Infection will not allow many OT? progrms to run

lawnmowrman · July 12, 2011

The infection will not let OTS, OTH, or OTL run. It also shuts down avast, norton 360, and malwarebytes.

OTL began and the infection shut it down. I'm substituting the winpatrol log. I'm sure it's not good enough, but it's all the infection will let me get.

WinPatrol Report Log

Report created by WinPatrol [FREE Edition] version 20.0.2011.2:20.0.2011.2 at 10:45:00 PM, on 7/11/2011

Platform: Windows XP SP3 Service Pack 3 (Build 2600)

Browser: Windows® Internet Explorer - Internet Explorer version 8.00.6001.18702

Memory currently in use: 66%

MSIE: Internet Explorer (8.00.6001.18702)

IE Cookie Path: C:\Documents and Settings\user\Cookies\

Firefox 4.0.1 installed in C:\Program Files\Mozilla Firefox

HKLM Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

HKCU Start Page = http://www.inbox.com/homepage.aspx?tbid=80119

HKLM Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

WinLogon DefaultUserName=user

WinLogon DefaultDomainName=USER-98A1586829

WinLogon Shell=Explorer.exe

WinLogon UserInit=C:\WINDOWS\system32\userinit.exe,

Startup Programs

Active Tasks

Scheduled Tasks

IE Helpers

File Types

Services

• Startup Programs •

# SoundMAXPnP

smax4pnp.exe SMax4PNP MFC Application

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\Analog Devices\Core\smax4pnp.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# PE2CKFNT SE

ChkFont.exe

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# nmctxth

nmctxth.exe Pure Networks Platform Assistant

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# nmapp

nmapp.exe -autorun -nosplash Network Magic Application

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\Pure Networks\Network Magic\nmapp.exe -autorun -nosplash

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Linksys Wireless Manager

LinksysWirelessManager.exe /cm /min /lcid 1033 Linksys Wireless Manager

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe /cm /min /lcid 1033

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# WinPatrol [FREE Edition]

winpatrol.exe -expressboot WinPatrol System Monitor

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# iBryte playbryte Desktop

ibrytedesktop.exe iBryte Desktop

Version: 1.0.4134.15602

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\iBryte\playbryte\ibrytedesktop.exe

First Detected by WinPatrol: 06/14/2011 2:33 PM

Click for Plus Info

# igfxtray

igfxtray.exe igfxTray Module

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\system32\igfxtray.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# igfxhkcmd

hkcmd.exe hkcmd Module

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\system32\hkcmd.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# igfxpers

igfxpers.exe persistence Module

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\system32\igfxpers.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# Yqinoqihojisec

akeconihuqajacu.dll,Startup

Location: HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\akeconihuqajacu.dll,Startup

First Detected by WinPatrol: 07/11/2011 10:43 PM

Click for Plus Info

# ctfmon.exe

ctfmon.exe CTF Loader

Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\system32\ctfmon.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# Weather

Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\AWS\WeatherBug\Weather.exe 1

First Detected by WinPatrol: 06/20/2011 7:16 PM

Click for Plus Info

# Htuyalulineteriw

vcolerv.dll,Startup FrameDbl

Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\WINDOWS\vcolerv.dll,Startup

First Detected by WinPatrol: 07/11/2011 10:43 PM

Click for Plus Info

# Advanced SystemCare 4

ASCTray.exe Advanced SystemCare 4 Tray

Location: HKCU\Software\Microsoft\Windows\CurrentVersion\Run

Path: C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe

First Detected by WinPatrol: 06/29/2011 7:48 PM

Click for Plus Info

# Winlogon Userinit

userinit.exe Userinit Logon Application

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Userinit

Path: C:\WINDOWS\system32\userinit.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# Winlogon Shell

Explorer.exe Windows Explorer

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Shell

Path: Explorer.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Click for Plus Info

# PostBootReminder

shell32.dll Windows Shell Common Dll

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Path: C:\WINDOWS\system32\shell32.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6.00.2900.6072

Click for Plus Info

# CDBurn

shell32.dll Windows Shell Common Dll

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Path: C:\WINDOWS\system32\shell32.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6.00.2900.6072

Click for Plus Info

# WebCheck

webcheck.dll Web Site Monitor

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Path: C:\WINDOWS\system32\webcheck.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

8.00.6001.18702

Click for Plus Info

# SysTray

stobject.dll Systray shell service object

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Path: C:\WINDOWS\system32\stobject.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# Browseui preloader

browseui.dll Shell Browser UI Library

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Path: C:\WINDOWS\system32\browseui.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6.00.2900.6049

Click for Plus Info

# Component Categories cache daemon

browseui.dll Shell Browser UI Library

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Path: C:\WINDOWS\system32\browseui.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6.00.2900.6049

Click for Plus Info

# Component Categories cache daemon

shell32.dll Windows Shell Common Dll

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Path: shell32.dll

6.00.2900.6072

Click for Plus Info

# Eudora's Shell Extension

EuShlExt.dll Eudora's Shell Extension

Location: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Path: C:\Program Files\Qualcomm\Eudora\EuShlExt.dll

First Detected by WinPatrol: 07/04/2011 3:36 PM

1, 0, 1, 1

Click for Plus Info

# crypt32chain

crypt32.dll Crypto API32

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: crypt32.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.131.2600.5512

Click for Plus Info

# cryptnet

cryptnet.dll Crypto Network Related API

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: cryptnet.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.131.2600.5512

Click for Plus Info

# cscdll

cscdll.dll Offline Network Agent

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: cscdll.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# dimsntfy

dimsntfy.dll DIMS Notification Handler

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: C:\WINDOWS\system32\dimsntfy.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# igfxcui

igfxdev.dll igfxdev Module

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: igfxdev.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

7.0.0.4410

Click for Plus Info

# ScCertProp

wlnotify.dll Common DLL to receive Winlogon notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: wlnotify.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# Schedule

wlnotify.dll Common DLL to receive Winlogon notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: wlnotify.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# sclgntfy

sclgntfy.dll Secondary Logon Service Notification DLL

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: sclgntfy.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# SensLogn

WlNotify.dll Common DLL to receive Winlogon notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: WlNotify.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# termsrv

wlnotify.dll Common DLL to receive Winlogon notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: wlnotify.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

# WgaLogon

WgaLogon.dll Windows Genuine Advantage Notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: WgaLogon.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

1.9.0040.0

Click for Plus Info

# wlballoon

wlnotify.dll Common DLL to receive Winlogon notifications

Location: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon Notify

Path: wlnotify.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

5.1.2600.5512

Click for Plus Info

• Delayed Start •

• Active Tasks •

# Windows NT Session Manager

smss.exe Windows NT Session Manager

Path: C:\WINDOWS\system32\smss.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Windows NT Logon Application

winlogon.exe Windows NT Logon Application

Path: C:\WINDOWS\system32\winlogon.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Services and Controller app

services.exe Services and Controller app

Path: C:\WINDOWS\system32\services.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# LSA Shell (Export Version)

lsass.exe LSA Shell (Export Version)

Path: C:\WINDOWS\system32\lsass.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# SVCHOST

SVCHOST.EXE

Path: \\.\GLOBALROOT\DEVICE\SVCHOST.EXE

Click for Plus Info

# Generic Host Process for Win32 Services

svchost.exe Generic Host Process for Win32 Services

Path: C:\WINDOWS\system32\svchost.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Spooler SubSystem App

spoolsv.exe Spooler SubSystem App

Path: C:\WINDOWS\system32\spoolsv.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Disk Defrag

DISKDEFRAG.EXE Disk Defrag

Version: 5.x 2007-2010@Auslogics Software Pty Ltd

Path: C:\PROGRAM FILES\AUSLOGICS\AUSLOGICS DISK DEFRAG\DISKDEFRAG.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Advanced SystemCare Performance Monitor

PMonitor.exe Advanced SystemCare Performance Monitor

Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\PMonitor.exe

First Detected by WinPatrol: 06/29/2011 7:47 PM

Click for Plus Info

# Windows Explorer

explorer.exe Windows Explorer

Path: C:\WINDOWS\explorer.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Run a DLL as an App

rundll32.exe Run a DLL as an App

Path: C:\WINDOWS\system32\rundll32.exe

First Detected by WinPatrol: 05/14/2011 6:53 PM

Click for Plus Info

# SMax4PNP MFC Application

smax4pnp.exe SMax4PNP MFC Application

Path: C:\PROGRAM FILES\ANALOG DEVICES\Core\smax4pnp.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Linksys Wireless Manager

LINKSYSWIRELESSMANAGER.EXE Linksys Wireless Manager

Path: C:\PROGRAM FILES\Linksys\LINKSYS WIRELESS MANAGER\LINKSYSWIRELESSMANAGER.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# WinPatrol [FREE Edition]

WINPATROL.EXE WinPatrol System Monitor

Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROL.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# iBryte Desktop

IBRYTEDESKTOP.EXE iBryte Desktop

Version: 1.0.4134.15602

Path: C:\PROGRAM FILES\iBryte\PLAYBRYTE\IBRYTEDESKTOP.EXE

First Detected by WinPatrol: 06/14/2011 2:30 PM

Click for Plus Info

# hkcmd Module

hkcmd.exe hkcmd Module

Path: C:\WINDOWS\system32\hkcmd.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# persistence Module

igfxpers.exe persistence Module

Path: C:\WINDOWS\system32\igfxpers.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# CTF Loader

ctfmon.exe CTF Loader

Path: C:\WINDOWS\system32\ctfmon.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Weather

Path: C:\PROGRAM FILES\AWS\WEATHERBUG\Weather.exe

First Detected by WinPatrol: 06/14/2011 2:45 PM

Click for Plus Info

# Advanced SystemCare 4 Tray

ASCTray.exe Advanced SystemCare 4 Tray

Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\ASCTray.exe

First Detected by WinPatrol: 06/29/2011 7:47 PM

Click for Plus Info

# Bonjour Service

MDNSRESPONDER.EXE Bonjour Service

Path: C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Java Quick Starter Service

jqs.exe Java Quick Starter Service

Path: C:\PROGRAM FILES\Java\jre6\bin\jqs.exe

First Detected by WinPatrol: 06/29/2011 8:36 PM

Click for Plus Info

# Microsoft® Windows Live ID Service

WLIDSVC.EXE Microsoft® Windows Live ID Service

Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVC.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Pure Networks Platform Service

nmsrvc.exe Pure Networks Platform Service

Path: C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\Platform\nmsrvc.exe

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Microsoft® Windows Live ID Service Monitor

WLIDSVCM.EXE Microsoft® Windows Live ID Service Monitor

Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WLIDSVCM.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# Windows Update

wuauclt.exe Windows Update

Path: C:\WINDOWS\system32\wuauclt.exe

First Detected by WinPatrol: 05/10/2011 6:39 PM

Click for Plus Info

# igfxsrvc Module

igfxsrvc.exe igfxsrvc Module

Path: C:\WINDOWS\system32\igfxsrvc.exe

First Detected by WinPatrol: 05/10/2011 6:24 PM

Click for Plus Info

# WinPatrol [FREE Edition]

WINPATROLEX.EXE WinPatrol Explorer

Path: C:\PROGRAM FILES\BILLP STUDIOS\WINPATROL\WINPATROLEX.EXE

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

• Scheduled Tasks •

# GoogleUpdateTaskMachineCore.job

GoogleUpdate.exe Google Installer

Path: C:\Program Files\Google\Update\GoogleUpdate.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 7:56 PM

Location: "HKLM\"

Click for Plus Info

# DriverCure.job

DriverCure.exe DriverCure

Path: C:\Program Files\ParetoLogic\DriverCure\DriverCure.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 3:22 AM

Location: "HKLM\"

Click for Plus Info

# Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job

DiskDefrag.exe Disk Defrag

Version: 5.x 2007-2010@Auslogics Software Pty Ltd

Path: C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 9:27 AM

Location: "HKLM\"

Click for Plus Info

# Auslogics Disk Defrag Disk Defrag Console Defragmentation.job

cdefrag.exe

Path: C:\Program Files\Auslogics\Auslogics Disk Defrag\cdefrag.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 4:29 AM

Location: "HKLM\"

Click for Plus Info

# ASC4_PerformanceMonitor.job

PMonitor.exe Advanced SystemCare Performance Monitor

Path: C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe

First Detected by WinPatrol: 06/29/2011 8:29 PM

07/11/2011 9:27 AM

Location: "HKLM\"

Click for Plus Info

# SmartDefrag.job

IObit SmartDefrag.exe

Path: C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

06/19/2011 10:00 PM

Location: "HKLM\"

Click for Plus Info

# ParetoLogic Update Version2.job

Pareto_Update.exe ParetoLogic Update Application

Path: C:\Program Files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/09/2011 2:18 AM

Location: "HKLM\"

Click for Plus Info

# ParetoLogic Registration3.job

rundll32.exe Run a DLL as an App

Path: C:\WINDOWS\system32\rundll32.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 6:00 PM

Location: "HKLM\"

Click for Plus Info

# ParetoLogic Registration.job

rundll32.exe Run a DLL as an App

Path: C:\WINDOWS\system32\rundll32.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 6:00 PM

Location: "HKLM\"

Click for Plus Info

# GoogleUpdateTaskMachineUA.job

GoogleUpdate.exe Google Installer

Path: C:\Program Files\Google\Update\GoogleUpdate.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 9:56 PM

Location: "HKLM\"

Click for Plus Info

# User_Feed_Synchronization-{312FB2DC-2ED8-4BE7-8309-5D9B7461C2BE}.job

msfeedssync.exe Microsoft Feeds Synchronization

Path: C:\WINDOWS\system32\msfeedssync.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

07/11/2011 7:49 PM

Location: "HKLM\"

Click for Plus Info

• IE Helpers •

# Shop To Win

Shop to Win 9.dll Shop To Win

Version: 1, 0, 0, 1 Path: C:\Program Files\Shop to Win 9\Shop to Win 9.dll

First Detected by WinPatrol: 07/11/2011 10:43 PM

1, 0, 0, 1

Click for Plus Info

# AcroIEHelper Library

AcroIEHelper.dll Adobe Acrobat IE Helper Version 6.0 for ActivieX

Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6, 0, 0, 0

Click for Plus Info

# Shop To Win

Shop to Win 12.dll Shop To Win

Version: 1, 0, 0, 1 Path: C:\Program Files\Shop to Win 12\Shop to Win 12.dll

First Detected by WinPatrol: 06/14/2011 2:30 PM

1, 0, 0, 1

Click for Plus Info

# lplaytl.dll

lplaytl.dll

Path: C:\Program Files\LivingPlay\lplaytl.dll

First Detected by WinPatrol: 06/14/2011 2:45 PM

Click for Plus Info

# livingplaylib32.dll

livingplaylib32.dll

Path: C:\Program Files\LivingPlay\livingplaylib32.dll

First Detected by WinPatrol: 06/14/2011 2:45 PM

Click for Plus Info

# Norton Confidential

coieplg.dll coIEPlugIn

Path: C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll

First Detected by WinPatrol: 07/11/2011 10:43 PM

2011.6.0.16

Click for Plus Info

# Microsoft® .NET Framework

mscoree.dll Microsoft .NET Runtime Execution Engine

Path: mscoree.dll

First Detected by WinPatrol: 06/29/2011 8:01 PM

4.0.31106.0

Click for Plus Info

# Symantec Intrusion Detection

ipsbho.dll IPS Browser Helper DLL

Path: C:\Program Files\Norton 360\Engine\5.1.0.29\ips\ipsbho.dll

First Detected by WinPatrol: 07/11/2011 10:43 PM

9.8

Click for Plus Info

# Background Changer

Path: C:\Program Files\Object\bho_project.dll

First Detected by WinPatrol: 06/29/2011 9:53 PM

1.0.0.1

Click for Plus Info

# Microsoft® Windows Live ID

WindowsLiveLogin.dll Microsoft® Windows Live ID Login Helper

Path: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

6.500.3165.0

Click for Plus Info

# SearchToolbar

SearchToolbar.dll Version: 1.1

Path: C:\Program Files\Search Toolbar\SearchToolbar.dll

First Detected by WinPatrol: 06/14/2011 2:45 PM

1.1

Click for Plus Info

# COMPANYVERS_NAME Search Assistant for Internet Explorer

4nSrcAs.dll COMPANYVERS_NAME Search Assistant

Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nSrcAs.dll

First Detected by WinPatrol: 06/14/2011 1:52 PM

1, 2, 3, 1

Click for Plus Info

# Compete DCA

dca-bho.dll Compete DCA Browser Helper Object

Path: C:\Program Files\Common Files\FreeCause\DCA\dca-bho.dll

First Detected by WinPatrol: 06/16/2011 10:32 PM

1.2.0.3569

Click for Plus Info

# Java Platform SE 6 U22

jp2ssv.dll Java Platform SE binary

Path: C:\Program Files\Java\jre6\bin\jp2ssv.dll

First Detected by WinPatrol: 06/29/2011 8:36 PM

6.0.220.4

Click for Plus Info

# MindSpark Toolbar Platform for Internet Explorer and Firefox

4nbar.dll MindSpark Toolbar Platform

Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll

First Detected by WinPatrol: 06/14/2011 1:52 PM

2, 3, 85, 9

Click for Plus Info

# Java Platform SE 6 U22

jqs_plugin.dll Java Quick Starter binary

Path: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

First Detected by WinPatrol: 07/11/2011 10:43 PM

6.0.220.4

Click for Plus Info

# ToolBand Module

DTToolbar.dll ToolBand Module

Path: C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

1,1,0,0283

Click for Plus Info

# MindSpark Toolbar Platform for Internet Explorer and Firefox

4nbar.dll MindSpark Toolbar Platform

Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbar.dll

First Detected by WinPatrol: 06/14/2011 1:52 PM

2, 3, 85, 9

Click for Plus Info

# Inbox Toolbar

Inbox.dll Inbox Toolbar Browser Object

Version: 1.2.0.184 © Inbox.com, Inc.

Path: C:\Program Files\Inbox Toolbar\Inbox.dll

First Detected by WinPatrol: 06/14/2011 2:20 PM

1.2.0.184

Click for Plus Info

# Microsoft® .NET Framework

mscoree.dll Microsoft .NET Runtime Execution Engine

Path: mscoree.dll

First Detected by WinPatrol: 06/29/2011 8:01 PM

4.0.31106.0

Click for Plus Info

# SearchToolbar

SearchToolbar.dll Version: 1.1

Path: C:\Program Files\Search Toolbar\SearchToolbar.dll

First Detected by WinPatrol: 06/14/2011 2:45 PM

1.1

Click for Plus Info

# Norton Confidential

coieplg.dll coIEPlugIn

Path: C:\Program Files\Norton 360\Engine\5.1.0.29\coieplg.dll

First Detected by WinPatrol: 07/11/2011 10:43 PM

2011.6.0.16

Click for Plus Info

# Research

C:\PROGRA~1\MICROS~2\OFFICE11\REFBARH.ICO

Click for Plus Info

• File Types •

# MS-DOS Batch File

%1 %*

Path: %1 %*

.BAT

Startup Type: batfile

Click for Plus Info

# Cabinet File

Explorer.exe /idlist,%I,%L Windows Explorer

Path: C:\WINDOWS\Explorer.exe /idlist,%I,%L

.CAB

Startup Type: CLSID\{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}

Click for Plus Info

# Security Catalog

rundll32.exe cryptext.dll,CryptExtOpenCAT %1 Run a DLL as an App

Path: rundll32.exe cryptext.dll,CryptExtOpenCAT %1

.CAT

Startup Type: CATFile

Click for Plus Info

# Compiled HTML Help file

hh.exe %1 Microsoft® HTML Help Executable

Path: C:\WINDOWS\hh.exe %1

.CHM

Startup Type: chm.file

Click for Plus Info

# MS-DOS Application

%1 %*

Path: %1 %*

.COM

Startup Type: comfile

Click for Plus Info

# Windows NT Command Script

%1 %*

Path: %1 %*

.CMD

Startup Type: cmdfile

Click for Plus Info

# Microsoft Word Document

WINWORD.EXE /n /dde Microsoft Office Word

Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde

.DOC

Startup Type: Word.Document.8

Click for Plus Info

# Outlook Express Mail Message

msimn.exe /eml:%1 Outlook Express

Path: C:\Program Files\Outlook Express\msimn.exe /eml:%1

.EML

Startup Type: Microsoft Internet Mail Message

Click for Plus Info

# Application

%1 %*

Path: %1 %*

.EXE

Startup Type: exefile

Click for Plus Info

# Setup Information

NOTEPAD.EXE %1 Notepad

Path: C:\WINDOWS\System32\NOTEPAD.EXE %1

.INF

Startup Type: inffile

Click for Plus Info

# JScript Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host

Path: C:\WINDOWS\System32\WScript.exe %1 %*

.JS

Startup Type: JSFile

Click for Plus Info

# Text Document

NOTEPAD.EXE %1 Notepad

Path: C:\WINDOWS\system32\NOTEPAD.EXE %1

.LOG

Startup Type: txtfile

Click for Plus Info

# Windows Installer Package

msiexec.exe /i %1 %* Windows® installer

Path: C:\WINDOWS\System32\msiexec.exe /i %1 %*

.MSI

Startup Type: Msi.Package

Click for Plus Info

# Outlook Item

OUTLOOK.EXE /f %1 Microsoft Office Outlook

Path: C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE /f %1

.MSG

Startup Type: msgfile

Click for Plus Info

# MP3 Audio File

mpc-hc.exe %1 Media Player Classic - Home Cinema

Path: C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe %1

.MP3

Startup Type: mplayerc.mp3

Click for Plus Info

# Shortcut to MS-DOS Program

%1 %*

Path: %1 %*

.PIF

Startup Type: piffile

Click for Plus Info

# Registration Entries

regedit.exe %1 Registry Editor

Path: regedit.exe %1

.REG

Startup Type: regfile

Click for Plus Info

# Rich Text Format

WINWORD.EXE /n /dde Microsoft Office Word

Path: C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE /n /dde

.RTF

Startup Type: Word.RTF.8

Click for Plus Info

# Screen Saver

%1 /S

Path: %1 /S

.SCR

Startup Type: scrfile

Click for Plus Info

# Text Document

NOTEPAD.EXE %1 Notepad

Path: C:\WINDOWS\system32\NOTEPAD.EXE %1

.TXT

Startup Type: txtfile

Click for Plus Info

# Internet Shortcut

ieframe.dll,OpenURL %l Run a DLL as an App

Path: C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\ieframe.dll,OpenURL %l

.URL

Startup Type: InternetShortcut

Click for Plus Info

# VBScript Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host

Path: C:\WINDOWS\System32\WScript.exe %1 %*

.VBS

Startup Type: VBSFile

Click for Plus Info

# VBScript Encoded Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host

Path: C:\WINDOWS\System32\WScript.exe %1 %*

.VBE

Startup Type: VBEFile

Click for Plus Info

# Windows Script File

WScript.exe %1 %* Microsoft ® Windows Based Script Host

Path: C:\WINDOWS\System32\WScript.exe %1 %*

.WSF

Startup Type: WSFFile

Click for Plus Info

# Windows Script Host Settings File

WScript.exe %1 %* Microsoft ® Windows Based Script Host

Path: C:\WINDOWS\System32\WScript.exe %1 %*

.WSH

Startup Type: WSHFile

Click for Plus Info

# Microsoft Excel Worksheet

EXCEL.EXE /e Microsoft Office Excel

Path: C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE /e

.XLS

Startup Type: Excel.Sheet.8

Click for Plus Info

• Services •

# ASCSERVICE.EXE

Advanced SystemCare Service

Path: C:\PROGRAM FILES\IObit\ADVANCED SYSTEMCARE 4\ASCSERVICE.EXE

First Detected by WinPatrol: 06/29/2011 7:47 PM

Created: 06/29/2011 7:46 PM

Accessed: 07/11/2011 10:45 PM

Written: 05/28/2011 2:46 PM

File Size: 353,280 Bytes

Click for Plus Info

# MDNSRESPONDER.EXE

Bonjour Service

Path: C:\PROGRAM FILES\Bonjour\MDNSRESPONDER.EXE

First Detected by WinPatrol: 05/10/2011 4:32 PM

Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence, so that users can discover and use those services without any unnecessary manual setup or administration.

Created: 11/28/2005 1:11 PM

Accessed: 07/11/2011 10:45 PM

Written: 11/28/2005 1:11 PM

File Size: 229,376 Bytes

Click for Plus Info

# 4nbarsvc.exe

PRODUCTVERS_TITLE

Path: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\4nbarsvc.exe

First Detected by WinPatrol: 06/14/2011 2:23 PM

Created: 06/14/2011 1:49 PM

Accessed: 07/11/2011 10:45 PM

Written: 06/14/2011 1:49 PM

File Size: 42,504 Bytes

Click for Plus Info

# GOOGLEUPDATE.EXE

Google Installer

Path: C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE

First Detected by WinPatrol: 05/18/2011 8:14 PM

Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

Created: 12/14/2010 7:34 PM

Accessed: 07/11/2011 10:45 PM

Written: 12/14/2010 7:34 PM

File Size: 135,664 Bytes

Click for Plus Info

# GOOGLEUPDATE.EXE

Google Installer

Path: C:\PROGRAM FILES\Google\Update\GOOGLEUPDATE.EXE

First Detected by WinPatrol: 05/18/2011 8:14 PM

Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it.

Created: 12/14/2010 7:34 PM

Accessed: 07/11/2011 10:45 PM

Written: 12/14/2010 7:34 PM

File Size: 135,664 Bytes

Click for Plus Info

# hpqcxs08.dll

HP CUE Context Manager Objects

Path: C:\PROGRAM FILES\HP\DIGITAL IMAGING\bin\hpqcxs08.dll

First Detected by WinPatrol: 05/10/2011 4:32 PM

Created: 03/11/2007 10:24 PM

Accessed: 07/11/2011 10:45 PM

Written: 03/11/2007 10:24 PM

File Size: 217,088 Bytes

Click for Plus Info

# IDriverT.exe

IDriverT Module

Path: C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\Driver\11\Intel 32\IDriverT.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Provides support for the Running Object Table for InstallShield Drivers

Created: 04/04/2005 1:41 AM

Accessed: 07/11/2011 10:45 PM

Written: 04/04/2005 1:41 AM

File Size: 69,632 Bytes

Click for Plus Info

# jqs.exe

Java Quick Starter Service

Path: C:\PROGRAM FILES\Java\jre6\bin\jqs.exe

First Detected by WinPatrol: 06/29/2011 8:33 PM

Prefetches JRE files for faster startup of Java applets and applications

Created: 06/29/2011 8:32 PM

Accessed: 07/11/2011 10:45 PM

Written: 06/29/2011 8:32 PM

File Size: 153,376 Bytes

Click for Plus Info

# ccsvchst.exe

Path: C:\PROGRAM FILES\NORTON 360\Engine\5.1.0.29\ccsvchst.exe

First Detected by WinPatrol: 07/11/2011 10:44 PM

Norton 360

Created:

Accessed:

Written:

File Size: Bytes

Click for Plus Info

# nmsrvc.exe

Pure Networks Platform Service

Path: C:\PROGRAM FILES\COMMON FILES\PURE NETWORKS SHARED\Platform\nmsrvc.exe

First Detected by WinPatrol: 05/10/2011 4:32 PM

Enables Pure Networks Platform services such as file sharing, printer sharing, and network monitoring.

Created: 06/18/2009 3:41 PM

Accessed: 07/11/2011 10:45 PM

Written: 06/18/2009 3:41 PM

File Size: 647,216 Bytes

Click for Plus Info

• Hidden Files •

# boot

boot.ini

Path: C:\boot.ini

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# IO

IO.SYS

Path: C:\IO.SYS

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# MSDOS

MSDOS.SYS

Path: C:\MSDOS.SYS

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# NTDETECT

NTDETECT.COM

Path: C:\NTDETECT.COM

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# n

ntldr

Path: C:\ntldr

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# pagefile

pagefile.sys

Path: C:\pagefile.sys

Click for Plus Info

# ~$erything American Revolution by Daniel P. Murphy, Ph.D

~$erything American Revolution by Daniel P. Murphy, Ph.D.doc

Path: C:\~$erything American Revolution by Daniel P. Murphy, Ph.D.doc

Click for Plus Info

# QTFont

QTFont.qfn

Path: C:\WINDOWS\QTFont.qfn

Click for Plus Info

# WindowsShell.Mani

WindowsShell.Manifest

Path: C:\WINDOWS\WindowsShell.Manifest

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# winnt

winnt.bmp

Path: C:\WINDOWS\winnt.bmp

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# winnt256

winnt256.bmp

Path: C:\WINDOWS\winnt256.bmp

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

# jxjp

jxjppeha

Path: C:\WINDOWS\system32\config\jxjppeha

Click for Plus Info

# filelist

filelist.xml

Path: C:\WINDOWS\system32\Restore\filelist.xml

First Detected by WinPatrol: 05/10/2011 4:33 PM

Click for Plus Info

• ActiveX •

# QuickTime Object

QTPlugin.ocx The QuickTime Control allows you to view a wide variety of multimedia content in web pages.

Version: QuickTime 7.0.4 Copyright Apple Computer, Inc. 1989-2006

Path: C:\PROGRAM FILES\QUICKTIME\QTPlugin.ocx

QuickTime 7.0.4

Click for Plus Info

# Inbox

Inbox.dll Inbox Toolbar Browser Object

Path: C:\Program Files\Inbox Toolbar\Inbox.dll

1.2.0.184

Click for Plus Info

# Windows Genuine Advantage Validation Tool

LEGITCHECKCONTROL.DLL Windows Genuine Advantage Validation

Path: C:\WINDOWS\system32\LEGITCHECKCONTROL.DLL

1.9.0040.0

Click for Plus Info

# Windows Media Player

msdxm.ocx

Path: C:\WINDOWS\system32\msdxm.ocx

Click for Plus Info

# HTML Document

mshtml.dll Microsoft ® HTML Viewer

Path: C:\WINDOWS\system32\mshtml.dll

8.00.6001.19088

Click for Plus Info

# XML DOM Document

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

# DHTML Edit Control Safe for Scripting for IE5

dhtmled.ocx Microsoft ® Dynamic HTML Editing Control

Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\Triedit\dhtmled.ocx

6.01.9247

Click for Plus Info

# XML Document

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

# Microsoft Terminal Services Client Control (redist)

mstscax.dll Terminal Services ActiveX Client

Path: C:\WINDOWS\system32\mstscax.dll

6.0.6001.18589

Click for Plus Info

# Microsoft Terminal Services Client Control (redist)

mstscax.dll Terminal Services ActiveX Client

Path: C:\WINDOWS\system32\mstscax.dll

6.0.6001.18589

Click for Plus Info

# WUWebControl Class

wuweb.dll Windows Update Web Control

Path: C:\WINDOWS\system32\wuweb.dll

7.4.7600.226

Click for Plus Info

# Microsoft Shell UI Helper

ieframe.dll Internet Explorer

Path: C:\WINDOWS\system32\ieframe.dll

8.00.6001.19072

Click for Plus Info

# Windows Media Player

wmp.dll Windows Media Player Core

Path: C:\WINDOWS\system32\wmp.dll

9.00.00.4510

Click for Plus Info

# Active Desktop Mover

shell32.dll Windows Shell Common Dll

Path: C:\WINDOWS\system32\shell32.dll

6.00.2900.6072

Click for Plus Info

# Microsoft Terminal Services Client Control (redist)

mstscax.dll Terminal Services ActiveX Client

Path: C:\WINDOWS\system32\mstscax.dll

6.0.6001.18589

Click for Plus Info

# 4nSrcAs

4nSrcAs.dll COMPANYVERS_NAME Search Assistant

Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nSrcAs.dll

1, 2, 3, 1

Click for Plus Info

# Microsoft Terminal Services Client Control (redist)

mstscax.dll Terminal Services ActiveX Client

Path: C:\WINDOWS\system32\mstscax.dll

6.0.6001.18589

Click for Plus Info

# Microsoft Web Browser

ieframe.dll Internet Explorer

Path: C:\WINDOWS\system32\ieframe.dll

8.00.6001.19072

Click for Plus Info

# XML DOM Document 4.0

msxml4.dll MSXML 4.0 SP 2

Path: C:\WINDOWS\system32\msxml4.dll

4.20.9876.0

Click for Plus Info

# XML HTTP 4.0

msxml4.dll MSXML 4.0 SP 2

Path: C:\WINDOWS\system32\msxml4.dll

4.20.9876.0

Click for Plus Info

# XML DOM Document 6.0

msxml6.dll MSXML 6.0 SP2

Path: C:\WINDOWS\system32\msxml6.dll

6.20.1103.0

Click for Plus Info

# XML HTTP 6.0

msxml6.dll MSXML 6.0 SP2

Path: C:\WINDOWS\system32\msxml6.dll

6.20.1103.0

Click for Plus Info

# Microsoft Terminal Services Client Control (redist)

mstscax.dll Terminal Services ActiveX Client

Path: C:\WINDOWS\system32\mstscax.dll

6.0.6001.18589

Click for Plus Info

# ConservativeTalkNow_4n HTML

4nhtml.dll PRODUCTVERS_TITLE Html Player

Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nhtml.dll

2, 3, 0, 0

Click for Plus Info

# Google Update Plugin

NPGOOGLEUPDATE3.DLL Google Update

Path: C:\PROGRAM FILES\Google\Update\1.3.21.57\NPGOOGLEUPDATE3.DLL

1.3.21.57

Click for Plus Info

# Adobe Acrobat Control for ActiveX

pdf.ocx Adobe Acrobat Control Version 6.0 for ActiveX

Path: C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\pdf.ocx

6.0.1.2003110300

Click for Plus Info

# Deployment Toolkit

DEPLOYJAVA1.DLL Java Platform SE binary

Path: C:\WINDOWS\system32\DEPLOYJAVA1.DLL

6.0.220.4

Click for Plus Info

# AUDIO__X_MS_WMA Moniker Class

wmp.dll Windows Media Player Core

Path: C:\WINDOWS\system32\wmp.dll

9.00.00.4510

Click for Plus Info

# VIDEO__X_MS_WMV Moniker Class

wmp.dll Windows Media Player Core

Path: C:\WINDOWS\system32\wmp.dll

9.00.00.4510

Click for Plus Info

# Microsoft Url Search Hook

ieframe.dll Internet Explorer

Path: C:\WINDOWS\system32\ieframe.dll

8.00.6001.19072

Click for Plus Info

# Windows Live ID Sign-in Control

WINDOWSLIVELOGIN.DLL Microsoft® Windows Live ID Login Helper

Path: C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\WINDOWS LIVE\WINDOWSLIVELOGIN.DLL

6.500.3165.0

Click for Plus Info

# Shockwave Flash Object

Flash10q.ocx Adobe Flash Player 10.3 r181

Version: 10,3,181,14 Path: C:\WINDOWS\system32\Macromed\Flash\Flash10q.ocx

10,3,181,14

Click for Plus Info

# QuickTimeCheck Class

QUICKTIMECHECK.OCX QuickTimeCheck Scriptable Object

Path: C:\PROGRAM FILES\QUICKTIME\QTSystem\QUICKTIMECHECK.OCX

QuickTime 7.0.4

Click for Plus Info

# Microsoft Silverlight

npctrl.dll 3.0.40818.0

Path: C:\PROGRAM FILES\MICROSOFT SILVERLIGHT\3.0.40818.0\npctrl.dll

3.0.40818.0

Click for Plus Info

# 4nbar

4nbar.dll MindSpark Toolbar Platform

Path: C:\PROGRAM FILES\CONSERVATIVETALKNOW_4N\bar\1.bin\4nbar.dll

2, 3, 85, 9

Click for Plus Info

# XML HTTP Request

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

# XML DOM Document 3.0

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

# XML DOM Document

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

# XML HTTP

msxml3.dll MSXML 3.0 SP10

Path: C:\WINDOWS\system32\msxml3.dll

8.100.1052.0

Click for Plus Info

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind.swf

c:\program files\nero\nero photoshow 4\data\app\simplestar\data\shared\music\rock\crackthesky_mind_image.swf

scanner sequence 3.AA.11.DGAPFC

----- EOF -----

GMER 1.0.15.15640 - http://www.gmer.net

Rootkit quick scan 2011-07-12 15:31:14

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-17 WDC_WD800JD-75MSA1 rev.10.01E01

Running: gmer.exe; Driver: C:\DOCUME~1\user\LOCALS~1\Temp\kwpdyfog.sys

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 MBR read error

Disk \Device\Harddisk0\DR0 MBR BIOS signature not found 0

---- System - GMER 1.0.15 ----

SSDT spul.sys ZwEnumerateKey [0xF7484DA4] <-- ROOTKIT !!!

SSDT spul.sys ZwEnumerateValueKey [0xF7485132] <-- ROOTKIT !!!

---- Devices - GMER 1.0.15 ----

Device \Driver\atapi \Device\Ide\IdePort0 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort1 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort2 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdePort3 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 [F73C0B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}

Device \FileSystem\Ntfs \Ntfs 867601F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

---- Threads - GMER 1.0.15 ----

Thread System [4:220] F77B3D20

Thread System [4:224] F77B3D20

Thread System [4:228] F77866F0

Thread System [4:232] F77866F0

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [MANUAL] 1257849909 <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----

LockSearch by jpshortstuff (05.11.09.1)

Log created at 15:25 on 12/07/2011 (user)

Scanning C:\

C:\pagefile.sys

-------------------------

C:\Documents and Settings\user\Desktop\Paul-July-12-2011\OTM.exe

-------------------------

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

-------------------------

C:\Program Files\IObit\Advanced SystemCare 4\ASC.exe

-------------------------

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

-------------------------

C:\Program Files\Norton 360\Engine\5.1.0.29\ccsvchst.exe

-------------------------

C:\WINDOWS\system32\MRT.exe

-------------------------

C:\WINDOWS\system32\MRT.exe [unable to get md5 : 47716296 bytes]

C:\WINDOWS\system32\drivers\1257849909.sys

-------------------------

C:\WINDOWS\system32\drivers\1257849909.sys [unable to get md5 : 25984 bytes]

C:\WINDOWS\system32\drivers\sptd.sys

-------------------------

C:\WINDOWS\system32\drivers\sptd.sys [unable to get md5 : 691696 bytes]

-=E.O.F=-

error message after infection shutdown malwarebytes "attempt to update malwarebytes after installation led to

"An error has occurred. Please report the error code to our support team. PROGRAM_ERROR_UPDATING (10053, 0, Software caused connection abort) An established connection was aborted by the software in your host machine."

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 07/12/2011 at 15:35:01.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe

Rkill completed on 07/12/2011 at 15:35:09.

Rooter.exe (v1.0.2) by Eric_71

.

SeDebugPrivilege granted successfully ...

.

Windows XP . (5.1.2600) Service Pack 3

[32_bits] - x86 Family 15 Model 4 Stepping 3, GenuineIntel

.

[wscsvc] (Security Center) RUNNING (state:4)

[sharedAccess] RUNNING (state:4)

Windows Firewall -> Disabled !

.

Internet Explorer 8.0.6001.18702

Mozilla Firefox 4.0.1 (en-US)

.

A:\ [Removable]

C:\ [Fixed-NTFS] .. ( Total:74 Go - Free:49 Go )

D:\ [CD_Rom]

E:\ [CD_Rom]

.

Scan : 15:22.17

Path : C:\Documents and Settings\user\Desktop\Paul-July-12-2011\Rooter.exe

User : user ( Administrator -> YES )

.

----------------------\\ Processes

.

Locked [system Process] (0)

______ System (4)

______ \SystemRoot\System32\smss.exe (616)

______ \??\C:\WINDOWS\system32\csrss.exe (1012)

______ \??\C:\WINDOWS\system32\winlogon.exe (1036)

______ C:\WINDOWS\system32\services.exe (1080)

______ C:\WINDOWS\system32\lsass.exe (1092)

______ \\.\globalroot\Device\svchost.exe\svchost.exe (1116)

______ C:\WINDOWS\system32\svchost.exe (1260)

______ C:\WINDOWS\system32\svchost.exe (1308)

______ C:\WINDOWS\System32\svchost.exe (1352)

______ C:\WINDOWS\system32\svchost.exe (1432)

______ C:\WINDOWS\system32\spoolsv.exe (1816)

______ C:\Program Files\Auslogics\Auslogics Disk Defrag\DiskDefrag.exe (352)

______ C:\Program Files\IObit\Advanced SystemCare 4\PMonitor.exe (396)

______ C:\WINDOWS\Explorer.EXE (432)

______ C:\Program Files\Analog Devices\Core\smax4pnp.exe (844)

______ C:\Program Files\Pure Networks\Network Magic\nmapp.exe (868)

______ C:\Program Files\Linksys\Linksys Wireless Manager\LinksysWirelessManager.exe (876)

______ C:\Program Files\iBryte\playbryte\ibrytedesktop.exe (884)

______ C:\WINDOWS\system32\hkcmd.exe (908)

______ C:\WINDOWS\system32\igfxpers.exe (916)

______ C:\WINDOWS\system32\ctfmon.exe (940)

______ C:\Program Files\AWS\WeatherBug\Weather.exe (1004)

______ C:\WINDOWS\system32\rundll32.exe (1016)

______ C:\Program Files\IObit\Advanced SystemCare 4\ASCTray.exe (1148)

______ C:\Program Files\Bonjour\mDNSResponder.exe (724)

______ C:\Program Files\Java\jre6\bin\jqs.exe (1460)

______ C:\WINDOWS\system32\svchost.exe (2096)

______ C:\WINDOWS\system32\wdfmgr.exe (2168)

______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2196)

______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (2252)

______ C:\WINDOWS\system32\wbem\wmiprvse.exe (2564)

______ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (3296)

______ C:\WINDOWS\system32\svchost.exe (3952)

______ C:\WINDOWS\System32\alg.exe (3904)

______ C:\WINDOWS\system32\NOTEPAD.EXE (3680)

______ C:\WINDOWS\system32\wuauclt.exe (444)

______ C:\WINDOWS\system32\NOTEPAD.EXE (4040)

______ C:\Documents and Settings\user\Desktop\Paul-July-12-2011\Rooter.exe (4036)

.

----------------------\\ Device\Harddisk0\

.

\Device\Harddisk0 [sectors : 63 x 512 Bytes]

.

\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:32256 | Length:79990815744)

.

----------------------\\ Scheduled Tasks

.

C:\WINDOWS\Tasks\ASC4_PerformanceMonitor.job

C:\WINDOWS\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job

C:\WINDOWS\Tasks\Auslogics Disk Defrag Disk Defrag Start On Windows Logon.job

C:\WINDOWS\Tasks\desktop.ini

C:\WINDOWS\Tasks\DriverCure.job

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\Tasks\ParetoLogic Registration.job

C:\WINDOWS\Tasks\ParetoLogic Registration3.job

C:\WINDOWS\Tasks\ParetoLogic Update Version2.job

C:\WINDOWS\Tasks\SA.DAT

C:\WINDOWS\Tasks\SmartDefrag.job

C:\WINDOWS\Tasks\User_Feed_Synchronization-{312FB2DC-2ED8-4BE7-8309-5D9B7461C2BE}.job

.

----------------------\\ Registry

.

----------------------\\ Files & Folders

.

----------------------\\ Scan completed at 15:23.26

.

C:\Rooter$\Rooter_1.txt - (12/07/2011 | 15:23.26)

Windows Validation Check

Version: 1.9.12.5

Log Created On: 1528_12-07-2011

-----------------------

Windows Information

-----------------------

Windows Version: Windows XP Service Pack 3

Windows Mode: Normal

Systemroot Path: C:\WINDOWS

WVCheck's Auto Update Check

-----------------------

Auto-Update Option: Download updates and install them automatically.

-----------------------

Last Success Time for Update Detection: 2011-07-12 02:49:18

Last Success Time for Update Download: 2011-07-12 07:00:50

Last Success Time for Update Installation: 2011-07-12 07:00:36

WVCheck's Registry Check Check

-----------------------

Antiwpa: Not Found

-----------------------

Chew7Hale: Not Found

-----------------------

WVCheck's File Dump

-----------------------

WVCheck found no known bad files.

WVCheck's Dir Dump

-----------------------

WVCheck found no known bad directories.

WVCheck's Missing File Check

-----------------------

WVCheck found no missing Windows files.

WVCheck's MBAM Quarantine Check

-----------------------

There were no bad files quarantined by MBAM.

WVCheck's HOSTS File Check

-----------------------

WVCheck found no bad lines in the hosts file.

WVCheck's MD5 Check

EXPERIMENTAL!!

-----------------------

user32.dll - b26b135ff1b9f60c9388b4a7d16f600b

-------- End of File, program close at 1529_12-07-2011 --------

flashh4 · March 24, 2013

BestTechie has instated a 5 day policy for threads. If No reply within 5 days by the user we will close the topic so there will be no drive-by posting. Since there was no Malware fighters answering these boards at this time we will close these older threads !! So if you need this re-opened PM me or one of the Mods !! I will be here to assist you now with Malware problems ! Thanks Chuck

Sign In

Infection will not allow many OT? progrms to run

Recommended Posts

lawnmowrman

Link to post

Share on other sites

flashh4

Link to post

Share on other sites

Browse

Activity