ] USBSADModem C:\WINDOWS\system32\DRIVERS\lgusbdmodem.sys
14:12:22.0234 2816 USBSADModem - ok
14:12:22.0265 2816 [ 31A822C1B7619DCCE4AF23BE2451BC96 ] UsbSADObex C:\WINDOWS\system32\DRIVERS\lgusbdobex.sys
14:12:22.0406 2816 UsbSADObex - ok
14:12:22.0437 2816 [ F321878D88771468296B00CFB92E58D7 ] USBSANDIS C:\WINDOWS\system32\DRIVERS\dc_enum.sys
14:12:22.0687 2816 USBSANDIS - ok
14:12:22.0718 2816 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:12:22.0750 2816 usbscan - ok
14:12:22.0781 2816 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:12:22.0796 2816 USBSTOR - ok
14:12:22.0828 2816 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
14:12:22.0843 2816 usbuhci - ok
14:12:22.0906 2816 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
14:12:22.0906 2816 VgaSave - ok
14:12:22.0921 2816 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
14:12:22.0953 2816 ViaIde - ok
14:12:22.0968 2816 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
14:12:22.0968 2816 VolSnap - ok
14:12:22.0984 2816 vsdatant - ok
14:12:22.0984 2816 vspawbrj - ok
14:12:23.0031 2816 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
14:12:23.0078 2816 VSS - ok
14:12:23.0140 2816 vToolbarUpdater - ok
14:12:23.0156 2816 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
14:12:23.0171 2816 W32Time - ok
14:12:23.0203 2816 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:12:23.0203 2816 Wanarp - ok
14:12:23.0250 2816 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
14:12:23.0281 2816 Wdf01000 - ok
14:12:23.0296 2816 WDICA - ok
14:12:23.0359 2816 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
14:12:23.0375 2816 wdmaud - ok
14:12:23.0437 2816 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
14:12:23.0453 2816 WebClient - ok
14:12:23.0546 2816 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
14:12:23.0562 2816 winmgmt - ok
14:12:23.0593 2816 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
14:12:23.0625 2816 WmdmPmSN - ok
14:12:23.0656 2816 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
14:12:23.0656 2816 Wmi - ok
14:12:23.0718 2816 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
14:12:23.0734 2816 WmiApSrv - ok
14:12:23.0828 2816 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
14:12:23.0859 2816 WMPNetworkSvc - ok
14:12:23.0937 2816 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
14:12:23.0968 2816 WPFFontCache_v0400 - ok
14:12:24.0000 2816 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:12:24.0031 2816 WS2IFSL - ok
14:12:24.0093 2816 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
14:12:24.0125 2816 wscsvc - ok
14:12:24.0140 2816 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
14:12:24.0218 2816 wuauserv - ok
14:12:24.0234 2816 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:12:24.0265 2816 WudfPf - ok
14:12:24.0281 2816 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:12:24.0312 2816 WudfRd - ok
14:12:24.0328 2816 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
14:12:24.0406 2816 WudfSvc - ok
14:12:24.0421 2816 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
14:12:24.0453 2816 WZCSVC - ok
14:12:24.0484 2816 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
14:12:24.0531 2816 xmlprov - ok
14:12:24.0546 2816 ================ Scan global ===============================
14:12:24.0593 2816 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
14:12:24.0640 2816 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:12:24.0796 2816 [ 69AE2B2E6968C316536E5B10B9702E63 ] C:\WINDOWS\system32\winsrv.dll
14:12:24.0828 2816 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
14:12:24.0859 2816 [Global] - ok
14:12:24.0859 2816 ================ Scan MBR ==================================
14:12:24.0875 2816 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1
14:12:25.0078 2816 \Device\Harddisk1\DR1 - ok
14:12:25.0078 2816 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR2
14:12:25.0187 2816 \Device\Harddisk2\DR2 - ok
14:12:25.0203 2816 [ 4975BDBEDA8A3AFB2AEADEFC06CE9E12 ] \Device\Harddisk0\DR0
14:12:25.0437 2816 \Device\Harddisk0\DR0 - ok
14:12:25.0437 2816 ================ Scan VBR ==================================
14:12:25.0437 2816 [ 0CF77175E4430EA641CED07C02F98BAE ] \Device\Harddisk1\DR1\Partition1
14:12:25.0453 2816 \Device\Harddisk1\DR1\Partition1 - ok
14:12:25.0468 2816 [ 02AEEC7DDE1F8A28A8C0A16D2AB1B78C ] \Device\Harddisk1\DR1\Partition2
14:12:25.0468 2816 \Device\Harddisk1\DR1\Partition2 - ok
14:12:25.0468 2816 [ 7F368FB699AE15B112370DDDD93D1E92 ] \Device\Harddisk2\DR2\Partition1
14:12:25.0468 2816 \Device\Harddisk2\DR2\Partition1 - ok
14:12:25.0468 2816 [ EB8E420F14C034EB3B552C638229B7F3 ] \Device\Harddisk0\DR0\Partition1
14:12:25.0468 2816 \Device\Harddisk0\DR0\Partition1 - ok
14:12:25.0468 2816 ============================================================
14:12:25.0468 2816 Scan finished
14:12:25.0468 2816 ============================================================
14:12:25.0484 0724 Detected object count: 0
14:12:25.0484 0724 Actual detected object count: 0
14:12:40.0140 2652 Deinitialize success
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 8:53 pm

SystemLook 30.07.11 by jpshortstuff
Log created at 14:14 on 24/05/2013 by Administrator
Administrator - Elevation successful

========== filefind ==========

Searching for "*AskToolbar*"
No files found.

Searching for "*Ask.com*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Babylon*"
C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ffx.exe --a---- 213814 bytes [15:43 20/11/2011] [15:43 20/11/2011] 9B1538FB702ECBF1D33ECEA246CADE4D
C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbar4ie.exe --a---- 997768 bytes [15:43 20/11/2011] [15:43 20/11/2011] 8F89BBB3805B49879DF7F1CCC1CD2922
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\Delta Babyloninfo.dfe --a---- 921 bytes [15:00 22/05/2013] [15:00 22/05/2013] 4052F9D43D19F706AADF8ADCD390D03C
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Babylon.dat --a---- 12848 bytes [10:32 27/03/2012] [10:32 27/03/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\Babylon.dat --a---- 12848 bytes [21:59 19/06/2012] [10:32 27/03/2012] ADBB6A655AE518830BA1AFEFDB84668F
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonObjectInstaller.inf --a---- 48 bytes [11:43 30/05/2012] [11:43 30/05/2012] 2B6C8B4FE00F6B220184812D426BC166
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonObjectInstaller.msi --a---- 346624 bytes [10:49 30/05/2012] [10:49 30/05/2012] 3F13781D8AF0D9B0495FE4301F71F99A
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\BabylonTB.xpi --a---- 48639 bytes [10:36 06/12/2011] [10:36 06/12/2011] 9C755237A70E9AE8047EA9D2A08D5B9B
C:\Documents and Settings\Administrator\Local Settings\temp\FB4CDD94-BAB0-7891-81B7-BE56AD07340E\Latest\MyBabylonTB.exe --a---- 1362728 bytes [12:49 27/11/2011] [12:49 27/11/2011] FBB423C97065AF571AA6FE515B751958
C:\Documents and Settings\Administrator\Local Settings\temp\is1590112554\MyBabylonTB.exe ------- 862832 bytes [18:02 02/04/2012] [18:02 02/04/2012] D4FE9619462D7613A6750256C94F4589

Searching for "*Conduit*"
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage --a---- 4096 bytes [15:12 22/05/2013] [15:12 22/05/2013] 4A073D5668ECE33919EBB9E9CEE0F35D
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\http_app.mam.conduit.com_0.localstorage-journal --a---- 3608 bytes [15:12 22/05/2013] [15:12 22/05/2013] 9B157CFAE359A4DF97D551FAD3EDD8FC
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\JYBI4JQK\storage.conduit[1].xml --a---- 13 bytes [15:20 22/05/2013] [15:20 22/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\MLSB1EZV\app.mam.conduit[1].xml --a---- 13 bytes [15:20 22/05/2013] [15:20 22/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Documents and Settings\Administrator\Local Settings\temp\ct3294791\conduit.xml --a---- 785 bytes [06:29 18/07/2012] [06:29 18/07/2012] 6ACD8B6E740CB1E9A9FA43F2087592C6
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\software\VAFMusic Conduit.exe --a---- 68528 bytes [15:00 22/05/2013] [15:00 22/05/2013] F1E16AB9120369E7D70D0C18F8453490
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\VAFMusic Conduitinfo.dfe --a---- 950 bytes [15:00 22/05/2013] [15:00 22/05/2013] 946B38AE25917D9304E150709B8B435C
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\CD15OLPO\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 2400 bytes [04:38 24/05/2013] [04:38 24/05/2013] DD3F97801C766E87DC5DCE28B059053E
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WPDHD333\translation_toolbar_conduit-services_com[1].txt --a---- 105127 bytes [04:38 24/05/2013] [04:38 24/05/2013] EB5BCA67000B076D57DB4732F16288CC
C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1779783_1770324_US.xml --a---- 188 bytes [21:12 23/05/2013] [21:12 23/05/2013] AE361135E15A98C3C937A8FE04BAEE96
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\7RKDY3L3\storage.conduit[1].xml --a---- 13 bytes [21:12 23/05/2013] [21:12 23/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Documents and Settings\Matthew\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\802XYR2Y\app.mam.conduit[1].xml --a---- 13 bytes [21:12 23/05/2013] [21:12 23/05/2013] C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Images_634987008136319964_png.png --a---- 1078 bytes [21:12 23/05/2013] [21:12 23/05/2013] 4EA6579BD649EF9B6B8AB042029EEE1E
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_images_634987008347060626_24PX_png.png --a---- 915 bytes [21:12 23/05/2013] [21:12 23/05/2013] 9C182B683F52150180D684C4FCCBA8DD
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_75_328_CT3287375_Skins_634987002007583586_png.png --a---- 213 bytes [21:12 23/05/2013] [21:12 23/05/2013] 23C389E60E5EC06927735ADFBD8CA40A
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029284934981902_png.png --a---- 647 bytes [21:12 23/05/2013] [21:12 23/05/2013] D0567C58EE174E11DCC015047A6A1FF2
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029285029831118_png.png --a---- 1136 bytes [21:12 23/05/2013] [21:12 23/05/2013] 92F9F08AADA8F544390F7FA5E6AFD023
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_91_329_CT3294791_Images_635029285133416446_png.png --a---- 829 bytes [21:12 23/05/2013] [21:12 23/05/2013] 7DC6506815501F44D664ABF9DA2E825D
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99D5F75C338F2A877CBF891E0F18746E
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [21:12 23/05/2013] [21:12 23/05/2013] F2291FAB46ED9291A1A2FFE9F88E9D84
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [21:12 23/05/2013] [21:12 23/05/2013] A847C5F6CE2C700048749892DD2E0619
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [21:12 23/05/2013] [21:12 23/05/2013] FED9E00C76F647EE6A0B7CC684C89F0C
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [21:12 23/05/2013] [21:12 23/05/2013] 36BD416D16391EFAAAFB2C3C54EAE986
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [21:12 23/05/2013] [21:12 23/05/2013] 943ADFD9E0DF1507F7BC419802BF4303
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [21:12 23/05/2013] [21:12 23/05/2013] 36C6FB9C84D4AF5C5D7C5B277A0E4A01
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [21:12 23/05/2013] [21:12 23/05/2013] 275C9DA2D536F18F528C80E050C3D705
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [21:12 23/05/2013] [21:12 23/05/2013] 3AD88BD8E832DA39FAAEDF07AD595F94
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [21:12 23/05/2013] [21:12 23/05/2013] 650731EEF807C292E699779B12CBE552
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [21:12 23/05/2013] [21:12 23/05/2013] 9B4D914888BCFFCBAE6757A0E450551C
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [21:12 23/05/2013] [21:12 23/05/2013] 01B83C91554738F6AFFB7895BBBA73FB
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_eula_png.png --a---- 513 bytes [21:12 23/05/2013] [21:12 23/05/2013] F43944209A64CCD0C9B5A92743F0F787
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [21:12 23/05/2013] [21:12 23/05/2013] EC3C2B4E0DEC4D880BAFF88ABBF94188
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [21:12 23/05/2013] [21:12 23/05/2013] A9E001CBC00B06B121DFBC80707F5298
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [21:12 23/05/2013] [21:12 23/05/2013] 15DEF39E438E807E2F0E22D44FDC7FB7
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] 995595D4C685D659E8F03CD0A287EDDF
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] AA39D8A6B65E208901EBA9F3D4728D3E
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [21:12 23/05/2013] [21:12 23/05/2013] 464E244E7E2F27FB85E0C3AB69D72104
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [21:12 23/05/2013] [21:12 23/05/2013] 6427565C7105DC497287866100F260BB
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [21:12 23/05/2013] [21:12 23/05/2013] AE7C9F67594A84B096D225601ACB0B2A
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [21:12 23/05/2013] [21:12 23/05/2013] C3EBA0237D68F665AF6D663906221092
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [21:12 23/05/2013] [21:12 23/05/2013] 8BE02D510B4B2E05AD2611B1E9A0BD56
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_Menu_uninstall-icon_png.png --a---- 617 bytes [21:12 23/05/2013] [21:12 23/05/2013] 80648ABDB2DEB2D53DBFD77D57A9C886
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [21:12 23/05/2013] [21:12 23/05/2013] 66018EAE0906C9831A821CAE5D1089BB
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [21:12 23/05/2013] [21:12 23/05/2013] 84896837EDB1A78C14DB6A2F3A0AEE3A
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [21:12 23/05/2013] [21:12 23/05/2013] 948781E4B6478290050ECA4423B89B1E
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [21:12 23/05/2013] [21:12 23/05/2013] AE5A39669C623937C0839E079E1088D5
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [21:12 23/05/2013] [21:12 23/05/2013] 766433EF38BDA83C4FD4932027A4B9D5
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif --a---- 259 bytes [21:12 23/05/2013] [21:12 23/05/2013] 110EC9BCA8470D6488B626EA28914A6C
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en&ctid=CT3294791.xml --a---- 7037 bytes [21:12 23/05/2013] [21:12 23/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en&ctid=CT3294791.xml --a---- 5515 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en&ctid=CT3294791.xml --a---- 6581 bytes [21:12 23/05/2013] [21:12 23/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en&ctid=CT3294791.xml --a---- 5514 bytes [21:12 23/05/2013] [21:12 23/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\contextmenu_toolbar_conduit-services_com[1].txt --a---- 7037 bytes [21:12 23/05/2013] [21:12 23/05/2013] 0B96497BA80BF342415B90AE2F2FB092
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\7OPU3KS7\sf_conduit_loader[1].html --a---- 7757 bytes [21:12 23/05/2013] [21:12 23/05/2013] D515D54078E48B8D510EEAEFE950B2F8
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\DDI4PBCO\appsmetadata_toolbar_conduit-services_com[1].txt --a---- 2400 bytes [21:12 23/05/2013] [21:12 23/05/2013] DD3F97801C766E87DC5DCE28B059053E
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[1].txt --a---- 5514 bytes [21:12 23/05/2013] [21:12 23/05/2013] 16A75DAC853B7B226069A2F21C379531
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[2].txt --a---- 6581 bytes [21:12 23/05/2013] [21:12 23/05/2013] 93DBA7DBB3A402F930076666BD7C539C
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\EBYMCTZP\contextmenu_toolbar_conduit-services_com[3].txt --a---- 5515 bytes [21:12 23/05/2013] [21:12 23/05/2013] 99F43BD1FBE50F6CEE0714818FCAD0A8
C:\Documents and Settings\Matthew\Local Settings\Temporary Internet Files\Content.IE5\KDA1C9V0\sf_conduit_mam_app[1].html --a---- 3846 bytes [21:12 23/05/2013] [21:12 23/05/2013] BA848B8687D00278B07C209250B74C81
C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206160 bytes [05:32 10/08/2012] [05:32 10/08/2012] 309B2B1B22EE841E49F62C7A6FB55E46

Searching for "*datamngr*"
No files found.

Searching for "*searchab*"
No files found.

Searching for "*Fun4IM*"
No files found.

Searching for "*Funmoods*"
No files found.

Searching for "*iLivid*"
No files found.

Searching for "*IObit*"
No files found.

Searching for "*Iminent*"
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\iminent.css --a---- 2921 bytes [00:25 26/02/2013] [00:25 26/02/2013] 365ABF05AEDACA17810FAAB03D892B3B
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\iminent-imagen.png --a---- 41026 bytes [22:33 28/01/2013] [22:33 28/01/2013] 50F56E8C28B50DC0F728863A58258CCA
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\iminent-logo.png --a---- 6035 bytes [13:42 03/08/2012] [13:42 03/08/2012] B9B7BC075D4BE4FEF50FECC49B447EC3
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\Iminentinfo.dfe --a---- 47856 bytes [15:00 22/05/2013] [15:00 22/05/2013] AD4128646B73E48FA0CA767F1EEEA3DE
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent\Log\Iminent.MSI.log --a---- 30988 bytes [19:27 01/01/2012] [20:24 01/01/2012] 7D0C3BA42EF6006073F77F94C6C46B60
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent\Log\IMinentToolbar.msi.log --a---- 11460 bytes [19:27 01/01/2012] [20:24 01/01/2012] 00ED19FBBA19462F136238F9FB65DD13
C:\Documents and Settings\Matthew\Local Settings\Temp\nsaF76A.tmp\IminentSetup_2-YQ1jkVUP-1_.exe --a---- 825312 bytes [19:26 01/01/2012] [19:26 01/01/2012] 5A45A7E3E12BE51844B741945FB8E85E

Searching for "*Searchqu*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*smartbar*"
No files found.

Searching for "*Tarma*"
C:\Documents and Settings\Kevin\Favorites\ExplorerFavorites\My Sites\Star Maps.URL --a---- 143 bytes [14:25 02/05/2010] [14:25 02/05/2010] 2F4AB414AFE75122A1B90E77F786C21A
C:\Documents and Settings\Matthew\Application Data\MP3Rocket\TVImages\super_crazy_guitarman.jpg --a---- 1940 bytes [22:12 21/04/2011] [22:12 21/04/2011] CC50E481476A74E4C4148DEF0FA12080

Searching for "*trolltech*"
No files found.

Searching for "*Vafmusic2*"
No files found.

Searching for "*vshare*"
C:\Documents and Settings\Andrew\Local Settings\Temporary Internet Files\Content.IE5\D0KVPA0H\btn_vsharethis[1].gif --a---- 325 bytes [23:51 16/09/2010] [23:51 16/09/2010] 76B380D0FD3CDAD4DD3983B26FAEA68A
C:\Program Files\Wise\ADVANCED\VSHARE.386 --a---- 14933 bytes [18:03 15/10/2012] [05:00 11/01/1994] F632BCAE9E285CF717246C75A6FDD9B3
C:\Program Files\Wise\INCLUDE\VSHARE.WSE --a---- 820 bytes [18:03 15/10/2012] [21:09 06/02/1998] 12F880C43BC8295D27CE448396782280
C:\Program Files\Wise InstallMaster 8.1\Advanced\VSHARE.386 --a---- 14933 bytes [18:39 28/02/2012] [17:58 24/05/2001] F632BCAE9E285CF717246C75A6FDD9B3
C:\Program Files\Wise InstallMaster 8.1\Include\VShare.wse --a---- 900 bytes [18:39 28/02/2012] [17:59 24/05/2001] EF982480FEF6FCE38CF25B4E1F39B1A4
C:\Program Files\Wise InstallMaster 8.1\IncludeBACKUP\VShare.wse --a---- 900 bytes [18:39 28/02/2012] [17:59 24/05/2001] EF982480FEF6FCE38CF25B4E1F39B1A4

Searching for "*whitesmoke*"
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\whitesmoke.css --a---- 15259 bytes [19:23 21/02/2013] [19:23 21/02/2013] 5EF06091781C8D07BD85A071EA420E57
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img-gris.png --a---- 6104 bytes [16:53 16/10/2012] [16:53 16/10/2012] ECDA9D419EF846E066B16A51AC94AADE
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.jpg --a---- 5405 bytes [15:10 17/08/2012] [15:10 17/08/2012] 24A87BBB91F103F38E3DD4136C2EC358
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img.png --a---- 5223 bytes [13:42 03/08/2012] [13:42 03/08/2012] 5F58552CF5DA329F3390D05C19B3A447
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-img2.jpg --a---- 6885 bytes [14:47 01/08/2012] [14:47 01/08/2012] EFB7F860C1BC8F34C6A5E2BA0F6B36F8
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-logo.png --a---- 4134 bytes [13:42 03/08/2012] [13:42 03/08/2012] F0704EA722C449E60FC41C0BA822FA79
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\css\images\whitesmoke-toolbar-new-gris.png --a---- 4080 bytes [17:46 30/01/2013] [17:46 30/01/2013] 19CE0ACD2D24AE259C66C25F2FAF652A
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\temp\WhiteSmokeinfo.dfe --a---- 34007 bytes [15:00 22/05/2013] [15:00 22/05/2013] 10FD084B22329F248F0F7DA4468D998D

Searching for "*Yontoo*"
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooClientSetup[1]-0524.log --a---- 10735 bytes [03:56 22/06/2010] [03:56 22/06/2010] 5073E1697FD13B59B9F77C81D9C4FEFD
C:\Documents and Settings\Andrew\Local Settings\Temp\YontooTix9973765.log --a---- 48 bytes [03:56 22/06/2010] [03:56 22/06/2010] B41C0753A93C3B6B5CF0D04468EABD57

========== folderfind ==========

Searching for "*AskToolbar*"
C:\Documents and Settings\Andrew\Local Settings\Application Data\AskToolbar d------ [23:29 26/12/2010]
C:\Documents and Settings\Kevin\Local Settings\Application Data\AskToolbar d------ [22:10 26/12/2010]
C:\Documents and Settings\Matthew\Local Settings\Application Data\AskToolbar d------ [14:08 08/04/2011]
C:\Documents and Settings\Melanie\Local Settings\Application Data\AskToolbar d------ [04:36 21/12/2010]

Searching for "*Ask.com*"
No folders found.

Searching for "*Babylon*"
C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar d------ [21:59 19/06/2012]
C:\Documents and Settings\Administrator\Local Settings\temp\BabylonToolbar\BabylonToolbar d------ [21:59 19/06/2012]
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Delta Babylon d------ [15:00 22/05/2013]

Searching for "*Bandoo*"
No folders found.

Searching for "*Conduit*"
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\VAFMusic Conduit d------ [15:00 22/05/2013]
C:\Documents and Settings\Matthew\Local Settings\Application Data\Conduit d------ [21:12 23/05/2013]
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2\Repository\conduit_CT3294791_CT3294791 d------ [21:12 23/05/2013]

Searching for "*datamngr*"
No folders found.

Searching for "*searchab*"
No folders found.

Searching for "*smartbar*"
No folders found.

Searching for "*Fun4IM*"
No folders found.

Searching for "*Funmoods*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*IObit*"
No folders found.

Searching for "*Iminent*"
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\Iminent d------ [15:00 22/05/2013]
C:\Documents and Settings\Matthew\Local Settings\Temp\Iminent d------ [19:26 01/01/2012]

Searching for "*Searchqu*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Tarma*"
No folders found.

Searching for "*trolltech*"
No folders found.

Searching for "*Vafmusic2*"
C:\Documents and Settings\Matthew\Local Settings\Application Data\Vafmusic2 d------ [21:11 23/05/2013]

Searching for "*vshare*"
No folders found.

Searching for "*whitesmoke*"
C:\Documents and Settings\Administrator\Local Settings\temp\DIQM\FlashPlayer_151\bin\WhiteSmoke d------ [15:00 22/05/2013]

Searching for "*Yontoo*"
No folders found.

========== Regfind ==========

Searching for "AskToolbar"
No data found.

Searching for "Ask.com"
No data found.

Searching for "Babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}]
@="Babylon toolbar helper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\InprocServer32]
@="C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E46C8196-B634-44a1-AF6E-957C64278AB1}\InprocServer32]
@="C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar]

Searching for "Bandoo"
No data found.

Searching for "Conduit"
[HKEY_CURRENT_USER\Software\ConduitSearchScopes]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\SearchProtect\bin\cltmng.exe"="Search Protect by Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe"="Search Protect by Conduit"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"="Conduit Toolbar Uninstall"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"3C9969540349183469B424848DB7949F"="C:\Program Files\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\3C9969540349183469B424848DB7949F]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_CLTMNGSVC\0000]
"DeviceDesc"="Search Protect by Conduit Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Updater"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\CltMngSvc]
"Description"="This service enables auto-updates of Search Protect by Conduit, which maintains your selected Search settings."
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\ConduitSearchScopes]
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\SearchProtect\bin\cltmng.exe"="Search Protect by Conduit"
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Documents and Settings\Administrator\Application Data\SearchProtect\bin\cltmng.exe"="Search Protect by Conduit"
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"="Conduit Toolbar Uninstall"

Searching for "datamngr"
No data found.

Searching for "searchab"
No data found.

Searching for "Fun4IM"
No data found.

Searching for "Funmoods"
No data found.

Searching for "iLivid"
No data found.

Searching for "IObit"
No data found.

Searching for "Iminent"
No data found.

Searching for "Searchqu"
No data found.

Searching for "Searchnu"
No data found.

Searching for "smartbar"
No data found.

Searching for "Tarma"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Trolltech]
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]

Searching for "Vafmusic2"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe"="ToolbarHelper Application"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"="Conduit Toolbar Uninstall"
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\Vafmusic2ToolbarHelper1.exe"="ToolbarHelper Application"
[HKEY_USERS\S-1-5-21-1920358730-1913087698-391787831-500\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\Program Files\Vafmusic2\uninstall.exe"="Conduit Toolbar Uninstall"

Searching for "vshare"
No data found.

Searching for "whitesmoke"
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am

Re: bidder.tlvmedia.com etc from fake "Flash Player Update"

Unread postby moonlighting » May 24th, 2013, 8:54 pm

Instructions are still clear.
moonlighting
Regular Member
 
Posts: 27
Joined: May 22nd, 2013, 11:32 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware