Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Virus and other Browser Redirects?


  • This topic is locked This topic is locked
11 replies to this topic

#1 DSTADTL12

DSTADTL12

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 02 May 2012 - 07:37 PM

EDIT: MOVED to Virus,Trojan and Malware Removal Logs ~~boopme


I constantly get redirected by hapili and other browser redirects some of my other programs have stopped working. Any help would be much appreciated I will do anything at this point. Here is a HiJack log if it helps
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:15 PM, on 5/2/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Fliptoast\fliptoast.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DSTADTL1\Music\Computer Clean-Up Kit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll (file missing)
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Apple] rundll32.exe "C:\Users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll",DllRegisterServer
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17198 bytes



**********************Update for Gringo*****************************
Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java™ 6 Update 5
Java version out of date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DSTADTL1 at 18:26:52 on 2012-05-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1200 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Fliptoast\fliptoast.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Users\DSTADTL1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW5HQVV0\Defogger.exe
C:\Users\DSTADTL1\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Apple] rundll32.exe "C:\Users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll",DllRegisterServer
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
StartupFolder: C:\Users\DSTADTL1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\DSTADTL1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{51CC1380-55A4-4361-A794-3D21EFA76DB0} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EA7E0F49-E62D-4260-AD0F-048DB6FFAD89} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs:
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO-X64: TBSB01620 - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO-X64: 0x1 - No File
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB-X64: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-17 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120502.001\IDSviA64.sys [2012-5-3 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMTDIV.SYS [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-8-4 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-12-25 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-12 138360]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-03 11:32:38 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1C167A0-1B79-430D-A185-05A29AF516BB}\offreg.dll
2012-05-03 11:22:42 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1C167A0-1B79-430D-A185-05A29AF516BB}\mpengine.dll
2012-05-03 11:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2012-05-03 00:41:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-03 00:39:33 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2012-05-01 23:07:38 -------- d-----w- C:\Users\DSTADTL1\AppData\Roaming\com.w3i.FlipToast
2012-05-01 23:07:31 -------- d-sh--w- C:\AI_RecycleBin
2012-05-01 23:04:29 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-05-01 23:02:08 -------- d-----w- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815
2012-04-24 02:27:17 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-04-24 02:27:07 -------- d-----w- C:\Users\DSTADTL1\AppData\Local\NPE
2012-04-23 21:38:35 445560 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symtdiv.sys
2012-04-23 21:38:35 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-23 21:38:34 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-23 21:38:34 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-23 21:38:34 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-23 21:38:34 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-23 21:38:34 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-23 21:38:34 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-23 21:38:20 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009
2012-04-13 00:35:49 -------- d-----w- C:\Users\DSTADTL1\AppData\Local\Microsoft Help
2012-04-12 07:02:44 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:02:30 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:02:30 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:02:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:02:30 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:02:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 07:02:30 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:02:30 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 10:21:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 10:21:35 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-03 22:05:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 06:44:18 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-22 21:56:09 1066544 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 19:06:02 2433400 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 18:28:05.93 ===============




The problem Im having is th hapili virus and other browser redirects.......

Edited by DSTADTL12, 03 May 2012 - 05:34 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 03 May 2012 - 12:42 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 06 May 2012 - 03:55 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 DSTADTL12

DSTADTL12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 06 May 2012 - 05:47 PM

I constantly get redirected by hapili and other browser redirects some of my other programs have stopped working. Any help would be much appreciated I will do anything at this point. Here is a HiJack log if it helps
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:29:15 PM, on 5/2/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Fliptoast\fliptoast.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\DSTADTL1\Music\Computer Clean-Up Kit\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://downloads.phpnuke.org/en/index.php?rvs=hompag
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
R3 - URLSearchHook: (no name) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
R3 - URLSearchHook: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: TBSB01620 - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: IMinent WebBooster - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O2 - BHO: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O2 - BHO: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: BearShare MediaBar - {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll (file missing)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
O3 - Toolbar: MediaBar - {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll (file missing)
O3 - Toolbar: MediaBar - {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll (file missing)
O3 - Toolbar: IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
O4 - HKLM\..\Run: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
O4 - HKLM\..\Run: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Apple] rundll32.exe "C:\Users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll",DllRegisterServer
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O20 - AppInit_DLLs:
O23 - Service: Andrea ST Filters Service (AESTFilters) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe (file missing)
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Unknown owner - C:\Windows\system32\agr64svc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Audio Service (STacSV) - Unknown owner - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 17198 bytes



**********************Update for Gringo*****************************
Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:
Java™ 6 Update 29
Java™ 6 Update 5
Java version out of date!
Adobe Reader 8 Adobe Reader out of date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Norton ccSvcHst.exe
Windows Defender MSMpEng.exe
Microsoft Security Essentials msseces.exe
``````````End of Log````````````
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by DSTADTL1 at 18:26:52 on 2012-05-03
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.1200 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Iminent\Iminent.exe
C:\Program Files (x86)\Iminent\Iminent.Messengers.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\SysWOW64\DllHost.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Fliptoast\fliptoast.exe
C:\Windows\system32\LogonUI.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Users\DSTADTL1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PW5HQVV0\Defogger.exe
C:\Users\DSTADTL1\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\notepad.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mSearch Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80468&lng=en
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80468
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: TBSB01620 Class: {58124a0b-dc32-4180-9bff-e0e21ae34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: IMinent WebBooster (BHO): {a09ab6eb-31b5-454c-97ec-9b294d92ee2a} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO: 1 (0x1) - No File
BHO: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Yontoo: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: BearShare MediaBar: {d3dee18f-db64-4beb-9ff1-e1f0a5033e4a} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
TB: IMinent Toolbar: {977ae9cc-af83-45e8-9e03-e2798216e2d5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [MsnMsgr] "C:\Program Files (x86)\Windows Live\Messenger\MsnMsgr.Exe" /background
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [HideMyIP] C:\Program Files (x86)\Hide My IP\HideMyIP.exe
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
uRun: [Apple] rundll32.exe "C:\Users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll",DllRegisterServer
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
mRun: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
StartupFolder: C:\Users\DSTADTL1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\DSTADTL1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Windows Live Search - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - hxxp://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-4/ZwinkyInitialSetup1.0.1.1.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{51CC1380-55A4-4361-A794-3D21EFA76DB0} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{EA7E0F49-E62D-4260-AD0F-048DB6FFAD89} : DhcpNameServer = 192.168.1.254
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
AppInit_DLLs:
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
BHO-X64: TBSB01620 - No File
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No File
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: IMinent WebBooster (BHO): {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll
BHO-X64: IMinent WebBooster - No File
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Windows Live Toolbar Helper: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
BHO-X64: 0x1 - No File
BHO-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
BHO-X64: MediaBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
BHO-X64: Yontoo Layers - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: BearShare MediaBar: {D3DEE18F-DB64-4BEB-9FF1-E1F0A5033E4A} - C:\Program Files (x86)\BearShare Applications\BearShare MediaBar\BearShareMediaBar.dll
TB-X64: Windows Live Toolbar: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files (x86)\Windows Live Toolbar\msntb.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\coIEPlg.dll
TB-X64: MediaBar: {c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
TB-X64: MediaBar: {d48c9ead-f59f-4dea-ac97-7065fea79f42} - C:\PROGRA~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
TB-X64: IMinent Toolbar: {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [EverioService] "C:\Program Files (x86)\CyberLink\PCM4Everio\EverioService.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
mRun-x64: [Power2Go] C:\Users\DSTADTL1\AppData\Local\Temp\P2GODIR\setup.exe
mRun-x64: [Iminent] C:\Program Files (x86)\Iminent\Iminent.exe /warmup "F77F87E5-A6BD-4922-A530-EDF63D7E9F8C"
mRun-x64: [IminentMessenger] C:\Program Files (x86)\Iminent\Iminent.Messengers.exe /startup
AppInit_DLLs-X64:
.
============= SERVICES / DRIVERS ===============
.
R0 SMR250;Symantec SMR Utility Service 2.5.0;C:\Windows\system32\drivers\SMR250.SYS --> C:\Windows\system32\drivers\SMR250.SYS [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys [2012-4-17 1160824]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120502.001\IDSviA64.sys [2012-5-3 488568]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS [?]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;C:\Windows\system32\Drivers\NISx64\1307000.009\SYMTDIV.SYS --> C:\Windows\system32\Drivers\NISx64\1307000.009\SYMTDIV.SYS [?]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccsvchst.exe [2012-4-23 138232]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Windows\SMINST\BLService.exe [2008-8-4 361808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2008-12-25 24652]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-8-4 193840]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-12 138360]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-4-22 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-05-03 11:32:38 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1C167A0-1B79-430D-A185-05A29AF516BB}\offreg.dll
2012-05-03 11:22:42 8917360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A1C167A0-1B79-430D-A185-05A29AF516BB}\mpengine.dll
2012-05-03 11:20:27 -------- d-----w- C:\Program Files (x86)\Microsoft Antimalware
2012-05-03 00:41:47 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-03 00:39:33 -------- d-----w- C:\Program Files\Microsoft Security Essentials
2012-05-01 23:07:38 -------- d-----w- C:\Users\DSTADTL1\AppData\Roaming\com.w3i.FlipToast
2012-05-01 23:07:31 -------- d-sh--w- C:\AI_RecycleBin
2012-05-01 23:04:29 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-05-01 23:02:08 -------- d-----w- C:\Program Files (x86)\Bucksbee Loyalty Plugin - 100815
2012-04-24 02:27:17 96376 ----a-w- C:\Windows\System32\drivers\SMR250.SYS
2012-04-24 02:27:07 -------- d-----w- C:\Users\DSTADTL1\AppData\Local\NPE
2012-04-23 21:38:35 445560 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symtdiv.sys
2012-04-23 21:38:35 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symnets.sys
2012-04-23 21:38:34 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtsp64.sys
2012-04-23 21:38:34 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307000.009\symds64.sys
2012-04-23 21:38:34 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\srtspx64.sys
2012-04-23 21:38:34 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ironx64.sys
2012-04-23 21:38:34 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\ccsetx64.sys
2012-04-23 21:38:34 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307000.009\symefa64.sys
2012-04-23 21:38:20 -------- d-----w- C:\Windows\System32\drivers\NISx64\1307000.009
2012-04-13 00:35:49 -------- d-----w- C:\Users\DSTADTL1\AppData\Local\Microsoft Help
2012-04-12 07:02:44 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-04-12 07:02:30 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-04-12 07:02:30 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-04-12 07:02:30 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-04-12 07:02:30 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-04-12 07:02:30 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-04-12 07:02:30 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-04-12 07:02:30 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-04-11 10:21:35 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2012-04-11 10:21:35 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
.
==================== Find3M ====================
.
2012-04-03 22:05:49 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 06:44:18 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-22 21:56:09 1066544 ----a-w- C:\Windows\SysWow64\mfc71.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-17 19:06:02 2433400 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe
2012-02-14 16:49:43 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-02-14 16:49:43 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-02-14 15:45:30 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45:30 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-13 14:38:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-13 14:12:08 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-13 14:06:48 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-13 14:03:11 1555968 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-13 13:47:57 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-13 13:44:40 1068544 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-07 15:02:40 1070352 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
.
============= FINISH: 18:28:05.93 ===============




The problem Im having is th hapili virus and other browser redirects.......

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 06 May 2012 - 09:33 PM

ello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 DSTADTL12

DSTADTL12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 May 2012 - 10:53 AM

ComboFix 12-05-08.01 - DSTADTL1 05/08/2012 4:21.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4059.2155 [GMT -4:00]
Running from: c:\users\DSTADTL1\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\39BU65AO\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\FunWebProducts
c:\program files (x86)\IEToolbar
c:\program files (x86)\IEToolbar\ECO Bar\basis.xml
c:\program files (x86)\IEToolbar\ECO Bar\icons.bmp
c:\program files (x86)\IEToolbar\ECO Bar\info.txt
c:\program files (x86)\IEToolbar\ECO Bar\version.txt
c:\program files (x86)\IEToolbar\ECO Bar\your_logo.png
c:\program files (x86)\IMinent Toolbar\tbHElper.dll
c:\program files (x86)\MyWebSearch
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\runit
c:\program files (x86)\runit\config.txt
c:\programdata\ntuser.dat
c:\users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll
c:\users\DSTADTL1\AppData\Roaming\.#
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1050@6A2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1050@6A2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1368@29F2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1368@29F2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1528@B62748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1528@B62778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@153C@372748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@153C@372778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@15A4@26A2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@15A4@26A2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@16F8@2802748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@16F8@2802778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1724@392748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1724@392778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1850@26C2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1850@26C2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@185C@26C2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@185C@26C2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@18E8@202748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@18E8@202778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@19AC@1E2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@19AC@1E2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1A30@26C2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1A30@26C2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1A68@212748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1A68@212778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1B7C@26A2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1B7C@26A2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1D54@212748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1D54@212778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1D5C@1F2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1D5C@1F2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1DC0@1F2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1DC0@1F2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1DD8@2682748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1DD8@2682778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1EA0@2A2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1EA0@2A2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1EE0@312748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1EE0@312778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1F7C@2432748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@1F7C@2432778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@2208@2722748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@2208@2722778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@23F8@2802748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@23F8@2802778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@26AC@2362748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@26AC@2362778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@47E8@2852748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@47E8@2852778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@650@2212748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@650@2212778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@9A8@682748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@9A8@682778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@B00@25D2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@B00@25D2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@C48@2722748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@C48@2722778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@EB8@21D2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@EB8@21D2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@EE8@2672748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@EE8@2672778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FA8@2182748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FA8@2182778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FB8@3F2748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FB8@3F2778.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FF4@242748.###
c:\users\DSTADTL1\AppData\Roaming\.#\MBX@FF4@242778.###
c:\users\DSTADTL1\AppData\Roaming\inst.exe
c:\users\DSTADTL1\AppData\Roaming\vso_ts_preview.xml
c:\users\DSTADTL1\Desktop\Internet Explorer.lnk
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\13vCwO8.vbs
c:\windows\SysWow64\avifil3232.dll
c:\windows\SysWow64\c_iscii32.dll
c:\windows\SysWow64\CABVIEW32.DLL
c:\windows\SysWow64\CATSRVUT32.DLL
c:\windows\SysWow64\CERTCLI32.DLL
c:\windows\SysWow64\cewmdm32.dll
c:\windows\SysWow64\cfgmgr3232.dll
c:\windows\SysWow64\chtbrkr32.dll
c:\windows\SysWow64\cic32.dll
c:\windows\SysWow64\clfsw3232.dll
c:\windows\SysWow64\cmdial3232.dll
c:\windows\SysWow64\cmpbk3232.dll
c:\windows\SysWow64\CNVFAT32.DLL
c:\windows\SysWow64\comctl3232.dll
c:\windows\SysWow64\COMPATUI32.DLL
c:\windows\SysWow64\COMPSTUI32.DLL
c:\windows\SysWow64\COMSNAP32.DLL
c:\windows\SysWow64\COMUID32.DLL
c:\windows\SysWow64\CONSOLE32.DLL
c:\windows\SysWow64\CORPOL32.DLL
c:\windows\SysWow64\CRYPT3232.DLL
c:\windows\SysWow64\cryptnet32.dll
c:\windows\SysWow64\cryptnet3232.dll
c:\windows\SysWow64\cscapi3232.dll
c:\windows\SysWow64\CV3232.dll
c:\windows\SysWow64\d3d10_13232.dll
c:\windows\SysWow64\d3d1032.dll
c:\windows\SysWow64\d3d103232.dll
c:\windows\SysWow64\d3d93232.dll
c:\windows\SysWow64\D3DIM32.DLL
c:\windows\SysWow64\D3DRAMP32.DLL
c:\windows\SysWow64\d3dramp3232.dll
c:\windows\SysWow64\d3dx9_3232.dll
c:\windows\SysWow64\d3dxof3232.dll
c:\windows\SysWow64\davclnt3232.dll
c:\windows\SysWow64\DBGHELP32.DLL
c:\windows\SysWow64\dciman3232.dll
c:\windows\SysWow64\DCIMAN323232.DLL
c:\windows\SysWow64\ddraw32.dll
c:\windows\SysWow64\ddraw3232.dll
c:\windows\SysWow64\DDRAWEX32.DLL
c:\windows\SysWow64\deskadp32.dll
c:\windows\SysWow64\deskadp3232.dll
c:\windows\SysWow64\devmgr32.dll
c:\windows\SysWow64\dfrgifps3232.dll
c:\windows\SysWow64\dfshim32.dll
c:\windows\SysWow64\DINPUT32.DLL
c:\windows\SysWow64\dinput3232.dll
c:\windows\SysWow64\diskcopy32.dll
c:\windows\SysWow64\dispex3232.dll
c:\windows\SysWow64\divx_xx0a3232.dll
c:\windows\SysWow64\divx_xx113232.dll
c:\windows\SysWow64\DMBAND32.DLL
c:\windows\SysWow64\dmband3232.dll
c:\windows\SysWow64\dmcompos3232.dll
c:\windows\SysWow64\DMDLGS32.DLL
c:\windows\SysWow64\dmdlgs3232.dll
c:\windows\SysWow64\dmdskres3232.dll
c:\windows\SysWow64\DMIME32.DLL
c:\windows\SysWow64\dmime3232.dll
c:\windows\SysWow64\dmintf3232.dll
c:\windows\SysWow64\dmintf323232.dll
c:\windows\SysWow64\dmocx32.dll
c:\windows\SysWow64\dmstyle3232.dll
c:\windows\SysWow64\DMSYNTH32.DLL
c:\windows\SysWow64\DMUSIC32.DLL
c:\windows\SysWow64\dmvdsitf3232.dll
c:\windows\SysWow64\DNSAPI32.DLL
c:\windows\SysWow64\dnsapi3232.dll
c:\windows\SysWow64\dnssd3232.dll
c:\windows\SysWow64\dot3gpclnt3232.dll
c:\windows\SysWow64\dot3msm32.dll
c:\windows\SysWow64\dot3msm3232.dll
c:\windows\SysWow64\dpl1003232.dll
c:\windows\SysWow64\DPMODEMX32.DLL
c:\windows\SysWow64\dpmodemx3232.dll
c:\windows\SysWow64\dpnet3232.dll
c:\windows\SysWow64\dpnhupnp32.dll
c:\windows\SysWow64\dpu103232.dll
c:\windows\SysWow64\dpv113232.dll
c:\windows\SysWow64\DPWSOCKX32.DLL
c:\windows\SysWow64\dpx3232.dll
c:\windows\SysWow64\drmv2clt3232.dll
c:\windows\SysWow64\drvstore3232.dll
c:\windows\SysWow64\DS16GT32.DLL
c:\windows\SysWow64\DS32GT32.DLL
c:\windows\SysWow64\ds32gt3232.dll
c:\windows\SysWow64\dsauth3232.dll
c:\windows\SysWow64\dsauth323232.dll
c:\windows\SysWow64\DSKQUOTA32.DLL
c:\windows\SysWow64\dskquota3232.dll
c:\windows\SysWow64\DSOUND32.DLL
c:\windows\SysWow64\dsound3232.dll
c:\windows\SysWow64\dsprop3232.dll
c:\windows\SysWow64\dsprop323232.dll
c:\windows\SysWow64\dsquery32.dll
c:\windows\SysWow64\dsquery3232.dll
c:\windows\SysWow64\DSSENH32.DLL
c:\windows\SysWow64\dswave3232.dll
c:\windows\SysWow64\dwmapi3232.dll
c:\windows\SysWow64\dxgi3232.dll
c:\windows\SysWow64\dxmasf3232.dll
c:\windows\SysWow64\eapp3hst3232.dll
c:\windows\SysWow64\eapphost3232.dll
c:\windows\SysWow64\els3232.dll
c:\windows\SysWow64\es32.dll
c:\windows\SysWow64\esent3232.dll
c:\windows\SysWow64\eventcls3232.dll
c:\windows\SysWow64\gdi3232.dll
c:\windows\SysWow64\gdi323232.dll
c:\windows\SysWow64\glu3232.dll
c:\windows\SysWow64\glu323232.dll
c:\windows\SysWow64\gptext32.dll
c:\windows\SysWow64\gptext3232.dll
c:\windows\SysWow64\hhsetup32.dll
c:\windows\SysWow64\hhsetup3232.dll
c:\windows\SysWow64\hlink32.dll
c:\windows\SysWow64\HLP95EN32.dll
c:\windows\SysWow64\hlp95en3232.dll
c:\windows\SysWow64\hnetmon3232.dll
c:\windows\SysWow64\iasnap32.dll
c:\windows\SysWow64\kjcVCsyrZLef8.vbs
.
.
((((((((((((((((((((((((( Files Created from 2012-04-08 to 2012-05-08 )))))))))))))))))))))))))))))))
.
.
2012-05-08 08:37 . 2012-05-08 08:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-08 08:16 . 2012-05-08 08:16 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7014332-47CE-422F-9963-743BFBFB35B4}\offreg.dll
2012-05-08 00:13 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A7014332-47CE-422F-9963-743BFBFB35B4}\mpengine.dll
2012-05-06 12:48 . 2012-05-06 12:48 -------- d-----w- c:\program files (x86)\Free Offers from Freeze.com
2012-05-04 11:27 . 2012-04-13 05:46 8917360 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-05-03 11:20 . 2012-05-03 11:20 -------- d-----w- c:\program files (x86)\Microsoft Antimalware
2012-05-03 00:41 . 2012-01-31 12:44 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-03 00:39 . 2012-05-03 11:20 -------- d-----w- c:\program files\Microsoft Security Essentials
2012-05-01 23:07 . 2012-05-01 23:07 -------- d-----w- c:\users\DSTADTL1\AppData\Roaming\com.w3i.FlipToast
2012-05-01 23:07 . 2012-05-01 23:07 -------- d-----w- C:\AI_RecycleBin
2012-05-01 23:04 . 2012-05-01 23:07 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2012-05-01 23:02 . 2012-05-01 23:06 -------- d-----w- c:\program files (x86)\Bucksbee Loyalty Plugin - 100815
2012-04-24 02:27 . 2012-04-24 02:27 96376 ----a-w- c:\windows\system32\drivers\SMR250.SYS
2012-04-24 02:27 . 2012-05-07 01:59 -------- d-----w- c:\users\DSTADTL1\AppData\Local\NPE
2012-04-23 21:38 . 2012-04-24 02:01 -------- d-----w- c:\windows\system32\drivers\NISx64\1307000.009
2012-04-13 00:35 . 2012-04-13 00:35 -------- d-----w- c:\users\DSTADTL1\AppData\Local\Microsoft Help
2012-04-12 07:02 . 2012-03-06 06:44 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 07:02 . 2012-02-29 15:37 5632 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 07:02 . 2012-02-29 15:37 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 07:02 . 2012-02-29 15:35 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 07:02 . 2012-02-29 15:11 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-12 07:02 . 2012-02-29 15:11 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 07:02 . 2012-02-29 15:09 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 07:02 . 2012-02-29 13:52 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-11 10:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2012-04-11 10:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-03 22:05 . 2011-09-09 19:10 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-23 06:44 . 2011-02-18 13:41 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-22 21:56 . 2008-08-04 09:05 1066544 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-17 19:06 . 2012-02-17 19:06 2433400 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe
2012-02-14 16:49 . 2012-03-14 04:41 327680 ----a-w- c:\windows\system32\d3d10_1core.dll
2012-02-14 16:49 . 2012-03-14 04:41 196096 ----a-w- c:\windows\system32\d3d10_1.dll
2012-02-14 15:45 . 2012-03-14 04:41 219648 ----a-w- c:\windows\SysWow64\d3d10_1core.dll
2012-02-14 15:45 . 2012-03-14 04:41 160768 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-02-13 14:38 . 2012-03-14 04:41 2002944 ----a-w- c:\windows\system32\d3d10warp.dll
2012-02-13 14:12 . 2012-03-14 04:41 1172480 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2012-02-13 14:06 . 2012-03-14 04:41 834048 ----a-w- c:\windows\system32\d2d1.dll
2012-02-13 14:03 . 2012-03-14 04:41 1555968 ----a-w- c:\windows\system32\DWrite.dll
2012-02-13 13:47 . 2012-03-14 04:41 683008 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-02-13 13:44 . 2012-03-14 04:41 1068544 ----a-w- c:\windows\SysWow64\DWrite.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{58124A0B-DC32-4180-9BFF-E0E21AE34026}]
2010-07-02 13:54 2607872 ----a-w- c:\program files (x86)\IMinent Toolbar\tbcore3.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{977AE9CC-AF83-45E8-9E03-E2798216E2D5}"= "c:\program files (x86)\IMinent Toolbar\tbcore3.dll" [2010-07-02 2607872]
.
[HKEY_CLASSES_ROOT\clsid\{977ae9cc-af83-45e8-9e03-e2798216e2d5}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620.3]
[HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
[HKEY_CLASSES_ROOT\TBSB01620.TBSB01620]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-03-06 740216]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-03-26 49152]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"EverioService"="c:\program files (x86)\CyberLink\PCM4Everio\EverioService.exe" [2007-11-01 151552]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-06-16 75008]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-19 421888]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-02 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-01-16 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2007-10-17 128296]
"Iminent"="c:\program files (x86)\Iminent\Iminent.exe" [2011-12-23 445416]
"IminentMessenger"="c:\program files (x86)\Iminent\Iminent.Messengers.exe" [2011-12-23 881144]
.
c:\users\DSTADTL1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-9-13 576000]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2008-12-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files (x86)\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 16:20]
.
2012-04-18 c:\windows\Tasks\HPCeeScheduleForDSTADTL1.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 181784]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-28 443904]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-02-21 1446496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://downloads.phpnuke.org/en/index.php?rvs=hompag
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Windows Live Search - c:\program files (x86)\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.111.16.25 68.111.16.30
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{dd02a4eb-4afd-4d60-99d8-e67f964ca813} - (no file)
URLSearchHooks-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
BHO-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
BHO-{d48c9ead-f59f-4dea-ac97-7065fea79f42} - c:\progra~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
Toolbar-{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} - c:\progra~2\BEARSH~1\MediaBar\ToolBar\bsdtxmltbpi.dll
Toolbar-10 - (no file)
Toolbar-{d48c9ead-f59f-4dea-ac97-7065fea79f42} - c:\progra~2\SHAREA~1\MediaBar\ToolBar\shdtxmltbpi.dll
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKCU-Run-HideMyIP - c:\program files (x86)\Hide My IP\HideMyIP.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKCU-Run-Apple - c:\users\DSTADTL1\AppData\Local\Apple Computer\Apple\qnrxtf.dll
Toolbar-10 - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-05-08 04:40:26
ComboFix-quarantined-files.txt 2012-05-08 08:40
.
Pre-Run: 20,451,004,416 bytes free
Post-Run: 21,463,515,136 bytes free
.
- - End Of File - - E09A77F3B69353674087C3279E158963





Everything looks great will donate friday

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 08 May 2012 - 12:18 PM

Greetings

that took out allot of stuff, i want to run these to make sure there is nothing left

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 DSTADTL12

DSTADTL12
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:20 PM

Posted 08 May 2012 - 03:10 PM

16:07:50.0674 6120 TDSS rootkit removing tool 2.7.34.0 May 2 2012 09:59:18
16:07:52.0161 6120 ============================================================
16:07:52.0161 6120 Current date / time: 2012/05/08 16:07:52.0161
16:07:52.0161 6120 SystemInfo:
16:07:52.0161 6120
16:07:52.0162 6120 OS Version: 6.0.6002 ServicePack: 2.0
16:07:52.0162 6120 Product type: Workstation
16:07:52.0162 6120 ComputerName: DSTADTL1-PC
16:07:52.0162 6120 UserName: DSTADTL1
16:07:52.0162 6120 Windows directory: C:\Windows
16:07:52.0162 6120 System windows directory: C:\Windows
16:07:52.0163 6120 Running under WOW64
16:07:52.0163 6120 Processor architecture: Intel x64
16:07:52.0163 6120 Number of processors: 2
16:07:52.0163 6120 Page size: 0x1000
16:07:52.0163 6120 Boot type: Normal boot
16:07:52.0163 6120 ============================================================


Everything looks good no problems
16:07:53.0566 6120 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:07:53.0574 6120 ============================================================
16:07:53.0574 6120 \Device\Harddisk0\DR0:
16:07:53.0574 6120 MBR partitions:
16:07:53.0574 6120 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB4B7C1
16:07:53.0574 6120 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB4B800, BlocksNum 0x1678800
16:07:53.0574 6120 ============================================================
16:07:53.0582 6120 C: <-> \Device\Harddisk0\DR0\Partition0
16:07:53.0671 6120 D: <-> \Device\Harddisk0\DR0\Partition1
16:07:53.0671 6120 ============================================================
16:07:53.0671 6120 Initialize success
16:07:53.0671 6120 ============================================================
16:07:55.0600 4240 ============================================================
16:07:55.0600 4240 Scan started
16:07:55.0600 4240 Mode: Manual;
16:07:55.0600 4240 ============================================================
16:07:57.0213 4240 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
16:07:57.0216 4240 Accelerometer - ok
16:07:57.0283 4240 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
16:07:57.0290 4240 ACPI - ok
16:07:57.0383 4240 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
16:07:57.0424 4240 adp94xx - ok
16:07:57.0490 4240 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
16:07:57.0511 4240 adpahci - ok
16:07:57.0540 4240 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
16:07:57.0544 4240 adpu160m - ok
16:07:57.0604 4240 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
16:07:57.0610 4240 adpu320 - ok
16:07:57.0655 4240 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
16:07:57.0657 4240 AeLookupSvc - ok
16:07:57.0837 4240 AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe
16:07:57.0841 4240 AESTFilters - ok
16:07:57.0934 4240 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
16:07:57.0959 4240 AFD - ok
16:07:57.0998 4240 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
16:07:58.0001 4240 AgereModemAudio - ok
16:07:58.0160 4240 AgereSoftModem (3627a62b10284ffbf862bfd49928edf4) C:\Windows\system32\DRIVERS\agrsm64.sys
16:07:58.0208 4240 AgereSoftModem - ok
16:07:58.0273 4240 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
16:07:58.0277 4240 agp440 - ok
16:07:58.0356 4240 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
16:07:58.0404 4240 aic78xx - ok
16:07:58.0441 4240 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
16:07:58.0446 4240 ALG - ok
16:07:58.0499 4240 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
16:07:58.0503 4240 aliide - ok
16:07:58.0515 4240 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
16:07:58.0519 4240 amdide - ok
16:07:58.0552 4240 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
16:07:58.0556 4240 AmdK8 - ok
16:07:58.0569 4240 ApfiltrService - ok
16:07:58.0639 4240 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
16:07:58.0641 4240 Appinfo - ok
16:07:58.0794 4240 Apple Mobile Device (3debbecf665dcdde3a95d9b902010817) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
16:07:58.0797 4240 Apple Mobile Device - ok
16:07:58.0891 4240 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
16:07:58.0897 4240 arc - ok
16:07:58.0934 4240 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
16:07:58.0939 4240 arcsas - ok
16:07:59.0002 4240 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
16:07:59.0005 4240 AsyncMac - ok
16:07:59.0030 4240 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
16:07:59.0032 4240 atapi - ok
16:07:59.0139 4240 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:07:59.0188 4240 AudioEndpointBuilder - ok
16:07:59.0206 4240 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
16:07:59.0215 4240 AudioSrv - ok
16:07:59.0437 4240 BCM43XV (b66ca2eee39ffa05fc99403653819bc6) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:07:59.0463 4240 BCM43XV - ok
16:07:59.0490 4240 BCM43XX (b66ca2eee39ffa05fc99403653819bc6) C:\Windows\system32\DRIVERS\bcmwl664.sys
16:07:59.0500 4240 BCM43XX - ok
16:07:59.0521 4240 Beep - ok
16:07:59.0601 4240 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
16:07:59.0627 4240 BFE - ok
16:07:59.0993 4240 BHDrvx64 (5b1fe9d351c284701c8051da2aa81df6) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\BASHDefs\20120413.001\BHDrvx64.sys
16:08:00.0036 4240 BHDrvx64 - ok
16:08:00.0352 4240 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
16:08:00.0394 4240 BITS - ok
16:08:00.0457 4240 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
16:08:00.0461 4240 blbdrive - ok
16:08:00.0616 4240 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
16:08:00.0647 4240 Bonjour Service - ok
16:08:00.0722 4240 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
16:08:00.0727 4240 bowser - ok
16:08:00.0803 4240 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
16:08:00.0807 4240 BrFiltLo - ok
16:08:00.0831 4240 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
16:08:00.0834 4240 BrFiltUp - ok
16:08:00.0878 4240 Bridge (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
16:08:00.0890 4240 Bridge - ok
16:08:00.0917 4240 BridgeMP (71142fa02068cb93c9319417737c915d) C:\Windows\system32\DRIVERS\bridge.sys
16:08:00.0920 4240 BridgeMP - ok
16:08:00.0979 4240 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
16:08:00.0983 4240 Browser - ok
16:08:01.0018 4240 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
16:08:01.0032 4240 Brserid - ok
16:08:01.0064 4240 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
16:08:01.0068 4240 BrSerWdm - ok
16:08:01.0146 4240 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
16:08:01.0150 4240 BrUsbMdm - ok
16:08:01.0171 4240 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
16:08:01.0176 4240 BrUsbSer - ok
16:08:01.0203 4240 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
16:08:01.0207 4240 BthEnum - ok
16:08:01.0251 4240 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
16:08:01.0255 4240 BTHMODEM - ok
16:08:01.0306 4240 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
16:08:01.0318 4240 BthPan - ok
16:08:01.0386 4240 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
16:08:01.0441 4240 BTHPORT - ok
16:08:01.0482 4240 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
16:08:01.0485 4240 BthServ - ok
16:08:01.0510 4240 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
16:08:01.0515 4240 BTHUSB - ok
16:08:01.0546 4240 catchme - ok
16:08:01.0667 4240 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307000.009\ccSetx64.sys
16:08:01.0723 4240 ccSet_NIS - ok
16:08:01.0768 4240 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
16:08:01.0772 4240 cdfs - ok
16:08:01.0837 4240 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
16:08:01.0852 4240 cdrom - ok
16:08:01.0902 4240 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:08:01.0905 4240 CertPropSvc - ok
16:08:01.0986 4240 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
16:08:01.0990 4240 circlass - ok
16:08:02.0067 4240 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
16:08:02.0096 4240 CLFS - ok
16:08:02.0165 4240 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:02.0182 4240 clr_optimization_v2.0.50727_32 - ok
16:08:02.0247 4240 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:08:02.0294 4240 clr_optimization_v2.0.50727_64 - ok
16:08:02.0375 4240 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:08:02.0379 4240 clr_optimization_v4.0.30319_32 - ok
16:08:02.0428 4240 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:08:02.0432 4240 clr_optimization_v4.0.30319_64 - ok
16:08:02.0466 4240 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:02.0469 4240 CmBatt - ok
16:08:02.0492 4240 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
16:08:02.0495 4240 cmdide - ok
16:08:02.0602 4240 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
16:08:02.0608 4240 Com4QLBEx - ok
16:08:02.0620 4240 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
16:08:02.0624 4240 Compbatt - ok
16:08:02.0637 4240 COMSysApp - ok
16:08:02.0657 4240 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
16:08:02.0661 4240 crcdisk - ok
16:08:02.0754 4240 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
16:08:02.0793 4240 CryptSvc - ok
16:08:02.0933 4240 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:08:02.0953 4240 DcomLaunch - ok
16:08:02.0994 4240 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
16:08:03.0009 4240 DfsC - ok
16:08:03.0545 4240 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
16:08:03.0662 4240 DFSR - ok
16:08:03.0911 4240 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
16:08:03.0920 4240 Dhcp - ok
16:08:03.0978 4240 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
16:08:03.0994 4240 disk - ok
16:08:04.0052 4240 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
16:08:04.0063 4240 Dnscache - ok
16:08:04.0120 4240 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
16:08:04.0128 4240 dot3svc - ok
16:08:04.0194 4240 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
16:08:04.0213 4240 Dot4 - ok
16:08:04.0254 4240 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
16:08:04.0258 4240 Dot4Print - ok
16:08:04.0297 4240 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
16:08:04.0299 4240 dot4usb - ok
16:08:04.0339 4240 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
16:08:04.0352 4240 DPS - ok
16:08:04.0393 4240 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
16:08:04.0395 4240 drmkaud - ok
16:08:04.0529 4240 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
16:08:04.0543 4240 DXGKrnl - ok
16:08:04.0590 4240 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
16:08:04.0602 4240 E1G60 - ok
16:08:04.0633 4240 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
16:08:04.0635 4240 EapHost - ok
16:08:04.0705 4240 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
16:08:04.0736 4240 Ecache - ok
16:08:04.0847 4240 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
16:08:04.0880 4240 eeCtrl - ok
16:08:04.0950 4240 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
16:08:04.0966 4240 ehRecvr - ok
16:08:05.0001 4240 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
16:08:05.0010 4240 ehSched - ok
16:08:05.0041 4240 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
16:08:05.0042 4240 ehstart - ok
16:08:05.0078 4240 ElbyCDIO (9a47ac3dfcf81d30922cdaaf1c2d579f) C:\Windows\system32\Drivers\ElbyCDIO.sys
16:08:05.0082 4240 ElbyCDIO - ok
16:08:05.0150 4240 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
16:08:05.0182 4240 elxstor - ok
16:08:05.0267 4240 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
16:08:05.0298 4240 EMDMgmt - ok
16:08:05.0344 4240 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
16:08:05.0349 4240 enecir - ok
16:08:05.0418 4240 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
16:08:05.0428 4240 EraserUtilRebootDrv - ok
16:08:05.0455 4240 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
16:08:05.0458 4240 ErrDev - ok
16:08:05.0543 4240 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
16:08:05.0583 4240 EventSystem - ok
16:08:05.0650 4240 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
16:08:05.0664 4240 exfat - ok
16:08:05.0771 4240 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
16:08:05.0783 4240 fastfat - ok
16:08:05.0812 4240 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
16:08:05.0816 4240 fdc - ok
16:08:05.0850 4240 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
16:08:05.0853 4240 fdPHost - ok
16:08:05.0874 4240 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
16:08:05.0875 4240 FDResPub - ok
16:08:05.0895 4240 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
16:08:05.0897 4240 FileInfo - ok
16:08:05.0912 4240 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
16:08:05.0914 4240 Filetrace - ok
16:08:06.0031 4240 FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
16:08:06.0045 4240 FLEXnet Licensing Service - ok
16:08:06.0068 4240 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
16:08:06.0070 4240 flpydisk - ok
16:08:06.0123 4240 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
16:08:06.0138 4240 FltMgr - ok
16:08:06.0293 4240 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
16:08:06.0326 4240 FontCache - ok
16:08:06.0393 4240 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:08:06.0395 4240 FontCache3.0.0.0 - ok
16:08:06.0447 4240 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
16:08:06.0448 4240 Fs_Rec - ok
16:08:06.0488 4240 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
16:08:06.0491 4240 gagp30kx - ok
16:08:06.0544 4240 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
16:08:06.0547 4240 GEARAspiWDM - ok
16:08:06.0680 4240 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
16:08:06.0749 4240 gpsvc - ok
16:08:06.0805 4240 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
16:08:06.0827 4240 HdAudAddService - ok
16:08:06.0991 4240 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
16:08:07.0025 4240 HDAudBus - ok
16:08:07.0054 4240 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
16:08:07.0058 4240 HidBth - ok
16:08:07.0086 4240 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
16:08:07.0090 4240 HidIr - ok
16:08:07.0129 4240 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
16:08:07.0132 4240 hidserv - ok
16:08:07.0167 4240 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
16:08:07.0170 4240 HidUsb - ok
16:08:07.0281 4240 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
16:08:07.0296 4240 hkmsvc - ok
16:08:07.0374 4240 HP Health Check Service (89f9e1984c1cd9e5f4fe39642d886e11) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
16:08:07.0376 4240 HP Health Check Service - ok
16:08:07.0425 4240 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
16:08:07.0430 4240 HpCISSs - ok
16:08:07.0444 4240 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
16:08:07.0450 4240 hpdskflt - ok
16:08:07.0546 4240 hpqcxs08 (ed377b3c83fdea8d906109a085d219ba) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
16:08:07.0549 4240 hpqcxs08 - ok
16:08:07.0603 4240 hpqddsvc (ee4c7a4cf2316701ffde90f404520265) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
16:08:07.0605 4240 hpqddsvc - ok
16:08:07.0628 4240 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
16:08:07.0630 4240 HpqKbFiltr - ok
16:08:07.0660 4240 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
16:08:07.0662 4240 hpqwmiex - ok
16:08:07.0683 4240 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
16:08:07.0684 4240 hpsrv - ok
16:08:07.0729 4240 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
16:08:07.0754 4240 HSFHWAZL - ok
16:08:07.0963 4240 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
16:08:08.0002 4240 HSF_DPV - ok
16:08:08.0171 4240 HTCAND64 (894a75a3d6bfd97d73bf60d3022b567a) C:\Windows\system32\Drivers\ANDROIDUSB.sys
16:08:08.0174 4240 HTCAND64 - ok
16:08:08.0229 4240 htcnprot (4f6c3122817049997cd696d4a38bfacb) C:\Windows\system32\DRIVERS\htcnprot.sys
16:08:08.0233 4240 htcnprot - ok
16:08:08.0334 4240 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
16:08:08.0357 4240 HTTP - ok
16:08:08.0393 4240 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
16:08:08.0395 4240 i2omp - ok
16:08:08.0436 4240 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
16:08:08.0452 4240 i8042prt - ok
16:08:08.0527 4240 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
16:08:08.0543 4240 iaStorV - ok
16:08:08.0652 4240 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
16:08:08.0668 4240 IDriverT - ok
16:08:08.0947 4240 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:08:08.0978 4240 idsvc - ok
16:08:09.0304 4240 IDSVia64 (4e9e0e5a3b0efeb27491c26be1d97fda) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\IPSDefs\20120507.001\IDSvia64.sys
16:08:09.0326 4240 IDSVia64 - ok
16:08:10.0154 4240 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
16:08:10.0365 4240 igfx - ok
16:08:10.0499 4240 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
16:08:10.0502 4240 iirsp - ok
16:08:10.0580 4240 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
16:08:10.0606 4240 IKEEXT - ok
16:08:10.0652 4240 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
16:08:10.0662 4240 IntcHdmiAddService - ok
16:08:10.0744 4240 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
16:08:10.0747 4240 intelide - ok
16:08:10.0776 4240 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
16:08:10.0777 4240 intelppm - ok
16:08:10.0806 4240 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
16:08:10.0821 4240 IPBusEnum - ok
16:08:10.0860 4240 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:10.0864 4240 IpFilterDriver - ok
16:08:10.0936 4240 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
16:08:10.0958 4240 iphlpsvc - ok
16:08:10.0974 4240 IpInIp - ok
16:08:11.0013 4240 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
16:08:11.0027 4240 IPMIDRV - ok
16:08:11.0063 4240 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
16:08:11.0067 4240 IPNAT - ok
16:08:11.0292 4240 iPod Service (ee4c2a137c7088911a8919effc9812e7) C:\Program Files\iPod\bin\iPodService.exe
16:08:11.0327 4240 iPod Service - ok
16:08:11.0347 4240 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
16:08:11.0350 4240 IRENUM - ok
16:08:11.0387 4240 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
16:08:11.0391 4240 isapnp - ok
16:08:11.0456 4240 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
16:08:11.0463 4240 iScsiPrt - ok
16:08:11.0487 4240 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
16:08:11.0491 4240 iteatapi - ok
16:08:11.0526 4240 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
16:08:11.0529 4240 iteraid - ok
16:08:11.0585 4240 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
16:08:11.0620 4240 JMCR - ok
16:08:11.0641 4240 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
16:08:11.0645 4240 kbdclass - ok
16:08:11.0709 4240 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
16:08:11.0712 4240 kbdhid - ok
16:08:11.0784 4240 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:08:11.0788 4240 KeyIso - ok
16:08:11.0875 4240 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
16:08:11.0900 4240 KSecDD - ok
16:08:11.0939 4240 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
16:08:11.0942 4240 ksthunk - ok
16:08:12.0035 4240 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
16:08:12.0051 4240 KtmRm - ok
16:08:12.0119 4240 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
16:08:12.0135 4240 LanmanServer - ok
16:08:12.0204 4240 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
16:08:12.0228 4240 LanmanWorkstation - ok
16:08:12.0291 4240 LightScribeService (984ecb68ed2a2b2e6a544e87e24fba2d) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
16:08:12.0295 4240 LightScribeService - ok
16:08:12.0325 4240 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
16:08:12.0330 4240 lltdio - ok
16:08:12.0400 4240 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
16:08:12.0417 4240 lltdsvc - ok
16:08:12.0435 4240 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
16:08:12.0439 4240 lmhosts - ok
16:08:12.0488 4240 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
16:08:12.0494 4240 LSI_FC - ok
16:08:12.0517 4240 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
16:08:12.0522 4240 LSI_SAS - ok
16:08:12.0551 4240 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
16:08:12.0556 4240 LSI_SCSI - ok
16:08:12.0582 4240 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
16:08:12.0586 4240 luafv - ok
16:08:12.0664 4240 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
16:08:12.0678 4240 mcdbus - ok
16:08:12.0746 4240 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
16:08:12.0753 4240 Mcx2Svc - ok
16:08:12.0790 4240 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
16:08:12.0794 4240 megasas - ok
16:08:12.0878 4240 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
16:08:12.0900 4240 MegaSR - ok
16:08:12.0923 4240 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:08:12.0927 4240 MMCSS - ok
16:08:12.0954 4240 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
16:08:12.0957 4240 Modem - ok
16:08:12.0981 4240 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
16:08:12.0984 4240 monitor - ok
16:08:13.0005 4240 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
16:08:13.0009 4240 mouclass - ok
16:08:13.0035 4240 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
16:08:13.0039 4240 mouhid - ok
16:08:13.0056 4240 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
16:08:13.0060 4240 MountMgr - ok
16:08:13.0106 4240 MpFilter (ad4afed3bc6c8054c856f06c2d87e59b) C:\Windows\system32\DRIVERS\MpFilter.sys
16:08:13.0117 4240 MpFilter - ok
16:08:13.0159 4240 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
16:08:13.0162 4240 mpio - ok
16:08:13.0181 4240 MpNWMon (303c359a3684399d996491c880c9dc89) C:\Windows\system32\DRIVERS\MpNWMon.sys
16:08:13.0183 4240 MpNWMon - ok
16:08:13.0203 4240 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
16:08:13.0206 4240 mpsdrv - ok
16:08:13.0281 4240 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
16:08:13.0300 4240 MpsSvc - ok
16:08:13.0307 4240 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
16:08:13.0309 4240 Mraid35x - ok
16:08:13.0358 4240 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
16:08:13.0371 4240 MRxDAV - ok
16:08:13.0403 4240 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
16:08:13.0406 4240 mrxsmb - ok
16:08:13.0451 4240 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:08:13.0468 4240 mrxsmb10 - ok
16:08:13.0483 4240 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:08:13.0486 4240 mrxsmb20 - ok
16:08:13.0525 4240 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
16:08:13.0527 4240 msahci - ok
16:08:13.0546 4240 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
16:08:13.0560 4240 msdsm - ok
16:08:13.0601 4240 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
16:08:13.0605 4240 MSDTC - ok
16:08:13.0645 4240 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
16:08:13.0647 4240 Msfs - ok
16:08:13.0668 4240 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
16:08:13.0670 4240 msisadrv - ok
16:08:13.0709 4240 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
16:08:13.0721 4240 MSiSCSI - ok
16:08:13.0726 4240 msiserver - ok
16:08:13.0769 4240 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
16:08:13.0771 4240 MSKSSRV - ok
16:08:13.0838 4240 MsMpSvc (4f87edd318e59ac3e5a00e329d7414ea) C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
16:08:13.0839 4240 MsMpSvc - ok
16:08:13.0861 4240 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
16:08:13.0864 4240 MSPCLOCK - ok
16:08:13.0876 4240 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
16:08:13.0878 4240 MSPQM - ok
16:08:13.0946 4240 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
16:08:13.0997 4240 MsRPC - ok
16:08:14.0019 4240 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
16:08:14.0021 4240 mssmbios - ok
16:08:14.0041 4240 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
16:08:14.0043 4240 MSTEE - ok
16:08:14.0067 4240 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
16:08:14.0070 4240 Mup - ok
16:08:14.0191 4240 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
16:08:14.0205 4240 napagent - ok
16:08:14.0281 4240 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
16:08:14.0294 4240 NativeWifiP - ok
16:08:14.0458 4240 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120507.038\ENG64.SYS
16:08:14.0468 4240 NAVENG - ok
16:08:14.0847 4240 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.5.1.2\Definitions\VirusDefs\20120507.038\EX64.SYS
16:08:14.0945 4240 NAVEX15 - ok
16:08:15.0242 4240 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
16:08:15.0273 4240 NDIS - ok
16:08:15.0312 4240 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
16:08:15.0315 4240 NdisTapi - ok
16:08:15.0337 4240 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
16:08:15.0341 4240 Ndisuio - ok
16:08:15.0403 4240 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
16:08:15.0423 4240 NdisWan - ok
16:08:15.0448 4240 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
16:08:15.0452 4240 NDProxy - ok
16:08:15.0492 4240 Net Driver HPZ12 (bd94210175c488f18add3e189ee9304c) C:\Windows\system32\HPZinw12.dll
16:08:15.0497 4240 Net Driver HPZ12 - ok
16:08:15.0527 4240 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
16:08:15.0531 4240 NetBIOS - ok
16:08:15.0592 4240 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
16:08:15.0629 4240 netbt - ok
16:08:15.0657 4240 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:08:15.0661 4240 Netlogon - ok
16:08:15.0777 4240 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
16:08:15.0848 4240 Netman - ok
16:08:15.0910 4240 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
16:08:15.0934 4240 netprofm - ok
16:08:16.0023 4240 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:16.0034 4240 NetTcpPortSharing - ok
16:08:16.0063 4240 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
16:08:16.0068 4240 nfrd960 - ok
16:08:16.0199 4240 NIS (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.0.9\ccSvcHst.exe
16:08:16.0203 4240 NIS - ok
16:08:16.0254 4240 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
16:08:16.0269 4240 NlaSvc - ok
16:08:16.0309 4240 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
16:08:16.0313 4240 Npfs - ok
16:08:16.0330 4240 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
16:08:16.0335 4240 nsi - ok
16:08:16.0360 4240 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
16:08:16.0364 4240 nsiproxy - ok
16:08:16.0645 4240 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
16:08:16.0775 4240 Ntfs - ok
16:08:17.0009 4240 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
16:08:17.0014 4240 NuidFltr - ok
16:08:17.0037 4240 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
16:08:17.0041 4240 Null - ok
16:08:17.0140 4240 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
16:08:17.0162 4240 NVENETFD - ok
16:08:17.0199 4240 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
16:08:17.0202 4240 nvraid - ok
16:08:17.0216 4240 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
16:08:17.0218 4240 nvstor - ok
16:08:17.0246 4240 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
16:08:17.0260 4240 nv_agp - ok
16:08:17.0263 4240 NwlnkFlt - ok
16:08:17.0271 4240 NwlnkFwd - ok
16:08:17.0385 4240 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:08:17.0402 4240 odserv - ok
16:08:17.0433 4240 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
16:08:17.0436 4240 ohci1394 - ok
16:08:17.0476 4240 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:17.0489 4240 ose - ok
16:08:17.0606 4240 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:08:17.0634 4240 p2pimsvc - ok
16:08:17.0647 4240 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:08:17.0655 4240 p2psvc - ok
16:08:17.0737 4240 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
16:08:17.0741 4240 Parport - ok
16:08:17.0779 4240 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
16:08:17.0780 4240 partmgr - ok
16:08:17.0856 4240 PassThru Service (5fbcc9eeefaca3019d5bd5979618f298) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
16:08:17.0859 4240 PassThru Service - ok
16:08:17.0893 4240 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
16:08:17.0898 4240 PcaSvc - ok
16:08:17.0956 4240 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
16:08:17.0974 4240 pci - ok
16:08:17.0990 4240 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
16:08:17.0993 4240 pciide - ok
16:08:18.0034 4240 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
16:08:18.0051 4240 pcmcia - ok
16:08:18.0093 4240 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
16:08:18.0096 4240 pcouffin - ok
16:08:18.0205 4240 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
16:08:18.0230 4240 PEAUTH - ok
16:08:18.0353 4240 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
16:08:18.0356 4240 PerfHost - ok
16:08:18.0565 4240 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
16:08:18.0618 4240 pla - ok
16:08:18.0689 4240 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
16:08:18.0752 4240 PlugPlay - ok
16:08:18.0780 4240 Pml Driver HPZ12 (7fe2afb17d91cf39843d6766ea31cfc7) C:\Windows\system32\HPZipm12.dll
16:08:18.0783 4240 Pml Driver HPZ12 - ok
16:08:18.0925 4240 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:08:18.0935 4240 PNRPAutoReg - ok
16:08:18.0950 4240 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
16:08:18.0961 4240 PNRPsvc - ok
16:08:19.0097 4240 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
16:08:19.0115 4240 PolicyAgent - ok
16:08:19.0201 4240 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
16:08:19.0214 4240 PptpMiniport - ok
16:08:19.0252 4240 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
16:08:19.0256 4240 Processor - ok
16:08:19.0308 4240 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
16:08:19.0325 4240 ProfSvc - ok
16:08:19.0366 4240 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:08:19.0370 4240 ProtectedStorage - ok
16:08:19.0420 4240 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
16:08:19.0423 4240 PSched - ok
16:08:19.0800 4240 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
16:08:19.0833 4240 ql2300 - ok
16:08:19.0879 4240 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
16:08:19.0895 4240 ql40xx - ok
16:08:20.0053 4240 QPCapSvc (6803b69c14696cc4907c5f77fbb04a14) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
16:08:20.0075 4240 QPCapSvc - ok
16:08:20.0107 4240 QPSched (95a0b86b9f1d27b613830864341a8252) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
16:08:20.0111 4240 QPSched - ok
16:08:20.0172 4240 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
16:08:20.0183 4240 QWAVE - ok
16:08:20.0212 4240 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
16:08:20.0216 4240 QWAVEdrv - ok
16:08:20.0243 4240 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
16:08:20.0246 4240 RasAcd - ok
16:08:20.0283 4240 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
16:08:20.0288 4240 RasAuto - ok
16:08:20.0337 4240 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:20.0350 4240 Rasl2tp - ok
16:08:20.0392 4240 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
16:08:20.0406 4240 RasMan - ok
16:08:20.0470 4240 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:20.0472 4240 RasPppoe - ok
16:08:20.0517 4240 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
16:08:20.0520 4240 RasSstp - ok
16:08:20.0581 4240 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
16:08:20.0605 4240 rdbss - ok
16:08:20.0624 4240 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:20.0626 4240 RDPCDD - ok
16:08:20.0671 4240 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
16:08:20.0713 4240 rdpdr - ok
16:08:20.0719 4240 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
16:08:20.0721 4240 RDPENCDD - ok
16:08:20.0781 4240 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
16:08:20.0789 4240 RDPWD - ok
16:08:20.0875 4240 Recovery Service for Windows (431723f23d0e065bef502389e8ffdc10) C:\Windows\SMINST\BLService.exe
16:08:20.0881 4240 Recovery Service for Windows - ok
16:08:20.0911 4240 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
16:08:20.0915 4240 RemoteAccess - ok
16:08:20.0975 4240 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
16:08:20.0990 4240 RemoteRegistry - ok
16:08:21.0023 4240 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
16:08:21.0027 4240 RFCOMM - ok
16:08:21.0148 4240 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
16:08:21.0154 4240 RichVideo - ok
16:08:21.0170 4240 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
16:08:21.0173 4240 RpcLocator - ok
16:08:21.0301 4240 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
16:08:21.0315 4240 RpcSs - ok
16:08:21.0351 4240 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
16:08:21.0356 4240 rspndr - ok
16:08:21.0410 4240 RTL8169 (bf55641fc2f759281b9bf59d5daa8fde) C:\Windows\system32\DRIVERS\Rtlh64.sys
16:08:21.0427 4240 RTL8169 - ok
16:08:21.0468 4240 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
16:08:21.0471 4240 SamSs - ok
16:08:21.0495 4240 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
16:08:21.0509 4240 sbp2port - ok
16:08:21.0574 4240 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
16:08:21.0613 4240 SCardSvr - ok
16:08:21.0787 4240 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
16:08:21.0819 4240 Schedule - ok
16:08:21.0860 4240 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
16:08:21.0862 4240 SCPolicySvc - ok
16:08:21.0929 4240 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
16:08:21.0940 4240 sdbus - ok
16:08:21.0987 4240 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
16:08:22.0010 4240 SDRSVC - ok
16:08:22.0028 4240 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
16:08:22.0033 4240 secdrv - ok
16:08:22.0060 4240 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
16:08:22.0066 4240 seclogon - ok
16:08:22.0091 4240 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
16:08:22.0096 4240 SENS - ok
16:08:22.0124 4240 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
16:08:22.0128 4240 Serenum - ok
16:08:22.0154 4240 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
16:08:22.0168 4240 Serial - ok
16:08:22.0188 4240 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
16:08:22.0192 4240 sermouse - ok
16:08:22.0245 4240 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
16:08:22.0327 4240 SessionEnv - ok
16:08:22.0346 4240 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
16:08:22.0348 4240 sffdisk - ok
16:08:22.0367 4240 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
16:08:22.0369 4240 sffp_mmc - ok
16:08:22.0387 4240 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
16:08:22.0389 4240 sffp_sd - ok
16:08:22.0407 4240 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
16:08:22.0409 4240 sfloppy - ok
16:08:22.0465 4240 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
16:08:22.0471 4240 SharedAccess - ok
16:08:22.0521 4240 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
16:08:22.0536 4240 ShellHWDetection - ok
16:08:22.0548 4240 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
16:08:22.0550 4240 SiSRaid2 - ok
16:08:22.0572 4240 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
16:08:22.0575 4240 SiSRaid4 - ok
16:08:22.0919 4240 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
16:08:22.0989 4240 slsvc - ok
16:08:23.0396 4240 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
16:08:23.0579 4240 SLUINotify - ok
16:08:23.0759 4240 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
16:08:23.0772 4240 Smb - ok
16:08:23.0834 4240 SMR250 (27f71f20e87fbf177c82ae924f9317f7) C:\Windows\system32\drivers\SMR250.SYS
16:08:23.0848 4240 SMR250 - ok
16:08:23.0908 4240 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
16:08:23.0914 4240 SNMPTRAP - ok
16:08:23.0966 4240 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
16:08:23.0970 4240 spldr - ok
16:08:24.0045 4240 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
16:08:24.0062 4240 Spooler - ok
16:08:24.0223 4240 SRTSP (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307000.009\SRTSP64.SYS
16:08:24.0247 4240 SRTSP - ok
16:08:24.0272 4240 SRTSPX (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307000.009\SRTSPX64.SYS
16:08:24.0276 4240 SRTSPX - ok
16:08:24.0369 4240 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
16:08:24.0390 4240 srv - ok
16:08:24.0447 4240 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
16:08:24.0466 4240 srv2 - ok
16:08:24.0520 4240 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
16:08:24.0531 4240 srvnet - ok
16:08:24.0584 4240 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
16:08:24.0592 4240 SSDPSRV - ok
16:08:24.0647 4240 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
16:08:24.0657 4240 SstpSvc - ok
16:08:24.0835 4240 STacSV (7dbd99805605a1eff5ae5997a190b385) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe
16:08:24.0845 4240 STacSV - ok
16:08:24.0951 4240 STHDA (96f8175849082158497505fb574953eb) C:\Windows\system32\DRIVERS\stwrt64.sys
16:08:25.0073 4240 STHDA - ok
16:08:25.0186 4240 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
16:08:25.0204 4240 stisvc - ok
16:08:25.0232 4240 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
16:08:25.0236 4240 swenum - ok
16:08:25.0332 4240 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
16:08:25.0348 4240 swprv - ok
16:08:25.0375 4240 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
16:08:25.0377 4240 Symc8xx - ok
16:08:25.0460 4240 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307000.009\SYMDS64.SYS
16:08:25.0476 4240 SymDS - ok
16:08:25.0635 4240 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307000.009\SYMEFA64.SYS
16:08:25.0739 4240 SymEFA - ok
16:08:25.0780 4240 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
16:08:25.0790 4240 SymEvent - ok
16:08:25.0826 4240 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307000.009\Ironx64.SYS
16:08:25.0834 4240 SymIRON - ok
16:08:25.0881 4240 SYMTDIv (a25fee245c78804601d83431386a0bee) C:\Windows\System32\Drivers\NISx64\1307000.009\SYMTDIV.SYS
16:08:25.0891 4240 SYMTDIv - ok
16:08:25.0917 4240 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
16:08:25.0920 4240 Sym_hi - ok
16:08:25.0930 4240 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
16:08:25.0932 4240 Sym_u3 - ok
16:08:26.0045 4240 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
16:08:26.0081 4240 SysMain - ok
16:08:26.0112 4240 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
16:08:26.0128 4240 TabletInputService - ok
16:08:26.0201 4240 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
16:08:26.0218 4240 TapiSrv - ok
16:08:26.0244 4240 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
16:08:26.0248 4240 TBS - ok
16:08:26.0480 4240 Tcpip (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\drivers\tcpip.sys
16:08:26.0503 4240 Tcpip - ok
16:08:26.0556 4240 Tcpip6 (2cc45d932bd193cd4117321d469ad6b2) C:\Windows\system32\DRIVERS\tcpip.sys
16:08:26.0580 4240 Tcpip6 - ok
16:08:26.0627 4240 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
16:08:26.0630 4240 tcpipreg - ok
16:08:26.0743 4240 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
16:08:26.0747 4240 TDPIPE - ok
16:08:26.0774 4240 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
16:08:26.0778 4240 TDTCP - ok
16:08:26.0829 4240 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
16:08:26.0841 4240 tdx - ok
16:08:26.0890 4240 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
16:08:26.0905 4240 TermDD - ok
16:08:27.0059 4240 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
16:08:27.0090 4240 TermService - ok
16:08:27.0162 4240 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
16:08:27.0165 4240 Themes - ok
16:08:27.0197 4240 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
16:08:27.0199 4240 THREADORDER - ok
16:08:27.0241 4240 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
16:08:27.0255 4240 TrkWks - ok
16:08:27.0300 4240 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
16:08:27.0301 4240 TrustedInstaller - ok
16:08:27.0333 4240 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:27.0335 4240 tssecsrv - ok
16:08:27.0363 4240 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
16:08:27.0365 4240 tunnel - ok
16:08:27.0393 4240 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
16:08:27.0397 4240 uagp35 - ok
16:08:27.0461 4240 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
16:08:27.0471 4240 udfs - ok
16:08:27.0486 4240 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
16:08:27.0489 4240 UI0Detect - ok
16:08:27.0517 4240 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
16:08:27.0519 4240 uliagpkx - ok
16:08:27.0562 4240 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
16:08:27.0588 4240 uliahci - ok
16:08:27.0661 4240 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
16:08:27.0673 4240 UlSata - ok
16:08:27.0702 4240 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
16:08:27.0746 4240 ulsata2 - ok
16:08:27.0800 4240 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
16:08:27.0802 4240 umbus - ok
16:08:27.0851 4240 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
16:08:27.0887 4240 upnphost - ok
16:08:27.0928 4240 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
16:08:27.0931 4240 USBAAPL64 - ok
16:08:27.0983 4240 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
16:08:27.0996 4240 usbaudio - ok
16:08:28.0050 4240 usbbus (e493a1ab49cec05e48828cf949a5a2c3) C:\Windows\system32\DRIVERS\lgx64bus.sys
16:08:28.0053 4240 usbbus - ok
16:08:28.0102 4240 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:28.0116 4240 usbccgp - ok
16:08:28.0153 4240 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
16:08:28.0167 4240 usbcir - ok
16:08:28.0207 4240 UsbDiag (0614c32187d0d12ad971d83df2eb9b53) C:\Windows\system32\DRIVERS\lgx64diag.sys
16:08:28.0209 4240 UsbDiag - ok
16:08:28.0253 4240 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
16:08:28.0258 4240 usbehci - ok
16:08:28.0339 4240 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
16:08:28.0361 4240 usbhub - ok
16:08:28.0392 4240 USBModem (ecc1f29b4d25ef757bd0986c6a0518d6) C:\Windows\system32\DRIVERS\lgx64modem.sys
16:08:28.0394 4240 USBModem - ok
16:08:28.0421 4240 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
16:08:28.0424 4240 usbohci - ok
16:08:28.0464 4240 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
16:08:28.0468 4240 usbprint - ok
16:08:28.0500 4240 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
16:08:28.0505 4240 usbscan - ok
16:08:28.0552 4240 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:28.0569 4240 USBSTOR - ok
16:08:28.0619 4240 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
16:08:28.0623 4240 usbuhci - ok
16:08:28.0713 4240 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
16:08:28.0743 4240 usbvideo - ok
16:08:28.0854 4240 usb_rndisx (1e36bb1a3c5aaf2aa9fa9a126df8c16c) C:\Windows\system32\DRIVERS\usb8023x.sys
16:08:28.0859 4240 usb_rndisx - ok
16:08:28.0902 4240 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
16:08:28.0908 4240 UxSms - ok
16:08:28.0965 4240 VClone (84bb306b7863883018d7f3eb0c453bd5) C:\Windows\system32\DRIVERS\VClone.sys
16:08:28.0969 4240 VClone - ok
16:08:29.0063 4240 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
16:08:29.0084 4240 vds - ok
16:08:29.0122 4240 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:29.0127 4240 vga - ok
16:08:29.0154 4240 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
16:08:29.0158 4240 VgaSave - ok
16:08:29.0177 4240 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
16:08:29.0179 4240 viaide - ok
16:08:29.0234 4240 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
16:08:29.0235 4240 Viewpoint Manager Service - ok
16:08:29.0267 4240 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
16:08:29.0270 4240 volmgr - ok
16:08:29.0386 4240 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
16:08:29.0405 4240 volmgrx - ok
16:08:29.0462 4240 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
16:08:29.0478 4240 volsnap - ok
16:08:29.0497 4240 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
16:08:29.0501 4240 vsmraid - ok
16:08:29.0669 4240 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
16:08:29.0753 4240 VSS - ok
16:08:29.0867 4240 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
16:08:29.0889 4240 W32Time - ok
16:08:29.0945 4240 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
16:08:29.0948 4240 WacomPen - ok
16:08:29.0995 4240 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:30.0009 4240 Wanarp - ok
16:08:30.0015 4240 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
16:08:30.0016 4240 Wanarpv6 - ok
16:08:30.0100 4240 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
16:08:30.0126 4240 wcncsvc - ok
16:08:30.0162 4240 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
16:08:30.0167 4240 WcsPlugInService - ok
16:08:30.0184 4240 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
16:08:30.0187 4240 Wd - ok
16:08:30.0231 4240 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
16:08:30.0235 4240 WDC_SAM - ok
16:08:30.0360 4240 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
16:08:30.0395 4240 Wdf01000 - ok
16:08:30.0423 4240 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:08:30.0440 4240 WdiServiceHost - ok
16:08:30.0445 4240 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
16:08:30.0453 4240 WdiSystemHost - ok
16:08:30.0505 4240 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
16:08:30.0520 4240 WebClient - ok
16:08:30.0582 4240 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
16:08:30.0590 4240 Wecsvc - ok
16:08:30.0616 4240 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
16:08:30.0621 4240 wercplsupport - ok
16:08:30.0658 4240 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
16:08:30.0665 4240 WerSvc - ok
16:08:30.0830 4240 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
16:08:30.0854 4240 winachsf - ok
16:08:30.0887 4240 WinDefend - ok
16:08:30.0898 4240 WinHttpAutoProxySvc - ok
16:08:30.0982 4240 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
16:08:30.0988 4240 Winmgmt - ok
16:08:31.0285 4240 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
16:08:31.0362 4240 WinRM - ok
16:08:31.0548 4240 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
16:08:31.0578 4240 Wlansvc - ok
16:08:31.0676 4240 WLSetupSvc (94a85e956a065e23e0010a6a7826243b) C:\Program Files (x86)\Windows Live\installer\WLSetupSvc.exe
16:08:31.0737 4240 WLSetupSvc - ok
16:08:31.0768 4240 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
16:08:31.0769 4240 WmiAcpi - ok
16:08:31.0889 4240 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
16:08:31.0908 4240 wmiApSrv - ok
16:08:31.0930 4240 WMPNetworkSvc - ok
16:08:31.0978 4240 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
16:08:31.0988 4240 WPCSvc - ok
16:08:32.0032 4240 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
16:08:32.0047 4240 WPDBusEnum - ok
16:08:32.0080 4240 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
16:08:32.0082 4240 WpdUsb - ok
16:08:32.0344 4240 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:08:32.0391 4240 WPFFontCache_v0400 - ok
16:08:32.0397 4240 WPRO_40_1340 - ok
16:08:32.0434 4240 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
16:08:32.0437 4240 ws2ifsl - ok
16:08:32.0494 4240 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
16:08:32.0499 4240 wscsvc - ok
16:08:32.0505 4240 WSearch - ok
16:08:32.0947 4240 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
16:08:33.0037 4240 wuauserv - ok
16:08:33.0250 4240 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:33.0264 4240 WUDFRd - ok
16:08:33.0302 4240 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
16:08:33.0309 4240 wudfsvc - ok
16:08:33.0359 4240 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
16:08:33.0404 4240 \Device\Harddisk0\DR0 - ok
16:08:33.0408 4240 Boot (0x1200) (ad9209f23a75c230a004f21717d6534d) \Device\Harddisk0\DR0\Partition0
16:08:33.0410 4240 \Device\Harddisk0\DR0\Partition0 - ok
16:08:33.0416 4240 Boot (0x1200) (2a23cd6373384cfce53d1c10f8d9fc80) \Device\Harddisk0\DR0\Partition1
16:08:33.0418 4240 \Device\Harddisk0\DR0\Partition1 - ok
16:08:33.0419 4240 ============================================================
16:08:33.0419 4240 Scan finished
16:08:33.0419 4240 ============================================================
16:08:33.0430 2504 Detected object count: 0
16:08:33.0430 2504 Actual detected object count: 0

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 08 May 2012 - 09:17 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 11 May 2012 - 01:39 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 13 May 2012 - 11:39 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,183 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:20 PM

Posted 17 May 2012 - 02:40 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users