TechSpot

Keyboard virus?

Solved
By ChappyLyk
May 19, 2012
  1. For just this day, I found out that the middle keys of my laptop's keyboard isn't working. (from caps lock to enter, also letters v and b, the back space key). Goog thing I have a USB Keyboard, and it works fine.

    Then I noticed that my laptop suddenly opens programs automatically such as windows media player, microsoft outlook, my computer, and some programs I dont remember. I've read one thread that looks the same as my problem posted by Mad Bad Monk entitled Keyboard Virus? BIOS Virus? Here's the link - http://www.techspot.com/community/topics/keyboard-virus-bios-virus.92044/.

    I also noticed that my scroll lock automatically turns on, and when that happens, I noticed my address bar in my browser inputs "?". For example the address is www.facebook.com, when the sroll lock turns on the address will become ? only. So I think it is somewhat related to the internet.

    Since I also read the replies, it said there that I should create another thread if I have some problems. I hope I can get help, I saw some instructions from the thread that I have read. but to be sure I made my own thread.

    Any ideas? Help? Thanks! :)
    Chap.
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot, Chap. I'll try to help. The thread you referenced is pretty old and a lot of things have changed in the 5 years.

    I will check for malware but I'd like you to do the following first:
    Go to the Control Panel> Keyboard> Check the settings> Correct if needed> then Apply> OK.
    Go to the Control Panel> Mouse> Check the settings for either touchpad or mouse> Adjust if needed> Apply> OK
    Go to the Control Panel> System> Hardware tab> Device Manager>On both 'keyboard' and 'mice and any other pointing devices' do you see and error icon> [​IMG]
    If you do, do a right click> Properties and see what the problem is.

    There is also chance that there is a mechanical problem with the keyboard. I got a new Dell Mini with the bad 'G key' and had to replace the whole keyboard.
    ===============================================
    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    =================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    Threads are closed after 5 days if there is no reply.

    After I review the logs, I should be able to determine if malware is the culprit and go from there.
     
  3. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    HI. Thanks for the reply. :)

    I already did the first instructions that you gave me, everything looks fine, I didn't see any error icon. And oh, my touchpad is also not working properly, sometimes it works but it responds late/delayed. But sometimes it doesn't respond. Anyway can I proceed to the next instruction about Preliminary Virus and Malware Removal?
     
  4. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    Hi I already proceeded to the next instruction.

    Here's the log from MBAM:

    Malwarebytes Anti-Malware (Trial) 1.61.0.1400
    www.malwarebytes.org

    Database version: v2012.05.20.07

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    tops :: CHRIS [administrator]

    Protection: Enabled

    5/21/2012 5:28:57 PM
    mbam-log-2012-05-21 (17-28-57).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 204305
    Time elapsed: 9 minute(s), 44 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 6
    C:\Windows\System32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.
    C:\Windows\System32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
    C:\Windows\System32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
    C:\Windows\System32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.
    C:\Windows\System32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
    C:\Windows\System32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

    (end)
     
  5. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-05-21 20:55:59
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1652GSX rev.LV010A
    Running: 8e6o72ww.exe; Driver: C:\Users\tops\AppData\Local\Temp\kxldqpod.sys


    ---- System - GMER 1.0.15 ----

    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E853DF8]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E9B9A5A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E85485E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E8592E4]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E859330]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E859422]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E859252]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E859374]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E85929A]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E8593DC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E853E44]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E9B9B34]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E853AD6]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E853E90]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E856D1C]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E854B02]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E85930E]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E859352]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E859446]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E859278]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E8593AE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E8592C2]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E859400]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E9B9CA0]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E8549CE]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E853EDC]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E853F28]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E853B46]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E853CEA]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E853C92]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E853D5A]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E9B9D60]
    SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E853F74]
    SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E9B9BE0]

    ---- Kernel code sections - GMER 1.0.15 ----

    .text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83285599 1 Byte [06]
    .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832AA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
    .text ntkrnlpa.exe!RtlSidHashLookup + 214 832B1864 4 Bytes [F8, 3D, 85, 8E]
    .text ntkrnlpa.exe!RtlSidHashLookup + 23C 832B188C 4 Bytes [5A, 9A, 9B, 8E]
    .text ntkrnlpa.exe!RtlSidHashLookup + 29C 832B18EC 4 Bytes [5E, 48, 85, 8E]
    .text ntkrnlpa.exe!RtlSidHashLookup + 2F0 832B1940 8 Bytes [E4, 92, 85, 8E, 30, 93, 85, ...] {IN AL, 0x92; TEST [ESI-0x717a6cd0], ECX}
    .text ntkrnlpa.exe!RtlSidHashLookup + 2FC 832B194C 4 Bytes [22, 94, 85, 8E]
    .text ...
    PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 834AF762 4 Bytes CALL 8E8551B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 834B7873 4 Bytes CALL 8E8551CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngMultiByteToUnicodeN + 7220 97309869 5 Bytes JMP 8E857536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngIsSemaphoreOwned + 8A1B 973208B4 5 Bytes JMP 8E85767C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + 7E89 9733DC81 5 Bytes JMP 8E85773C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngEraseSurface + C174 97341F6C 5 Bytes JMP 8E8582EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 1C30 9735478D 5 Bytes JMP 8E8577FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 3330 97355E8D 5 Bytes JMP 8E856F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!XFORMOBJ_iGetXform + 4035 97356B92 5 Bytes JMP 8E8580BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + 6CB 9735B676 5 Bytes JMP 8E85770C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetGammaTable + 18AB 9735C856 5 Bytes JMP 8E857562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAllocMem + 8FAF 97367875 5 Bytes JMP 8E857724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bEnum + 79B7 97378DC0 5 Bytes JMP 8E856FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bEnum + 869E 97379AA7 5 Bytes JMP 8E856E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bEnum + 928E 9737A697 5 Bytes JMP 8E857384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateSemaphore + A659 9739551D 5 Bytes JMP 8E857F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCreateSemaphore + CA0E 973978D2 5 Bytes JMP 8E856D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngBitBlt + 56E 973A0F4D 5 Bytes JMP 8E858036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngBitBlt + 5230 973A5C0F 5 Bytes JMP 8E8584F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLpkInstalled + 6119 973B8F4A 5 Bytes JMP 8E856E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLpkInstalled + 11685 973C44B6 5 Bytes JMP 8E85807C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngLpkInstalled + 1AEC6 973CDCF7 5 Bytes JMP 8E859544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!STROBJ_bEnum + 99C0 973E142C 5 Bytes JMP 8E8572E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngPlgBlt + 26C1 973E950A 5 Bytes JMP 8E8583A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_bPolyBezierTo + F8 973FCF90 5 Bytes JMP 8E8571AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 9740D2F5 5 Bytes JMP 8E858450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!PATHOBJ_vGetBounds + EB5 974371DF 5 Bytes JMP 8E8570B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngCTGetCurrentGamma + 1C88 9743B20A 5 Bytes JMP 8E857104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetPointerShape + B31 9743DD6B 5 Bytes JMP 8E8577E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!EngSetPointerShape + C86 9743DEC0 5 Bytes JMP 8E858232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_cEnumStart + 6DCE 97446C85 5 Bytes JMP 8E856F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    .text win32k.sys!CLIPOBJ_cEnumStart + A4CD 9744A384 5 Bytes JMP 8E857248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
    PAGE peauth.sys AA82902C 102 Bytes JMP C65D7CB9
     
  6. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    ---- User code sections - GMER 1.0.15 ----

    .text C:\Windows\system32\Dwm.exe[464] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\Dwm.exe[464] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\Dwm.exe[464] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\Dwm.exe[464] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000F0A08
    .text C:\Windows\system32\Dwm.exe[464] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000F03FC
    .text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000F0804
    .text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000F01F8
    .text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000F0600
    .text C:\Windows\Explorer.EXE[484] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\Explorer.EXE[484] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\Explorer.EXE[484] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\Explorer.EXE[484] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000A0A08
    .text C:\Windows\Explorer.EXE[484] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000A03FC
    .text C:\Windows\Explorer.EXE[484] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000A0804
    .text C:\Windows\Explorer.EXE[484] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000A01F8
    .text C:\Windows\Explorer.EXE[484] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000A0600
    .text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000303FC
    .text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000301F8
    .text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000C0804
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000C0600
    .text C:\Windows\system32\csrss.exe[576] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\services.exe[620] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000303FC
    .text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000301F8
    .text C:\Windows\system32\winlogon.exe[664] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000C0A08
    .text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000C03FC
    .text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000C0804
    .text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000C01F8
    .text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000C0600
    .text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\lsm.exe[700] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[884] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[884] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00190A08
    .text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001903FC
    .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00190804
    .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001901F8
    .text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00190600
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
    .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00590A08
    .text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 005903FC
    .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00590804
    .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 005901F8
    .text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00590600
    .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 007B0A08
    .text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 007B03FC
    .text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 007B0804
    .text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 007B01F8
    .text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 007B0600
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00600A08
    .text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 006003FC
    .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00600804
    .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 006001F8
    .text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00600600
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000503FC
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000501F8
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00080A08
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000803FC
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00080804
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000801F8
    .text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00080600
    .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00800A08
    .text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 008003FC
    .text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00800804
    .text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 008001F8
    .text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00800600
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 760230E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
    .text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
    .text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
    .text C:\Windows\System32\spoolsv.exe[1620] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\spoolsv.exe[1620] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\spoolsv.exe[1620] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
    .text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
    .text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
    .text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
    .text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00400A08
    .text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 004003FC
    .text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00400804
    .text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 004001F8
    .text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00400600
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
    .text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
    .text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000A03FC
    .text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000A01F8
    .text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[1960] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000503FC
    .text C:\Windows\system32\taskhost.exe[1960] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000501F8
    .text C:\Windows\system32\taskhost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\taskhost.exe[1960] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00130A08
    .text C:\Windows\system32\taskhost.exe[1960] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001303FC
    .text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00130804
    .text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001301F8
    .text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00130600
    .text C:\Windows\System32\svchost.exe[2096] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2096] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2096] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2136] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2136] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2136] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2192] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\svchost.exe[2192] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
    .text C:\Windows\System32\svchost.exe[2192] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
    .text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
    .text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
    .text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
    .text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
    .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2240] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
    .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\System32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001A0A08
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001A03FC
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001A0804
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001A01F8
    .text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001A0600
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text
     
  7. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
    .text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
    .text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00290A08
    .text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002903FC
    .text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00290804
    .text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002901F8
    .text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00290600
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00210A08
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002103FC
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00210804
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002101F8
    .text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00210600
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
    .text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
    .text C:\Windows\System32\rundll32.exe[2980] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000B03FC
    .text C:\Windows\System32\rundll32.exe[2980] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000B01F8
    .text C:\Windows\System32\rundll32.exe[2980] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\rundll32.exe[2980] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
    .text C:\Windows\System32\rundll32.exe[2980] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
    .text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
    .text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
    .text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
    .text C:\Windows\System32\igfxtray.exe[3068] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Windows\System32\igfxtray.exe[3068] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Windows\System32\igfxtray.exe[3068] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
    .text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
    .text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
    .text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
    .text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
    .text C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Windows\System32\hkcmd.exe[3076] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
    .text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
    .text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
    .text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
    .text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
    .text C:\Windows\System32\igfxpers.exe[3084] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Windows\System32\igfxpers.exe[3084] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Windows\System32\igfxpers.exe[3084] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00190A08
    .text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001903FC
    .text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00190804
    .text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001901F8
    .text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00190600
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00210A08
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002103FC
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00210804
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002101F8
    .text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00210600
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001E0A08
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001E03FC
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001E0804
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001E01F8
    .text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001E0600
    .text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Windows\system32\igfxsrvc.exe[3136] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001E0A08
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001E03FC
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001E0804
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001E01F8
    .text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001E0600
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
    .text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
    .text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
    .text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
    .text C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Windows\system32\SearchIndexer.exe[3468] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
    .text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
    .text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
    .text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
    .text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000703FC
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000701F8
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00110A08
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001103FC
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00110804
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001101F8
    .text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00110600
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00AB0A08
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 00AB03FC
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00AB0804
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 00AB01F8
    .text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00AB0600
    .text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3548] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
    .text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001903FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001901F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00380A08
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003803FC
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00380804
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003801F8
    .text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00380600
    .text C:\Windows\system32\ctfmon.exe[3724] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00320A08
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003203FC
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00320804
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003201F8
    .text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00320600
    .text C:\Windows\system32\wuauclt.exe[4048] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000703FC
    .text C:\Windows\system32\wuauclt.exe[4048] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000701F8
    .text C:\Windows\system32\wuauclt.exe[4048] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
    .text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
    .text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
    .text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
    .text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
    .text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
    .text C:\Windows\system32\AUDIODG.EXE[4724] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]

    ---- User IAT/EAT - GMER 1.0.15 ----

    IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7118F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
    IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7118F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

    ---- Devices - GMER 1.0.15 ----

    Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

    AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
    AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
    AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cf1a5339 0x72 0x01 0xC4 0xF7 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cfafa944 0x13 0x8D 0x32 0x9C ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0024830c9ff0 0x39 0xF2 0x59 0x45 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@001e3afba0fe 0x2C 0xC9 0x14 0x18 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cf1a5339 0x72 0x01 0xC4 0xF7 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cfafa944 0x13 0x8D 0x32 0x9C ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0024830c9ff0 0x39 0xF2 0x59 0x45 ...
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@001e3afba0fe 0x2C 0xC9 0x14 0x18 ...

    ---- EOF - GMER 1.0.15 ----
     
  8. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
    Run by tops at 21:15:30 on 2012-05-21
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.694 [GMT 8:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\PowerISO\PWRISOVM.EXE
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\USB Disk Security\USBGuard.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\DivX\DivX Update\DivXUpdate.exe
    C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\ctfmon.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\conhost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
    uInternet Settings,ProxyOverride = *.local
    uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
    mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
    BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
    TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
    uRun: [Octoshape Streaming Services] "c:\users\tops\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [Google Update] "c:\users\tops\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [Facebook Update] "c:\users\tops\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [USBGuard] c:\program files\usb disk security\USBGuard.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UCam_Menu] "c:\program files\hp\youcam\muitransfer\muistartmenu.exe" "c:\program files\hp\youcam" update "software\cyberlink\youcam\1.0"
    mRun: [<NO NAME>]
    mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
    mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\tops\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\tops\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    Trusted Zone: 111222.cn\list1
    Trusted Zone: pps.tv\kan
    Trusted Zone: pps.tv\list1
    Trusted Zone: pps.tv\tvguide
    Trusted Zone: pps.tv\vodguide
    Trusted Zone: ppstream.com\list1
    Trusted Zone: ppstream.com\notice
    Trusted Zone: ppstream.com\xml1
    Trusted Zone: ppstream.com\xml2
    Trusted Zone: ppstream.com\xml3
    Trusted Zone: ppstream.net\list1
    Trusted Zone: ppstv.com\list1
    Trusted Zone: ppstv.net\list1
    Trusted Zone: security_PPStream.exe
    DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 203.167.97.66
    TCP: Interfaces\{9B81F3C0-2DF2-4A33-A0F3-5079F9E2CCC6} : DhcpNameServer = 203.167.97.66
    TCP: Interfaces\{9B81F3C0-2DF2-4A33-A0F3-5079F9E2CCC6}\47C67796C637F6E6 : DhcpNameServer = 121.1.3.82 121.1.3.20
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    FF - component: c:\users\tops\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
    FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
    FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\tops\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
    FF - plugin: c:\users\tops\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\users\tops\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
    FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\tops\appdata\roaming\idm\idmmzcc5
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-19 612184]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-19 337880]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-19 20696]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-19 57688]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-19 44768]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-6 89376]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-21 654408]
    R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-8-24 1959208]
    R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-21 22344]
    R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-12-20 322336]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-20 29472]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 135664]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-18 1343400]
    .
    =============== File Associations ===============
    .
    .scr=AutoCADScriptFile
    .
    =============== Created Last 30 ================
    .
    2012-05-21 09:23:25--------d-----w-c:\users\tops\appdata\roaming\Malwarebytes
    2012-05-21 09:23:15--------d-----w-c:\programdata\Malwarebytes
    2012-05-21 09:23:1422344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-05-21 09:23:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-05-19 10:18:2944376----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-05-19 10:18:24612184----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-05-19 10:18:2157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-05-19 10:17:4041184----a-w-c:\windows\avastSS.scr
    2012-05-19 10:17:29--------d-----w-c:\programdata\AVAST Software
    2012-05-19 10:17:29--------d-----w-c:\program files\AVAST Software
    2012-05-18 11:34:276737808----a-w-c:\programdata\microsoft\windows defender\definition updates\{9134824c-195a-4805-913a-e3cc0a815759}\mpengine.dll
    2012-05-05 07:14:502557952----a-w-c:\windows\system32\QtCore4.dll
    2012-05-05 07:14:3980024----a-w-c:\windows\system32\mfcm100u.dll
    2012-05-05 07:14:39772248----a-w-c:\windows\system32\msvcr100.dll
    2012-05-05 07:14:39419480----a-w-c:\windows\system32\msvcp100.dll
    2012-05-05 07:14:39136344----a-w-c:\windows\system32\atl100.dll
    2012-05-05 07:14:384421272----a-w-c:\windows\system32\mfc100u.dll
    .
    ==================== Find3M ====================
    .
    2012-04-02 04:46:443958128----a-w-c:\windows\system32\ntkrnlpa.exe
    2012-04-02 04:46:443902320----a-w-c:\windows\system32\ntoskrnl.exe
    2012-04-02 02:43:162342400----a-w-c:\windows\system32\win32k.sys
    2012-03-30 10:29:051287024----a-w-c:\windows\system32\drivers\tcpip.sys
    2012-03-30 04:51:1570304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-30 04:51:15418464----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-03-17 07:20:1756688----a-w-c:\windows\system32\drivers\partmgr.sys
    2012-03-03 05:40:211074176----a-w-c:\windows\system32\DWrite.dll
    2012-03-03 05:40:101170944----a-w-c:\windows\system32\d3d10warp.dll
    2012-03-03 05:40:09739840----a-w-c:\windows\system32\d2d1.dll
    2012-03-03 05:40:09218624----a-w-c:\windows\system32\d3d10_1core.dll
    2012-03-03 05:40:09161792----a-w-c:\windows\system32\d3d10_1.dll
    2012-03-01 05:53:2719312----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 05:49:05172544----a-w-c:\windows\system32\wintrust.dll
    2012-03-01 05:45:05158720----a-w-c:\windows\system32\imagehlp.dll
    2012-03-01 05:40:445120----a-w-c:\windows\system32\wmi.dll
    2012-02-28 01:18:551799168----a-w-c:\windows\system32\jscript9.dll
    2012-02-28 01:11:211427456----a-w-c:\windows\system32\inetcpl.cpl
    2012-02-28 01:11:071127424----a-w-c:\windows\system32\wininet.dll
    2012-02-28 01:03:162382848----a-w-c:\windows\system32\mshtml.tlb
    2012-02-23 02:18:36237072------w-c:\windows\system32\MpSigStub.exe
    .
    ============= FINISH: 21:18:05.66 ===============
     
  9. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 7/18/2010 12:50:30 AM
    System Uptime: 5/21/2012 7:41:21 PM (2 hours ago)
    .
    Motherboard: Wistron | | 30CD
    Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 983/667mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 149 GiB total, 29.97 GiB free.
    D: is CDROM ()
    E: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
    Service:
    .
    Class GUID:
    Description: Base System Device
    Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Manufacturer:
    Name: Base System Device
    PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
    Service:
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0000
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #3
    PNP Device ID: ROOT\*ISATAP\0000
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0001
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #4
    PNP Device ID: ROOT\*ISATAP\0001
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft ISATAP Adapter
    Device ID: ROOT\*ISATAP\0002
    Manufacturer: Microsoft
    Name: Microsoft ISATAP Adapter #5
    PNP Device ID: ROOT\*ISATAP\0002
    Service: tunnel
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Microsoft Teredo Tunneling Adapter
    Device ID: ROOT\*TEREDO\0000
    Manufacturer: Microsoft
    Name: Teredo Tunneling Pseudo-Interface
    PNP Device ID: ROOT\*TEREDO\0000
    Service: tunnel
    .
    ==== System Restore Points ===================
    .
    RP270: 4/17/2012 6:55:17 PM - Windows Update
    RP271: 4/20/2012 8:28:59 PM - Windows Update
    RP272: 4/24/2012 3:05:19 PM - Windows Update
    RP273: 5/2/2012 8:05:46 AM - Windows Update
    RP274: 5/4/2012 8:11:38 AM - Windows Update
    RP275: 5/5/2012 9:13:59 AM - Windows Update
    RP276: 5/16/2012 7:18:11 AM - Windows Update
    RP277: 5/17/2012 7:49:30 AM - Windows Update
    RP278: 5/18/2012 7:07:35 AM - Windows Update
    RP279: 5/18/2012 7:32:54 PM - Windows Update
    RP280: 5/19/2012 6:17:05 PM - avast! Free Antivirus Setup
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    32 Bit HP CIO Components Installer
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 8
    Adobe Shockwave Player 11.5
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AuthenTec TrueSuite
    Autodesk Design Review 2010
    avast! Free Antivirus
    BlackBerry Desktop Software 6.1
    Bonjour
    Chikka Messenger V4
    Conduit Engine
    Conexant HD Audio
    CyberLink YouCam
    D3DX10
    DivX Setup
    DVDVideoSoftTB Toolbar
    Facebook Video Calling 1.2.0.159
    Free Studio version 5.0.9
    Free Video to MP3 Converter version 4.3.3.920
    Free WebM Video Converter version 5.0.11.504
    Free YouTube Download version 3.0.14.908
    Free YouTube to MP3 Converter version 3.10.9.908
    Google Chrome
    Google Talk Plugin
    Google Update Helper
    HDAUDIO Soft Data Fax Modem with SmartCP
    HP QuickPlay 3.7
    HP Update
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    Internet Download Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Java(TM) SE Runtime Environment 6 Update 1
    Malwarebytes Anti-Malware version 1.61.0.1400
    ManyCam 2.6.1 (remove only)
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office 2007 Service Pack 3 (SP3)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox (3.6.28)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    NVIDIA Drivers
    Octoshape Streaming Services
    PowerISO
    QuickTime
    Safari
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
    Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
    Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
    Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
    Skype Click to Call
    Skype™ 5.5
    teampilipinas Toolbar
    TeamViewer 5
    Uninstall 1.0.0.1
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    uTorrentBar Toolbar
    VC80CRTRedist - 8.0.50727.4053
    Vegas Movie Studio HD Platinum 10.0
    VideoLAN VLC media player 0.8.6c
    WIDCOMM Bluetooth Software
    Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
    Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
    Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    WinPcap 4.1.2
    WinRAR archiver
    Yahoo! BrowserPlus 2.7.1
    Yahoo! Messenger
    Yahoo! Software Update
    Yahoo! Toolbar
    .
    ==== Event Viewer Messages From Past Week ========
    .
    5/21/2012 7:41:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xe1c1e000, 0x00000000, 0x83237114, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052112-25568-01.
    5/21/2012 5:41:50 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
    5/21/2012 5:41:50 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
    5/21/2012 5:41:50 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
    5/21/2012 4:55:51 PM, Error: i8042prt [23] - Could not set the mouse resolution.
    5/20/2012 7:16:38 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
    5/19/2012 11:00:41 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
    5/17/2012 8:02:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2659262).
    .
    ==== End Of File ===========================
     
  10. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Your system is full of programs and processes that are a danger to the system:

    1. You have put all of the processes related to PPStream in the Trusted Zone where the security is lower. PPS.tv (PPStream) is a Chinese peer-to-peer streaming video network software.
    2. You also have uTorrent and uTorrent Toolbar all over the system.P2P
    3. Additionally, you have many Conduit entries for toolbars, searches and BHOs :
    Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
    ------------------------------------------
    P2P or 'file sharing' Warning:
    • Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall all of these programs for the following reasons:
    • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
    • Malware writers use these program to include malicious content.
    • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
    • The 'sharing' also includes malware that the shared system has on it.
    • Files that are illegal can be spread through file sharing.
    Please read the information on P2P Warning to help you better understand these dangers.
    =================================================
    It appears that you are most interested in streaming and little interested in security for the system. Unless you are willing to remove these vulnerabilities to the system, there is no point in trying to clean it. Please just do the following 2 scans and I will review the logs.
    =================================================
    Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    ================================================
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
     
  11. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    I have a question. I was surprised when I opened the IE. There were 3 tabs opened. 1st is conduit.com, 2nd is IE is updated 3rd Skype toolbars, and when I saw the toolbars in IE, there are many. I didn't even know where it came from because I dont use IE, I only use mozilla and Google Chrome. And what specific programs should I remove/uninstall?

    Anyway here's the log from CKScanner:

    CKScanner - Additional Security Risks - These are not necessarily bad
    c:\program files\garena\plugins\ui\avoidcrackplugin.dll
    c:\users\tops\documents\downloads\compressed\usb disk security v5.0.0.38 & crack.rar
    c:\users\tops\downloads\sonykeygen_littletrex7.rar
    c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\mart!k.txt
    c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sony products keygen 2.0 - [mart!k].exe
    c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sound forge 10 fix [mart!k].reg
    scanner sequence 3.FN.11.SPAPJU
    ----- EOF -----
     
     
  12. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    Here's the log from ESET:

    C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
    C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
    C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application
    C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
    C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
    C:\Users\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application
     
  13. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    All of the programs in the CK Scanner have been pirated. I do not support piracy- if you want to continue support, you will have to remove all pirted content.

    The Eset entries are all for the Uniblue SpeedUpMyPC. Suggest you remove it
     
  14. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    I already removed the Uniblue SpeedUpMyPC a long time ago, why is it still in my PC? I can't find it.

    Can I have a list of specific programs to remove/uninstall? I don't which should I remove. I'm willing to remove/uninstall programs, but I don't what specific programs to remove.

    Thanks!
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
    uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    Trusted Zone: 111222.cn\list1
    Trusted Zone: pps.tv\kan
    Trusted Zone: pps.tv\list1
    Trusted Zone: pps.tv\tvguide
    Trusted Zone: pps.tv\vodguide
    Trusted Zone: ppstream.com\list1
    Trusted Zone: ppstream.com\notice
    Trusted Zone: ppstream.com\xml1
    Trusted Zone: ppstream.com\xml2
    Trusted Zone: ppstream.com\xml3
    Trusted Zone: ppstream.net\list1
    Trusted Zone: ppstv.com\list1
    Trusted Zone: ppstv.net\list1
    Trusted Zone: security_PPStream.exe
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    PPS.tv (PPStream) is a Chinese peer-to-peer streaming video network software.
    =====================
    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files
      C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe
      C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe
      C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exe
      C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe
      C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe
      C:\Users\tops\Downloads\Programs\registrybooster.exe
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    --------------------------------------
    Any program or download for which a crack or keygen has been used to obtain it means the program or download has been stolen. This is illegal. Instead of paying the price due, the crack or keygen is obtained from a file sharing site for the license or key to run it:
    You have illegally obtained all of the Sony products and USB security above.
     
  16. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    ComboFix 12-05-28.01 - tops 05/28/2012 19:54:04.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1141 [GMT 8:00]
    Running from: c:\users\tops\Desktop\ComboFix.exe
    Command switches used :: c:\users\tops\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\install.exe
    c:\users\tops\AppData\Roaming\Local
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
    .
    .
    2012-05-28 11:27 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{98F96FE5-AFF4-4DBE-810E-D0118744DE3C}\mpengine.dll
    2012-05-22 05:32 . 2012-05-22 05:32--------d-----w-c:\program files\ESET
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\users\tops\AppData\Roaming\Malwarebytes
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\programdata\Malwarebytes
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-05-21 09:23 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-05-19 10:18 . 2012-03-07 00:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-19 10:18 . 2012-03-07 00:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-05-19 10:18 . 2012-03-07 00:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-05-19 10:18 . 2012-03-07 00:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-05-19 10:18 . 2012-03-07 00:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-05-19 10:18 . 2012-03-07 00:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-05-19 10:17 . 2012-03-07 00:1541184----a-w-c:\windows\avastSS.scr
    2012-05-19 10:17 . 2012-03-07 00:15201352----a-w-c:\windows\system32\aswBoot.exe
    2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\programdata\AVAST Software
    2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\program files\AVAST Software
    2012-05-05 07:14 . 2012-03-22 05:432557952----a-w-c:\windows\system32\QtCore4.dll
    2012-05-05 07:14 . 2012-03-06 07:4380024----a-w-c:\windows\system32\mfcm100u.dll
    2012-05-05 07:14 . 2012-03-06 07:43772248----a-w-c:\windows\system32\msvcr100.dll
    2012-05-05 07:14 . 2012-03-06 07:43419480----a-w-c:\windows\system32\msvcp100.dll
    2012-05-05 07:14 . 2012-03-06 07:43136344----a-w-c:\windows\system32\atl100.dll
    2012-05-05 07:14 . 2012-03-06 07:434421272----a-w-c:\windows\system32\mfc100u.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-30 04:51 . 2012-03-30 04:51418464----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-03-30 04:51 . 2011-05-30 21:5870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-03-01 05:53 . 2012-04-11 19:0219312----a-w-c:\windows\system32\drivers\fs_rec.sys
    2012-03-01 05:49 . 2012-04-11 19:02172544----a-w-c:\windows\system32\wintrust.dll
    2012-03-01 05:45 . 2012-04-11 19:02158720----a-w-c:\windows\system32\imagehlp.dll
    2012-03-01 05:40 . 2012-04-11 19:025120----a-w-c:\windows\system32\wmi.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2011-05-30 16:5021864----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "Octoshape Streaming Services"="c:\users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "Facebook Update"="c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-05 3425688]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "USBGuard"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2010-03-08 468264]
    "UCam_Menu"="c:\program files\HP\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:243406682
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-08-17 1959208]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-12-19 322336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:51]
    .
    2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
    - c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
    .
    2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
    - c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
    - c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
    .
    2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
    - c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\tops\AppData\Roaming\Mozilla\Firefox\Profiles\fc1o0wa7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\tops\AppData\Roaming\IDM\idmmzcc5
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):3d,2a,c6,72,d5,9c,a0,d3,f7,39,fa,f4,6a,fe,4d,54,b8,6b,ba,0d,c6,
    8f,3b,8c,6a,39,f4,d0,ae,30,f6,bf,b9,c8,13,10,3d,e8,03,4c,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):91,e4,8a,fa,8f,57,18,d8,39,f7,36,26,15,34,13,43,7d,c7,46,d7,be,
    32,55,3f,b7,12,e9,a0,9d,b3,f2,aa,cd,ea,c2,2f,11,fe,2f,cb,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{925cb20d-4a52-4999-911e-b02d61728c98}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000089
    "Therad"=dword:00000016
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{b6d5cd57-eb25-47f9-903c-c80c79ed0e4c}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000124
    "Therad"=dword:00000020
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-05-28 20:11:32
    ComboFix-quarantined-files.txt 2012-05-28 12:11
    .
    Pre-Run: 33,277,120,512 bytes free
    Post-Run: 33,038,942,208 bytes free
    .
    - - End Of File - - 0DFE85E5C5D55BF116E754810281AC4D
     
  17. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    All processes killed
    ========== FILES ==========
    C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe moved successfully.
    File/Folder C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
    C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exe moved successfully.
    File/Folder C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
    File/Folder C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
    File/Folder C:\Users\tops\Downloads\Programs\registrybooster.exe not found.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 134 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    User: TeamViewer
    ->Temp folder emptied: 0 bytes

    User: tops
    ->Temp folder emptied: 53248 bytes
    ->Temporary Internet Files folder emptied: 3490101 bytes
    ->Java cache emptied: 568641 bytes
    ->FireFox cache emptied: 103188297 bytes
    ->Google Chrome cache emptied: 334501076 bytes
    ->Apple Safari cache emptied: 17263616 bytes
    ->Flash cache emptied: 20674756 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 81920 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 458.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 05282012_201620

    Files moved on Reboot...

    Registry entries deleted on Reboot...
     
  18. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Repeat the CK Scan please. Did you not understand when I said I don't support piracy?
     
  19. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    I do understand. I am just waiting for you to say if I can already remove it. I said I'm willing to remove programs. So, can I already remove those programs NOW? I just want to confirm, the programs I'll remove is Sony product and USB Security? Are there other programs that I should remove?
     
  20. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    If you understand, then remove all of the programs and/or downloads that you pirated! No support will be given until that has been done.

    All programs or downloads you got by using torrent sites to get licenses, registration or other that documentation you used instead of paying are pirated.
     
  21. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    Hello,
    I have already deleted/removed programs such as:
    • Sony Vegas + Keypatch for Sony
    • USB Disk Security + Keygen (RAR)
    • Internet Download Manager + Keypatch
    • uTorrent
    • Garena
    • Other Downloads
    Are there other programs that I should remove?

    By the way, here's the log from CKScanner:

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.MN.11.MOABWH
    ----- EOF -----
     
  22. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    Please tell me if there are still programs to remove. Thanks! :)
     
  23. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    This should help:

    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    DDS::
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
    uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
    mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
    TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
    TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
    TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {555d4d79-4bd2-4094-a395-cfc534424a05}
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    Trusted Zone: 111222.cn\list1
    Trusted Zone: pps.tv\kan
    Trusted Zone: pps.tv\list1
    Trusted Zone: pps.tv\tvguide
    Trusted Zone: pps.tv\vodguide
    Trusted Zone: ppstream.com\list1
    Trusted Zone: ppstream.com\notice
    Trusted Zone: ppstream.com\xml1
    Trusted Zone: ppstream.com\xml2
    Trusted Zone: ppstream.com\xml3
    Trusted Zone: ppstream.net\list1
    Trusted Zone: ppstv.com\list1
    Trusted Zone: ppstv.net\list1
    Trusted Zone: security_PPStream.exe
    Registry::
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=-
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    RegLock::
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{925cb20d-4a52-4999-911e-b02d61728c98}]
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{b6d5cd57-eb25-47f9-903c-c80c79ed0e4c}]
    Clearjavacache::
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    =============================
    Please update the following:
    Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
    Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
    Java(TM) > Current is v7u4> Java Updates .
    Uninstall any earlier versions in of both as they are vulnerabilities for the system.
    ==============================
    Please update and rerun the Eset scan. Leave new logs for Combofix and Eset scan in your next reply.
    ===============================
    Give me an update on how the system is doing.
     
  24. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    ComboFix 12-05-28.01 - tops 06/02/2012 11:34:31.2.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1328 [GMT 8:00]
    Running from: c:\users\tops\Desktop\ComboFix.exe
    Command switches used :: c:\users\tops\Desktop\CFScript.txt
    AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-06-02 03:48 . 2012-06-02 03:48--------d-----w-c:\users\tops\AppData\Local\temp
    2012-06-02 03:48 . 2012-06-02 03:48--------d-----w-c:\users\Default\AppData\Local\temp
    2012-06-01 12:08 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CA57395-D269-4CCF-9191-DC7A9D450563}\mpengine.dll
    2012-05-28 12:16 . 2012-05-28 12:16--------d-----w-C:\_OTM
    2012-05-22 05:32 . 2012-05-22 05:32--------d-----w-c:\program files\ESET
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\users\tops\AppData\Roaming\Malwarebytes
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\programdata\Malwarebytes
    2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\program files\Malwarebytes' Anti-Malware
    2012-05-21 09:23 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
    2012-05-19 10:18 . 2012-03-07 00:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
    2012-05-19 10:18 . 2012-03-07 00:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
    2012-05-19 10:18 . 2012-03-07 00:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
    2012-05-19 10:18 . 2012-03-07 00:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
    2012-05-19 10:18 . 2012-03-07 00:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
    2012-05-19 10:18 . 2012-03-07 00:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
    2012-05-19 10:17 . 2012-03-07 00:1541184----a-w-c:\windows\avastSS.scr
    2012-05-19 10:17 . 2012-03-07 00:15201352----a-w-c:\windows\system32\aswBoot.exe
    2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\programdata\AVAST Software
    2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\program files\AVAST Software
    2012-05-05 07:14 . 2012-03-22 05:432557952----a-w-c:\windows\system32\QtCore4.dll
    2012-05-05 07:14 . 2012-03-06 07:4380024----a-w-c:\windows\system32\mfcm100u.dll
    2012-05-05 07:14 . 2012-03-06 07:43772248----a-w-c:\windows\system32\msvcr100.dll
    2012-05-05 07:14 . 2012-03-06 07:43419480----a-w-c:\windows\system32\msvcp100.dll
    2012-05-05 07:14 . 2012-03-06 07:43136344----a-w-c:\windows\system32\atl100.dll
    2012-05-05 07:14 . 2012-03-06 07:434421272----a-w-c:\windows\system32\mfc100u.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-03-30 04:51 . 2012-03-30 04:51418464----a-w-c:\windows\system32\FlashPlayerApp.exe
    2012-03-30 04:51 . 2011-05-30 21:5870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-03-07 00:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
    "Octoshape Streaming Services"="c:\users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "Facebook Update"="c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
    "QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2010-03-08 468264]
    "UCam_Menu"="c:\program files\HP\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
    "DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
    "DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
    "RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
    Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecuteREG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:243406682
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
    R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
    R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400]
    S1 aswSnx;aswSnx; [x]
    S1 aswSP;aswSP; [x]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
    S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
    S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-08-17 1959208]
    S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
    S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
    S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-12-19 322336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:51]
    .
    2012-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
    - c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
    .
    2012-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
    - c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
    .
    2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
    .
    2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
    .
    2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
    - c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
    .
    2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
    - c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube Download - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
    IE: Free YouTube to MP3 Converter - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\tops\AppData\Roaming\Mozilla\Firefox\Profiles\fc1o0wa7.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
    FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
    FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
    FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
    FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
    FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
    FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-USBGuard - c:\program files\USB Disk Security\USBGuard.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
    @DACL=(02 0000)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-06-02 11:52:19
    ComboFix-quarantined-files.txt 2012-06-02 03:52
    ComboFix2.txt 2012-05-28 12:11
    .
    Pre-Run: 35,352,031,232 bytes free
    Post-Run: 35,065,774,080 bytes free
    .
    - - End Of File - - 65B409D871BCBB535E43C9F9EC338F66
     
  25. ChappyLyk

    ChappyLyk TS Rookie Topic Starter Posts: 21

    ESET Scan Log:

    C:\_OTM\MovedFiles\05282012_201620\C_Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
    C:\_OTM\MovedFiles\05282012_201620\C_Documents and Settings\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application


    By the way, my keyboard is working properly again, and my laptop does not open random programs anymore. And when I tried to open Internet Explorer, it does not have those tool bars anymore.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.