Solved Keyboard virus?

Status
Not open for further replies.
C

ChappyLyk

Posts: 21   +0
For just this day, I found out that the middle keys of my laptop's keyboard isn't working. (from caps lock to enter, also letters v and b, the back space key). Goog thing I have a USB Keyboard, and it works fine.

Then I noticed that my laptop suddenly opens programs automatically such as windows media player, microsoft outlook, my computer, and some programs I dont remember. I've read one thread that looks the same as my problem posted by Mad Bad Monk entitled Keyboard Virus? BIOS Virus? Here's the link - https://www.techspot.com/community/topics/keyboard-virus-bios-virus.92044/.

I also noticed that my scroll lock automatically turns on, and when that happens, I noticed my address bar in my browser inputs "?". For example the address is www.facebook.com, when the sroll lock turns on the address will become ? only. So I think it is somewhat related to the internet.

Since I also read the replies, it said there that I should create another thread if I have some problems. I hope I can get help, I saw some instructions from the thread that I have read. but to be sure I made my own thread.

Any ideas? Help? Thanks! :)
Chap.
 
Welcome to TechSpot, Chap. I'll try to help. The thread you referenced is pretty old and a lot of things have changed in the 5 years.

I will check for malware but I'd like you to do the following first:
Go to the Control Panel> Keyboard> Check the settings> Correct if needed> then Apply> OK.
Go to the Control Panel> Mouse> Check the settings for either touchpad or mouse> Adjust if needed> Apply> OK
Go to the Control Panel> System> Hardware tab> Device Manager>On both 'keyboard' and 'mice and any other pointing devices' do you see and error icon>
alert-icon.gif

If you do, do a right click> Properties and see what the problem is.

There is also chance that there is a mechanical problem with the keyboard. I got a new Dell Mini with the bad 'G key' and had to replace the whole keyboard.
===============================================
If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
=================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't follow directions given to someone else
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
Threads are closed after 5 days if there is no reply.

After I review the logs, I should be able to determine if malware is the culprit and go from there.
 
HI. Thanks for the reply. :)

I already did the first instructions that you gave me, everything looks fine, I didn't see any error icon. And oh, my touchpad is also not working properly, sometimes it works but it responds late/delayed. But sometimes it doesn't respond. Anyway can I proceed to the next instruction about Preliminary Virus and Malware Removal?
 
Hi I already proceeded to the next instruction.

Here's the log from MBAM:

Malwarebytes Anti-Malware (Trial) 1.61.0.1400
www.malwarebytes.org

Database version: v2012.05.20.07

Windows 7 x86 NTFS
Internet Explorer 9.0.8112.16421
tops :: CHRIS [administrator]

Protection: Enabled

5/21/2012 5:28:57 PM
mbam-log-2012-05-21 (17-28-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 204305
Time elapsed: 9 minute(s), 44 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 6
C:\Windows\System32\com.run (Trojan.Banker) -> Quarantined and deleted successfully.
C:\Windows\System32\krnln.fnr (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Windows\System32\og.dll (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\og.EDT (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\RegEx.fnr (Worm.AutoRun) -> Quarantined and deleted successfully.
C:\Windows\System32\ul.dll (Worm.AutoRun) -> Quarantined and deleted successfully.

(end)
 
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-05-21 20:55:59
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 TOSHIBA_MK1652GSX rev.LV010A
Running: 8e6o72ww.exe; Driver: C:\Users\tops\AppData\Local\Temp\kxldqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAddBootEntry [0x8E853DF8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwAllocateVirtualMemory [0x8E9B9A5A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwAssignProcessToJobObject [0x8E85485E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEvent [0x8E8592E4]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateEventPair [0x8E859330]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateIoCompletion [0x8E859422]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateMutant [0x8E859252]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSection [0x8E859374]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateSemaphore [0x8E85929A]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwCreateTimer [0x8E8593DC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwDeleteBootEntry [0x8E853E44]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwFreeVirtualMemory [0x8E9B9B34]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwLoadDriver [0x8E853AD6]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwModifyBootEntry [0x8E853E90]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeKey [0x8E856D1C]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwNotifyChangeMultipleKeys [0x8E854B02]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEvent [0x8E85930E]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenEventPair [0x8E859352]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenIoCompletion [0x8E859446]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenMutant [0x8E859278]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSection [0x8E8593AE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenSemaphore [0x8E8592C2]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwOpenTimer [0x8E859400]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwProtectVirtualMemory [0x8E9B9CA0]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwQueryObject [0x8E8549CE]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootEntryOrder [0x8E853EDC]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetBootOptions [0x8E853F28]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemInformation [0x8E853B46]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSetSystemPowerState [0x8E853CEA]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwShutdownSystem [0x8E853C92]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwSystemDebugControl [0x8E853D5A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwTerminateProcess [0x8E9B9D60]
SSDT \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software) ZwVdmControl [0x8E853F74]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwWriteVirtualMemory [0x8E9B9BE0]

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwRollbackTransaction + 13E9 83285599 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832AA092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!RtlSidHashLookup + 214 832B1864 4 Bytes [F8, 3D, 85, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 23C 832B188C 4 Bytes [5A, 9A, 9B, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 29C 832B18EC 4 Bytes [5E, 48, 85, 8E]
.text ntkrnlpa.exe!RtlSidHashLookup + 2F0 832B1940 8 Bytes [E4, 92, 85, 8E, 30, 93, 85, ...] {IN AL, 0x92; TEST [ESI-0x717a6cd0], ECX}
.text ntkrnlpa.exe!RtlSidHashLookup + 2FC 832B194C 4 Bytes [22, 94, 85, 8E]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 834AF762 4 Bytes CALL 8E8551B5 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 834B7873 4 Bytes CALL 8E8551CB \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngMultiByteToUnicodeN + 7220 97309869 5 Bytes JMP 8E857536 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngIsSemaphoreOwned + 8A1B 973208B4 5 Bytes JMP 8E85767C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + 7E89 9733DC81 5 Bytes JMP 8E85773C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngEraseSurface + C174 97341F6C 5 Bytes JMP 8E8582EA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 1C30 9735478D 5 Bytes JMP 8E8577FE \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 3330 97355E8D 5 Bytes JMP 8E856F84 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!XFORMOBJ_iGetXform + 4035 97356B92 5 Bytes JMP 8E8580BA \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 6CB 9735B676 5 Bytes JMP 8E85770C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetGammaTable + 18AB 9735C856 5 Bytes JMP 8E857562 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAllocMem + 8FAF 97367875 5 Bytes JMP 8E857724 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 79B7 97378DC0 5 Bytes JMP 8E856FF4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 869E 97379AA7 5 Bytes JMP 8E856E4E \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bEnum + 928E 9737A697 5 Bytes JMP 8E857384 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + A659 9739551D 5 Bytes JMP 8E857F8C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCreateSemaphore + CA0E 973978D2 5 Bytes JMP 8E856D52 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 56E 973A0F4D 5 Bytes JMP 8E858036 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngBitBlt + 5230 973A5C0F 5 Bytes JMP 8E8584F2 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 6119 973B8F4A 5 Bytes JMP 8E856E66 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 11685 973C44B6 5 Bytes JMP 8E85807C \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngLpkInstalled + 1AEC6 973CDCF7 5 Bytes JMP 8E859544 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!STROBJ_bEnum + 99C0 973E142C 5 Bytes JMP 8E8572E4 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngPlgBlt + 26C1 973E950A 5 Bytes JMP 8E8583A8 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_bPolyBezierTo + F8 973FCF90 5 Bytes JMP 8E8571AC \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngAcquireSemaphoreSharedNoWait + 1F5A 9740D2F5 5 Bytes JMP 8E858450 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!PATHOBJ_vGetBounds + EB5 974371DF 5 Bytes JMP 8E8570B0 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngCTGetCurrentGamma + 1C88 9743B20A 5 Bytes JMP 8E857104 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + B31 9743DD6B 5 Bytes JMP 8E8577E6 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!EngSetPointerShape + C86 9743DEC0 5 Bytes JMP 8E858232 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + 6DCE 97446C85 5 Bytes JMP 8E856F22 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
.text win32k.sys!CLIPOBJ_cEnumStart + A4CD 9744A384 5 Bytes JMP 8E857248 \SystemRoot\System32\Drivers\aswSnx.SYS (avast! Virtualization Driver/AVAST Software)
PAGE peauth.sys AA82902C 102 Bytes JMP C65D7CB9
 
---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\Dwm.exe[464] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\Dwm.exe[464] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\Dwm.exe[464] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\Dwm.exe[464] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000F0A08
.text C:\Windows\system32\Dwm.exe[464] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000F03FC
.text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000F0804
.text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000F01F8
.text C:\Windows\system32\Dwm.exe[464] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000F0600
.text C:\Windows\Explorer.EXE[484] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\Explorer.EXE[484] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\Explorer.EXE[484] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\Explorer.EXE[484] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000A0A08
.text C:\Windows\Explorer.EXE[484] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000A03FC
.text C:\Windows\Explorer.EXE[484] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000A0804
.text C:\Windows\Explorer.EXE[484] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000A01F8
.text C:\Windows\Explorer.EXE[484] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000A0600
.text C:\Windows\system32\csrss.exe[520] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\wininit.exe[564] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000301F8
.text C:\Windows\system32\wininit.exe[564] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\wininit.exe[564] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\wininit.exe[564] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\csrss.exe[576] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\services.exe[620] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\services.exe[620] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\services.exe[620] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Program Files\Internet Download Manager\IEMonitor.exe[628] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000303FC
.text C:\Windows\system32\winlogon.exe[664] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000301F8
.text C:\Windows\system32\winlogon.exe[664] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 000C0A08
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000C03FC
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 000C0804
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000C01F8
.text C:\Windows\system32\winlogon.exe[664] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 000C0600
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\lsass.exe[692] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\lsass.exe[692] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\lsm.exe[700] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\lsm.exe[700] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[796] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[796] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[884] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[884] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[940] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[940] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00190A08
.text C:\Windows\System32\svchost.exe[940] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001903FC
.text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00190804
.text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001901F8
.text C:\Windows\System32\svchost.exe[940] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00190600
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe[968] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[1024] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[1024] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00590A08
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 005903FC
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00590804
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 005901F8
.text C:\Windows\System32\svchost.exe[1024] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00590600
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1056] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1056] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 007B0A08
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 007B03FC
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 007B0804
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 007B01F8
.text C:\Windows\system32\svchost.exe[1056] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 007B0600
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1200] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1200] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00600A08
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 006003FC
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00600804
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 006001F8
.text C:\Windows\system32\svchost.exe[1200] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00600600
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000503FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000501F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00080A08
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 000803FC
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00080804
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 000801F8
.text C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe[1272] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00080600
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1372] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1372] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00800A08
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 008003FC
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00800804
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 008001F8
.text C:\Windows\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00800600
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!SetUnhandledExceptionFilter 760230E2 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
.text C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1576] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
.text C:\Windows\System32\spoolsv.exe[1620] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\spoolsv.exe[1620] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\spoolsv.exe[1620] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
.text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
.text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
.text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
.text C:\Windows\System32\spoolsv.exe[1620] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[1676] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[1676] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00400A08
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 004003FC
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00400804
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 004001F8
.text C:\Windows\system32\svchost.exe[1676] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00400600
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
.text C:\Program Files\Bonjour\mDNSResponder.exe[1904] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
.text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000A03FC
.text C:\Windows\system32\svchost.exe[1932] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000A01F8
.text C:\Windows\system32\svchost.exe[1932] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1960] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000503FC
.text C:\Windows\system32\taskhost.exe[1960] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000501F8
.text C:\Windows\system32\taskhost.exe[1960] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\taskhost.exe[1960] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00130A08
.text C:\Windows\system32\taskhost.exe[1960] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001303FC
.text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00130804
.text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001301F8
.text C:\Windows\system32\taskhost.exe[1960] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00130600
.text C:\Windows\System32\svchost.exe[2096] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2096] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2096] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2136] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2136] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2136] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe[2172] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
.text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2192] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2192] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\svchost.exe[2192] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
.text C:\Windows\System32\svchost.exe[2192] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
.text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
.text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
.text C:\Windows\System32\svchost.exe[2192] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 002F0A08
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002F03FC
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 002F0804
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002F01F8
.text C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe[2204] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 002F0600
.text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2240] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2240] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe[2276] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE[2316] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
.text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\System32\svchost.exe[2364] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\System32\svchost.exe[2364] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\DRIVERS\xaudio.exe[2376] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001A0A08
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001A03FC
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001A0804
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001A01F8
.text C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001A0600
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text
 
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
.text C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe[2440] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\svchost.exe[2756] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\svchost.exe[2756] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00290A08
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002903FC
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00290804
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002901F8
.text C:\Windows\system32\svchost.exe[2756] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00290600
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00210A08
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002103FC
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00210804
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002101F8
.text C:\Users\tops\Downloads\Programs\8e6o72ww.exe[2836] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00210600
.text C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\iPod\bin\iPodService.exe[2876] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\iPod\bin\iPodService.exe[2876] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
.text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
.text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
.text C:\Program Files\iPod\bin\iPodService.exe[2876] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
.text C:\Windows\System32\rundll32.exe[2980] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000B03FC
.text C:\Windows\System32\rundll32.exe[2980] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000B01F8
.text C:\Windows\System32\rundll32.exe[2980] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\rundll32.exe[2980] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
.text C:\Windows\System32\rundll32.exe[2980] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
.text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
.text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
.text C:\Windows\System32\rundll32.exe[2980] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
.text C:\Windows\System32\igfxtray.exe[3068] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxtray.exe[3068] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxtray.exe[3068] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
.text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
.text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
.text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
.text C:\Windows\System32\igfxtray.exe[3068] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
.text C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\hkcmd.exe[3076] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\hkcmd.exe[3076] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00300A08
.text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003003FC
.text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00300804
.text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003001F8
.text C:\Windows\System32\hkcmd.exe[3076] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00300600
.text C:\Windows\System32\igfxpers.exe[3084] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Windows\System32\igfxpers.exe[3084] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Windows\System32\igfxpers.exe[3084] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00190A08
.text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001903FC
.text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00190804
.text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001901F8
.text C:\Windows\System32\igfxpers.exe[3084] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00190600
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00210A08
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002103FC
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00210804
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002101F8
.text C:\Program Files\Common Files\Java\Java Update\jusched.exe[3096] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00210600
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001E03FC
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001E0804
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001E01F8
.text C:\Program Files\PowerISO\PWRISOVM.EXE[3108] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001E0600
.text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Windows\system32\igfxsrvc.exe[3136] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Windows\system32\igfxsrvc.exe[3136] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Windows\system32\igfxsrvc.exe[3136] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\HP Software Update\hpwuschd2.exe[3196] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001503FC
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001501F8
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001E0A08
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001E03FC
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001E0804
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001E01F8
.text C:\Program Files\USB Disk Security\USBGuard.exe[3204] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001E0600
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Program Files\HP\QuickPlay\QPService.exe[3212] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001703FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001701F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
.text C:\Program Files\DivX\DivX Update\DivXUpdate.exe[3324] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00200A08
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 002003FC
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00200804
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 002001F8
.text C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe[3332] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00200600
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
.text C:\Program Files\iTunes\iTunesHelper.exe[3340] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
.text C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Windows\system32\SearchIndexer.exe[3468] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Windows\system32\SearchIndexer.exe[3468] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00100A08
.text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001003FC
.text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00100804
.text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001001F8
.text C:\Windows\system32\SearchIndexer.exe[3468] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00100600
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000703FC
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000701F8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00110A08
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001103FC
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00110804
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001101F8
.text C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00110600
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000603FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000601F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00AB0A08
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 00AB03FC
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00AB0804
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 00AB01F8
.text C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe[3540] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00AB0600
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3548] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 001F0A08
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001F03FC
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 001F0804
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001F01F8
.text C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe[3600] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 001F0600
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001903FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001901F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00380A08
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003803FC
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00380804
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003801F8
.text C:\Program Files\Windows Sidebar\sidebar.exe[3608] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00380600
.text C:\Windows\system32\ctfmon.exe[3724] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 001603FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 001601F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00320A08
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 003203FC
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00320804
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 003201F8
.text C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe[3936] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00320600
.text C:\Windows\system32\wuauclt.exe[4048] ntdll.dll!LdrUnloadDll 7712BD1F 5 Bytes JMP 000703FC
.text C:\Windows\system32\wuauclt.exe[4048] ntdll.dll!LdrLoadDll 7712F425 5 Bytes JMP 000701F8
.text C:\Windows\system32\wuauclt.exe[4048] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]
.text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!UnhookWindowsHookEx 7573CC7B 5 Bytes JMP 00140A08
.text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!UnhookWinEvent 7573D924 5 Bytes JMP 001403FC
.text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWindowsHookExW 7574210A 5 Bytes JMP 00140804
.text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWinEventHook 7574507E 5 Bytes JMP 001401F8
.text C:\Windows\system32\wuauclt.exe[4048] USER32.dll!SetWindowsHookExA 75766DFA 5 Bytes JMP 00140600
.text C:\Windows\system32\AUDIODG.EXE[4724] kernel32.dll!GetBinaryTypeW + 70 760378FC 1 Byte [62]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7118F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe[2412] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2980] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe[3524] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75175E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\AVAST Software\Avast\AvastUI.exe[3548] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7118F6A0] C:\Program Files\AVAST Software\Avast\aswCmnBS.dll (Common functions/AVAST Software)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000050 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\tdx \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cf1a5339 0x72 0x01 0xC4 0xF7 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cfafa944 0x13 0x8D 0x32 0x9C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@0024830c9ff0 0x39 0xF2 0x59 0x45 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001a6bb212fe@001e3afba0fe 0x2C 0xC9 0x14 0x18 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cf1a5339 0x72 0x01 0xC4 0xF7 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0025cfafa944 0x13 0x8D 0x32 0x9C ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@0024830c9ff0 0x39 0xF2 0x59 0x45 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001a6bb212fe@001e3afba0fe 0x2C 0xC9 0x14 0x18 ...

---- EOF - GMER 1.0.15 ----
 
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_20
Run by tops at 21:15:30 on 2012-05-21
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.694 [GMT 8:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\USB Disk Security\USBGuard.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\conhost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Octoshape Streaming Services] "c:\users\tops\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [Google Update] "c:\users\tops\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Facebook Update] "c:\users\tops\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [USBGuard] c:\program files\usb disk security\USBGuard.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UCam_Menu] "c:\program files\hp\youcam\muitransfer\muistartmenu.exe" "c:\program files\hp\youcam" update "software\cyberlink\youcam\1.0"
mRun: [<NO NAME>]
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [RIMBBLaunchAgent.exe] c:\program files\common files\research in motion\usb drivers\RIMBBLaunchAgent.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\reader_sl.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adober~2.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\tops\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\tops\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 203.167.97.66
TCP: Interfaces\{9B81F3C0-2DF2-4A33-A0F3-5079F9E2CCC6} : DhcpNameServer = 203.167.97.66
TCP: Interfaces\{9B81F3C0-2DF2-4A33-A0F3-5079F9E2CCC6}\47C67796C637F6E6 : DhcpNameServer = 121.1.3.82 121.1.3.20
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\tops\appdata\roaming\idm\idmmzcc5\components\idmmzcc.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCore.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\engine@conduit.com\components\RadioWMPCore.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\tops\appdata\roaming\mozilla\firefox\profiles\fc1o0wa7.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - plugin: c:\program files\common files\research in motion\bbwebsllauncher\NPWebSLLauncher.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\tops\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\tops\appdata\local\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\users\tops\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: c:\users\tops\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\tops\appdata\roaming\idm\idmmzcc5
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-5-19 612184]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-5-19 337880]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-5-19 20696]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-5-19 57688]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-5-19 44768]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2011-10-6 89376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-5-21 654408]
R2 TeamViewer5;TeamViewer 5;c:\program files\teamviewer\version5\TeamViewer_Service.exe [2010-8-24 1959208]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-12-3 625224]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-5-21 22344]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-11 4231168]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-12-20 322336]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-30 253600]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2010-9-20 29472]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-12-23 135664]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-14 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-14 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-14 661504]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-7-18 1343400]
.
=============== File Associations ===============
.
.scr=AutoCADScriptFile
.
=============== Created Last 30 ================
.
2012-05-21 09:23:25--------d-----w-c:\users\tops\appdata\roaming\Malwarebytes
2012-05-21 09:23:15--------d-----w-c:\programdata\Malwarebytes
2012-05-21 09:23:1422344----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-21 09:23:14--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-05-19 10:18:2944376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-05-19 10:18:24612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-19 10:18:2157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-05-19 10:17:4041184----a-w-c:\windows\avastSS.scr
2012-05-19 10:17:29--------d-----w-c:\programdata\AVAST Software
2012-05-19 10:17:29--------d-----w-c:\program files\AVAST Software
2012-05-18 11:34:276737808----a-w-c:\programdata\microsoft\windows defender\definition updates\{9134824c-195a-4805-913a-e3cc0a815759}\mpengine.dll
2012-05-05 07:14:502557952----a-w-c:\windows\system32\QtCore4.dll
2012-05-05 07:14:3980024----a-w-c:\windows\system32\mfcm100u.dll
2012-05-05 07:14:39772248----a-w-c:\windows\system32\msvcr100.dll
2012-05-05 07:14:39419480----a-w-c:\windows\system32\msvcp100.dll
2012-05-05 07:14:39136344----a-w-c:\windows\system32\atl100.dll
2012-05-05 07:14:384421272----a-w-c:\windows\system32\mfc100u.dll
.
==================== Find3M ====================
.
2012-04-02 04:46:443958128----a-w-c:\windows\system32\ntkrnlpa.exe
2012-04-02 04:46:443902320----a-w-c:\windows\system32\ntoskrnl.exe
2012-04-02 02:43:162342400----a-w-c:\windows\system32\win32k.sys
2012-03-30 10:29:051287024----a-w-c:\windows\system32\drivers\tcpip.sys
2012-03-30 04:51:1570304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-30 04:51:15418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-03-17 07:20:1756688----a-w-c:\windows\system32\drivers\partmgr.sys
2012-03-03 05:40:211074176----a-w-c:\windows\system32\DWrite.dll
2012-03-03 05:40:101170944----a-w-c:\windows\system32\d3d10warp.dll
2012-03-03 05:40:09739840----a-w-c:\windows\system32\d2d1.dll
2012-03-03 05:40:09218624----a-w-c:\windows\system32\d3d10_1core.dll
2012-03-03 05:40:09161792----a-w-c:\windows\system32\d3d10_1.dll
2012-03-01 05:53:2719312----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49:05172544----a-w-c:\windows\system32\wintrust.dll
2012-03-01 05:45:05158720----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 05:40:445120----a-w-c:\windows\system32\wmi.dll
2012-02-28 01:18:551799168----a-w-c:\windows\system32\jscript9.dll
2012-02-28 01:11:211427456----a-w-c:\windows\system32\inetcpl.cpl
2012-02-28 01:11:071127424----a-w-c:\windows\system32\wininet.dll
2012-02-28 01:03:162382848----a-w-c:\windows\system32\mshtml.tlb
2012-02-23 02:18:36237072------w-c:\windows\system32\MpSigStub.exe
.
============= FINISH: 21:18:05.66 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/18/2010 12:50:30 AM
System Uptime: 5/21/2012 7:41:21 PM (2 hours ago)
.
Motherboard: Wistron | | 30CD
Processor: Intel(R) Core(TM)2 Duo CPU T5450 @ 1.66GHz | U2E1 | 983/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 149 GiB total, 29.97 GiB free.
D: is CDROM ()
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0592&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4BF0
Service:
.
Class GUID:
Description: Base System Device
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
Manufacturer:
Name: Base System Device
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_30CD103C&REV_12\4&CAA9F97&0&4AF0
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0001
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #4
PNP Device ID: ROOT\*ISATAP\0001
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #5
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
==== System Restore Points ===================
.
RP270: 4/17/2012 6:55:17 PM - Windows Update
RP271: 4/20/2012 8:28:59 PM - Windows Update
RP272: 4/24/2012 3:05:19 PM - Windows Update
RP273: 5/2/2012 8:05:46 AM - Windows Update
RP274: 5/4/2012 8:11:38 AM - Windows Update
RP275: 5/5/2012 9:13:59 AM - Windows Update
RP276: 5/16/2012 7:18:11 AM - Windows Update
RP277: 5/17/2012 7:49:30 AM - Windows Update
RP278: 5/18/2012 7:07:35 AM - Windows Update
RP279: 5/18/2012 7:32:54 PM - Windows Update
RP280: 5/19/2012 6:17:05 PM - avast! Free Antivirus Setup
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
32 Bit HP CIO Components Installer
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 8
Adobe Shockwave Player 11.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AuthenTec TrueSuite
Autodesk Design Review 2010
avast! Free Antivirus
BlackBerry Desktop Software 6.1
Bonjour
Chikka Messenger V4
Conduit Engine
Conexant HD Audio
CyberLink YouCam
D3DX10
DivX Setup
DVDVideoSoftTB Toolbar
Facebook Video Calling 1.2.0.159
Free Studio version 5.0.9
Free Video to MP3 Converter version 4.3.3.920
Free WebM Video Converter version 5.0.11.504
Free YouTube Download version 3.0.14.908
Free YouTube to MP3 Converter version 3.10.9.908
Google Chrome
Google Talk Plugin
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
HP QuickPlay 3.7
HP Update
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
Internet Download Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) SE Runtime Environment 6 Update 1
Malwarebytes Anti-Malware version 1.61.0.1400
ManyCam 2.6.1 (remove only)
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox (3.6.28)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Octoshape Streaming Services
PowerISO
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype Click to Call
Skype™ 5.5
teampilipinas Toolbar
TeamViewer 5
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2598290) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.4053
Vegas Movie Studio HD Platinum 10.0
VideoLAN VLC media player 0.8.6c
WIDCOMM Bluetooth Software
Windows Driver Package - Broadcom Bluetooth (06/15/2009 6.2.0.9000)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.2
WinRAR archiver
Yahoo! BrowserPlus 2.7.1
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
5/21/2012 7:41:50 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xe1c1e000, 0x00000000, 0x83237114, 0x00000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 052112-25568-01.
5/21/2012 5:41:50 PM, Error: Service Control Manager [7023] - The Peer Name Resolution Protocol service terminated with the following error: %%-2140993535
5/21/2012 5:41:50 PM, Error: Service Control Manager [7001] - The Peer Networking Grouping service depends on the Peer Name Resolution Protocol service which failed to start because of the following error: %%-2140993535
5/21/2012 5:41:50 PM, Error: Microsoft-Windows-PNRPSvc [102] - The Peer Name Resolution Protocol cloud did not start because the creation of the default identity failed with error code: 0x80630801.
5/21/2012 4:55:51 PM, Error: i8042prt [23] - Could not set the mouse resolution.
5/20/2012 7:16:38 AM, Error: Service Control Manager [7011] - A timeout (60000 milliseconds) was reached while waiting for a transaction response from the WinDefend service.
5/19/2012 11:00:41 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
5/17/2012 8:02:16 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x800f0902: Security Update for Windows 7 (KB2659262).
.
==== End Of File ===========================
 
Your system is full of programs and processes that are a danger to the system:

1. You have put all of the processes related to PPStream in the Trusted Zone where the security is lower. PPS.tv (PPStream) is a Chinese peer-to-peer streaming video network software.
2. You also have uTorrent and uTorrent Toolbar all over the system.P2P
3. Additionally, you have many Conduit entries for toolbars, searches and BHOs :
Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality.
------------------------------------------
P2P or 'file sharing' Warning:
  • Even if you are using a "safe" P2P program, it is only the program that is safe. I suggest that you uninstall all of these programs for the following reasons:
  • As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
  • Malware writers use these program to include malicious content.
  • File sharing is usually unmonitored and there is a danger that your private files might be accessed.
  • The 'sharing' also includes malware that the shared system has on it.
  • Files that are illegal can be spread through file sharing.
Please read the information on P2P Warning to help you better understand these dangers.
=================================================
It appears that you are most interested in streaming and little interested in security for the system. Unless you are willing to remove these vulnerabilities to the system, there is no point in trying to clean it. Please just do the following 2 scans and I will review the logs.
=================================================
Download CKScanner and save to your desktop.
  • Doubleclick CKScanner.exe and click Search For Files.
  • When the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
================================================
To run the Eset Online Virus Scan:
If you use Internet Explorer:
  1. Open the ESETOnlineScan
  2. Skip to #4 to "Continue with the directions"

    If you are using a browser other than Internet Explorer
  3. Open Eset Smart Installer
    [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
    [o] Double click on the desktop icon to run.
    [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
  4. Continue with the directions.
  5. Check 'Yes I accept terms of use.'
  6. Click Start button
  7. Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  8. Uncheck 'Remove found threats'
  9. Check 'Scan archives/
  10. Leave remaining settings as is.
  11. Press the Start button.
  12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  13. When the scan completes, press List of found threats
  14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  15. Push the Back button, then Finish
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
 
I have a question. I was surprised when I opened the IE. There were 3 tabs opened. 1st is conduit.com, 2nd is IE is updated 3rd Skype toolbars, and when I saw the toolbars in IE, there are many. I didn't even know where it came from because I dont use IE, I only use mozilla and Google Chrome. And what specific programs should I remove/uninstall?

Anyway here's the log from CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\users\tops\documents\downloads\compressed\usb disk security v5.0.0.38 & crack.rar
c:\users\tops\downloads\sonykeygen_littletrex7.rar
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\mart!k.txt
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sony products keygen 2.0 - [mart!k].exe
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sound forge 10 fix [mart!k].reg
scanner sequence 3.FN.11.SPAPJU
----- EOF -----
 
Here's the log from ESET:

C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application
C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
C:\Users\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application
 
All of the programs in the CK Scanner have been pirated. I do not support piracy- if you want to continue support, you will have to remove all pirted content.

The Eset entries are all for the Uniblue SpeedUpMyPC. Suggest you remove it
 
I already removed the Uniblue SpeedUpMyPC a long time ago, why is it still in my PC? I can't find it.

Can I have a list of specific programs to remove/uninstall? I don't which should I remove. I'm willing to remove/uninstall programs, but I don't what specific programs to remove.

Thanks!
 
Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
====================
PPS.tv (PPStream) is a Chinese peer-to-peer streaming video network software.
=====================
Please download OTMovit by Old Timer and save to your desktop.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
    Code: 
    :Files
C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe
C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe
C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exe
C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe
C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe
C:\Users\tops\Downloads\Programs\registrybooster.exe
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt3
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
--------------------------------------
Any program or download for which a crack or keygen has been used to obtain it means the program or download has been stolen. This is illegal. Instead of paying the price due, the crack or keygen is obtained from a file sharing site for the license or key to run it:
c:\program files\garena\plugins\ui\avoidcrackplugin.dll
c:\users\tops\documents\downloads\compressed\usb disk security v5.0.0.38 & crack.rar
c:\users\tops\downloads\sonykeygen_littletrex7.rar
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\mart!k.txt
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sony products keygen 2.0 - [mart!k].exe
c:\users\tops\downloads\sony products keygen 2.0 - [mart!k]\sound forge 10 fix [mart!k].reg
Click to expand...

You have illegally obtained all of the Sony products and USB security above.
 
ComboFix 12-05-28.01 - tops 05/28/2012 19:54:04.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1141 [GMT 8:00]
Running from: c:\users\tops\Desktop\ComboFix.exe
Command switches used :: c:\users\tops\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\tops\AppData\Roaming\Local
.
.
((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-28 )))))))))))))))))))))))))))))))
.
.
2012-05-28 11:27 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{98F96FE5-AFF4-4DBE-810E-D0118744DE3C}\mpengine.dll
2012-05-22 05:32 . 2012-05-22 05:32--------d-----w-c:\program files\ESET
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\users\tops\AppData\Roaming\Malwarebytes
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\programdata\Malwarebytes
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-05-21 09:23 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-19 10:18 . 2012-03-07 00:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-19 10:18 . 2012-03-07 00:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-19 10:18 . 2012-03-07 00:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-05-19 10:18 . 2012-03-07 00:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-19 10:18 . 2012-03-07 00:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-19 10:18 . 2012-03-07 00:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-05-19 10:17 . 2012-03-07 00:1541184----a-w-c:\windows\avastSS.scr
2012-05-19 10:17 . 2012-03-07 00:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\programdata\AVAST Software
2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\program files\AVAST Software
2012-05-05 07:14 . 2012-03-22 05:432557952----a-w-c:\windows\system32\QtCore4.dll
2012-05-05 07:14 . 2012-03-06 07:4380024----a-w-c:\windows\system32\mfcm100u.dll
2012-05-05 07:14 . 2012-03-06 07:43772248----a-w-c:\windows\system32\msvcr100.dll
2012-05-05 07:14 . 2012-03-06 07:43419480----a-w-c:\windows\system32\msvcp100.dll
2012-05-05 07:14 . 2012-03-06 07:43136344----a-w-c:\windows\system32\atl100.dll
2012-05-05 07:14 . 2012-03-06 07:434421272----a-w-c:\windows\system32\mfc100u.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 04:51 . 2012-03-30 04:51418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-03-30 04:51 . 2011-05-30 21:5870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 05:53 . 2012-04-11 19:0219312----a-w-c:\windows\system32\drivers\fs_rec.sys
2012-03-01 05:49 . 2012-04-11 19:02172544----a-w-c:\windows\system32\wintrust.dll
2012-03-01 05:45 . 2012-04-11 19:02158720----a-w-c:\windows\system32\imagehlp.dll
2012-03-01 05:40 . 2012-04-11 19:025120----a-w-c:\windows\system32\wmi.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn2\yt.dll" [2012-01-12 1517368]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-30 16:5021864----a-w-c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Octoshape Streaming Services"="c:\users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Facebook Update"="c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2011-10-05 3425688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"USBGuard"="c:\program files\USB Disk Security\USBGuard.exe" [2008-09-23 798720]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2010-03-08 468264]
"UCam_Menu"="c:\program files\HP\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:243406682
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2011-07-06 89376]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-08-17 1959208]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-12-19 322336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:51]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
- c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
.
2012-05-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
- c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
- c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
.
2012-05-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
- c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\tops\AppData\Roaming\Mozilla\Firefox\Profiles\fc1o0wa7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
FF - Ext: IDM CC: mozilla_cc@internetdownloadmanager.com - c:\users\tops\AppData\Roaming\IDM\idmmzcc5
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):3d,2a,c6,72,d5,9c,a0,d3,f7,39,fa,f4,6a,fe,4d,54,b8,6b,ba,0d,c6,
8f,3b,8c,6a,39,f4,d0,ae,30,f6,bf,b9,c8,13,10,3d,e8,03,4c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):91,e4,8a,fa,8f,57,18,d8,39,f7,36,26,15,34,13,43,7d,c7,46,d7,be,
32,55,3f,b7,12,e9,a0,9d,b3,f2,aa,cd,ea,c2,2f,11,fe,2f,cb,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{925cb20d-4a52-4999-911e-b02d61728c98}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000089
"Therad"=dword:00000016
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{b6d5cd57-eb25-47f9-903c-c80c79ed0e4c}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000124
"Therad"=dword:00000020
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,85,b1,12,f9,90,dd,23,a1,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-05-28 20:11:32
ComboFix-quarantined-files.txt 2012-05-28 12:11
.
Pre-Run: 33,277,120,512 bytes free
Post-Run: 33,038,942,208 bytes free
.
- - End Of File - - 0DFE85E5C5D55BF116E754810281AC4D
 
All processes killed
========== FILES ==========
C:\Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe moved successfully.
File/Folder C:\Documents and Settings\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
C:\Documents and Settings\tops\Downloads\Programs\registrybooster.exe moved successfully.
File/Folder C:\Users\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
File/Folder C:\Users\tops\Application Data\Uniblue\SpeedUpMyPC\_temp\sump.exe not found.
File/Folder C:\Users\tops\Downloads\Programs\registrybooster.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 134 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: TeamViewer
->Temp folder emptied: 0 bytes

User: tops
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 3490101 bytes
->Java cache emptied: 568641 bytes
->FireFox cache emptied: 103188297 bytes
->Google Chrome cache emptied: 334501076 bytes
->Apple Safari cache emptied: 17263616 bytes
->Flash cache emptied: 20674756 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 81920 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 458.00 mb


OTM by OldTimer - Version 3.1.19.0 log created on 05282012_201620

Files moved on Reboot...

Registry entries deleted on Reboot...
 
Repeat the CK Scan please. Did you not understand when I said I don't support piracy?
 
I do understand. I am just waiting for you to say if I can already remove it. I said I'm willing to remove programs. So, can I already remove those programs NOW? I just want to confirm, the programs I'll remove is Sony product and USB Security? Are there other programs that I should remove?
 
If you understand, then remove all of the programs and/or downloads that you pirated! No support will be given until that has been done.

All programs or downloads you got by using torrent sites to get licenses, registration or other that documentation you used instead of paying are pirated.
 
Hello,
I have already deleted/removed programs such as:
  • Sony Vegas + Keypatch for Sony
  • USB Disk Security + Keygen (RAR)
  • Internet Download Manager + Keypatch
  • uTorrent
  • Garena
  • Other Downloads
Are there other programs that I should remove?

By the way, here's the log from CKScanner:

CKScanner - Additional Security Risks - These are not necessarily bad
scanner sequence 3.MN.11.MOABWH
----- EOF -----
 
This should help:

Please run this Custom CFScript:

  • [1]. Close any open browsers.
    [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
Code: 
File::
DDS::
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
uURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
uURLSearchHooks: YTNavAssist.YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn1\YTNavAssist.dll
mURLSearchHooks: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
BHO: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: teampilipinas Toolbar: {712f1d11-e331-40f5-a746-e226eba0c7b7} - c:\program files\teampilipinas\tbtea1.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\tbDVDV.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTo1.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngin0.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
{555d4d79-4bd2-4094-a395-cfc534424a05}
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
Trusted Zone: 111222.cn\list1
Trusted Zone: pps.tv\kan
Trusted Zone: pps.tv\list1
Trusted Zone: pps.tv\tvguide
Trusted Zone: pps.tv\vodguide
Trusted Zone: ppstream.com\list1
Trusted Zone: ppstream.com\notice
Trusted Zone: ppstream.com\xml1
Trusted Zone: ppstream.com\xml2
Trusted Zone: ppstream.com\xml3
Trusted Zone: ppstream.net\list1
Trusted Zone: ppstv.com\list1
Trusted Zone: ppstv.net\list1
Trusted Zone: security_PPStream.exe
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"=-
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
RegLock::
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{925cb20d-4a52-4999-911e-b02d61728c98}]
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\CLSID\{b6d5cd57-eb25-47f9-903c-c80c79ed0e4c}]
Clearjavacache::
Save this as CFScript.txt, in the same location as ComboFix.exe
CFScriptB-4.gif


Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
=============================
Please update the following:
Note: Check each download screen for any pre-checked Toolbars or BHOs. Uncheck them before the download.
Adobe Reader > Current is vX(10.xx)> Adobe Reader Update
Java(TM) > Current is v7u4> Java Updates .
Uninstall any earlier versions in of both as they are vulnerabilities for the system.
==============================
Please update and rerun the Eset scan. Leave new logs for Combofix and Eset scan in your next reply.
===============================
Give me an update on how the system is doing.
 
ComboFix 12-05-28.01 - tops 06/02/2012 11:34:31.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1328 [GMT 8:00]
Running from: c:\users\tops\Desktop\ComboFix.exe
Command switches used :: c:\users\tops\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-02 to 2012-06-02 )))))))))))))))))))))))))))))))
.
.
2012-06-02 03:48 . 2012-06-02 03:48--------d-----w-c:\users\tops\AppData\Local\temp
2012-06-02 03:48 . 2012-06-02 03:48--------d-----w-c:\users\Default\AppData\Local\temp
2012-06-01 12:08 . 2012-05-08 16:406737808----a-w-c:\programdata\Microsoft\Windows Defender\Definition Updates\{8CA57395-D269-4CCF-9191-DC7A9D450563}\mpengine.dll
2012-05-28 12:16 . 2012-05-28 12:16--------d-----w-C:\_OTM
2012-05-22 05:32 . 2012-05-22 05:32--------d-----w-c:\program files\ESET
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\users\tops\AppData\Roaming\Malwarebytes
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\programdata\Malwarebytes
2012-05-21 09:23 . 2012-05-21 09:23--------d-----w-c:\program files\Malwarebytes' Anti-Malware
2012-05-21 09:23 . 2012-04-04 07:5622344----a-w-c:\windows\system32\drivers\mbam.sys
2012-05-19 10:18 . 2012-03-07 00:0120696----a-w-c:\windows\system32\drivers\aswFsBlk.sys
2012-05-19 10:18 . 2012-03-07 00:03337880----a-w-c:\windows\system32\drivers\aswSP.sys
2012-05-19 10:18 . 2012-03-07 00:0244376----a-w-c:\windows\system32\drivers\aswRdr2.sys
2012-05-19 10:18 . 2012-03-07 00:0153848----a-w-c:\windows\system32\drivers\aswTdi.sys
2012-05-19 10:18 . 2012-03-07 00:03612184----a-w-c:\windows\system32\drivers\aswSnx.sys
2012-05-19 10:18 . 2012-03-07 00:0157688----a-w-c:\windows\system32\drivers\aswMonFlt.sys
2012-05-19 10:17 . 2012-03-07 00:1541184----a-w-c:\windows\avastSS.scr
2012-05-19 10:17 . 2012-03-07 00:15201352----a-w-c:\windows\system32\aswBoot.exe
2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\programdata\AVAST Software
2012-05-19 10:17 . 2012-05-19 10:17--------d-----w-c:\program files\AVAST Software
2012-05-05 07:14 . 2012-03-22 05:432557952----a-w-c:\windows\system32\QtCore4.dll
2012-05-05 07:14 . 2012-03-06 07:4380024----a-w-c:\windows\system32\mfcm100u.dll
2012-05-05 07:14 . 2012-03-06 07:43772248----a-w-c:\windows\system32\msvcr100.dll
2012-05-05 07:14 . 2012-03-06 07:43419480----a-w-c:\windows\system32\msvcp100.dll
2012-05-05 07:14 . 2012-03-06 07:43136344----a-w-c:\windows\system32\atl100.dll
2012-05-05 07:14 . 2012-03-06 07:434421272----a-w-c:\windows\system32\mfc100u.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-30 04:51 . 2012-03-30 04:51418464----a-w-c:\windows\system32\FlashPlayerApp.exe
2012-03-30 04:51 . 2011-05-30 21:5870304----a-w-c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15123536----a-w-c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Octoshape Streaming Services"="c:\users\tops\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Facebook Update"="c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-07-14 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2010-04-12 180224]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2010-03-08 468264]
"UCam_Menu"="c:\program files\HP\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-16 218408]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-04-26 421160]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-09-01 90448]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - c:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 795936]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecuteREG_MULTI_SZ autocheck autochk *\0aswBoot.exe /M:243406682
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security PackagesREG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 253600]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-13 45736]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 135664]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-07-17 1343400]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35088]
S2 TeamViewer5;TeamViewer 5;c:\program files\TeamViewer\Version5\TeamViewer_Service.exe [2010-08-17 1959208]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena\safedrv.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2010-12-19 322336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 04:51]
.
2012-06-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
- c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
.
2012-06-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
- c:\users\tops\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-07-09 06:48]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-23 11:37]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001Core.job
- c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
.
2012-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3968807288-2462319371-1814508397-1001UA.job
- c:\users\tops\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-18 03:03]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\tops\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\tops\AppData\Roaming\Mozilla\Firefox\Profiles\fc1o0wa7.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
FF - Ext: Free YouTube Download (Free Studio) Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: uTorrentBar Community Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - %profile%\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-USBGuard - c:\program files\USB Disk Security\USBGuard.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3968807288-2462319371-1814508397-1001_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-06-02 11:52:19
ComboFix-quarantined-files.txt 2012-06-02 03:52
ComboFix2.txt 2012-05-28 12:11
.
Pre-Run: 35,352,031,232 bytes free
Post-Run: 35,065,774,080 bytes free
.
- - End Of File - - 65B409D871BCBB535E43C9F9EC338F66
 
ESET Scan Log:

C:\_OTM\MovedFiles\05282012_201620\C_Documents and Settings\tops\AppData\Roaming\Uniblue\SpeedUpMyPC\_temp\sump.exeWin32/SpeedUpMyPC application
C:\_OTM\MovedFiles\05282012_201620\C_Documents and Settings\tops\Downloads\Programs\registrybooster.exeWin32/RegistryBooster application


By the way, my keyboard is working properly again, and my laptop does not open random programs anymore. And when I tried to open Internet Explorer, it does not have those tool bars anymore.
 
Status
Not open for further replies.

Similar threads

M
Virus warning popup
Replies
1
Views
530
Mark Fuller
M
E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
464
eriksnyman1
E
midian182
Call of Duty's anti-cheat system will now close the game if it detects keyboard and mouse...
Replies
3
Views
191
Theinsanegamer
T

Latest posts

Back