Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect Virus: TDSSKiller didn't wrk


  • This topic is locked This topic is locked
18 replies to this topic

#1 Uniquename2

Uniquename2

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 15 May 2012 - 03:30 PM

So. here's my probblem:

When I try and click on any of the links provided by Google I get directed to one of about 20 different sites that are clearly not related to the link I was clicking on.
I have looked around and all the info I can find on redirect viruses is about 2-3 years old and don't seem to be working for me.

*I have tried running TDSSKiller, but it says that there are no infected files.
*I tried running aswMBR, but it appears to stop running when it encounters a specific .dll file (ill run it again and post the specifics if it would be of any help)
*I have run Windows Defender Offline and it did find some files which it deleted, but the problem persists.
*I attempted to download and run ComboFix, but my ESET antivirus softare keeps telling me that it is a potential threat (not sure if this is a false positive or if I'm just being paranoid now)
*I have tried going into cmd and typing ipconfig/dnsflush and then going into regedit, but I'm not computer savy enough to have the guts to modify anything in there (I'm assuming I would just make things worse.)

These are the only options I have come across so far, but none of them have appeared to do anything.

I came across this forum through my use of HijackThis so I'll load my savelog, but I'm not sure that is enough for anyone to figure this out.

Any help with this would be greatly appreciated.

Thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:30:04 PM, on 5/15/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11c_ActiveX.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ÿþ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [ACD Systems] rundll32.exe "C:\Users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll",DllRegisterServer
O4 - HKUS\S-1-5-18\..\Run: [ACD Systems] rundll32.exe "C:\Users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll",DllRegisterServer (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ACD Systems] rundll32.exe "C:\Users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll",DllRegisterServer (User 'Default user')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://pavilion.buttonredirect.hp.com
O15 - Trusted Zone: http://presario.buttonredirect.hp.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=724
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12726 bytes
+

Mod edit: Topic moved to a more appropriate forum ~ rigel

Edited by rigel, 15 May 2012 - 03:39 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 15 May 2012 - 11:29 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Uniquename2

Uniquename2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 16 May 2012 - 10:34 AM

THIS IS THE CHECKUP.TXT:

Results of screen317's Security Check version 0.99.32
Windows Vista x64 (UAC is enabled)
Out of date service pack!!
Internet Explorer 9
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Java™ 6 Update 29
Java version out of date!
Adobe Flash Player 10.1.82.76 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of date!
Mozilla Firefox (12.0.)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSASCui.exe
Windows Defender MSASCui.exe
``````````End of Log````````````





HERE IS DDS.TXT:



.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by BDUB at 8:29:31 on 2012-05-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8183.5910 [GMT -7:00]
.
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\oodag.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\WinMsgBalloonServer.exe
C:\Windows\SysWOW64\WinMsgBalloonClient.exe
C:\Windows\SysWOW64\BeepApp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\UltraMon\UltraMonUiAcc.exe
C:\Users\BDUB\Downloads\SecurityCheck.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent
uRun: [ACD Systems] rundll32.exe "C:\Users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll",DllRegisterServer
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [ACD Systems] rundll32.exe "C:\Users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll",DllRegisterServer
StartupFolder: C:\Users\BDUB\AppData\Roaming\MICROS~1\Windows\SendTo\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\UltraMon.lnk - C:\Windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com//activex/ractrl.cab?lmi=724
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{6DBFBAF2-1C7D-42D2-ADF4-559929B4432B} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9EEF9C22-A4AB-4B3B-9B21-AA282498267B} : DhcpNameServer = 192.168.1.1
Handler: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\BDUB\AppData\Roaming\Mozilla\Firefox\Profiles\56s2ti3a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\system32\drivers\ahcix64s.sys --> C:\Windows\system32\drivers\ahcix64s.sys [?]
R1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys --> C:\Windows\system32\DRIVERS\ehdrv.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/06/18 08:44:50];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2009-6-18 146928]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD_RAIDXpert;AMD RAIDXpert;C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe [2008-10-2 122880]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-5-14 731840]
R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HPBtnSrv;HP Easy Backup Button Service;C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe [2009-6-18 192512]
R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-7-1 290832]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atipmdag.sys --> C:\Windows\system32\DRIVERS\atipmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 HCW85BDA;Hauppauge WinTV 885 Video Capture;C:\Windows\system32\drivers\HCW85BDA.sys --> C:\Windows\system32\drivers\HCW85BDA.sys [?]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-8 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-8 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-14 129976]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-19 89920]
S4 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\Windows\system32\drivers\hcw85cir.sys --> C:\Windows\system32\drivers\hcw85cir.sys [?]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
regfile="regedit.exe" "%1"
.
=============== Created Last 30 ================
.
2012-05-15 19:57:38 388096 ----a-r- C:\Users\BDUB\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-15 19:57:37 -------- d-----w- C:\Program Files (x86)\Trend Micro
2012-05-15 18:49:17 -------- d-----w- C:\_OTM
2012-05-15 09:56:57 -------- d-----w- C:\Windows\Microsoft Antimalware
2012-05-15 06:05:21 -------- d-----w- C:\Program Files (x86)\Diablo III
2012-05-15 06:04:37 8917360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B916A5AF-05FE-48CE-A7C8-279367F7BA61}\mpengine.dll
2012-05-14 14:44:36 -------- d-----w- C:\Users\BDUB\AppData\Local\Vidalia
2012-05-14 14:43:33 -------- d-----w- C:\Users\BDUB\AppData\Roaming\tor
2012-05-13 11:47:48 1423744 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-05-13 11:44:59 4699520 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-13 11:44:58 2766848 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-03-20 23:34:30 72576 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-03-01 15:39:45 327680 ----a-w- C:\Windows\System32\d3d10_1core.dll
2012-03-01 15:39:45 196096 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-03-01 14:46:01 219648 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll
2012-03-01 14:46:01 160768 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-02-29 15:37:41 5632 ----a-w- C:\Windows\System32\wmi.dll
2012-02-29 15:37:38 219136 ----a-w- C:\Windows\System32\wintrust.dll
2012-02-29 15:35:44 78848 ----a-w- C:\Windows\System32\imagehlp.dll
2012-02-29 15:11:45 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-02-29 15:11:42 172032 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-02-29 15:09:53 157696 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-02-29 14:40:31 2002944 ----a-w- C:\Windows\System32\d3d10warp.dll
2012-02-29 14:09:35 834048 ----a-w- C:\Windows\System32\d2d1.dll
2012-02-29 14:08:47 1172480 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2012-02-29 14:06:08 1556480 ----a-w- C:\Windows\System32\DWrite.dll
2012-02-29 13:52:46 16384 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-02-29 13:44:50 683008 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-02-29 13:41:40 1069056 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-02-28 06:56:48 2311168 ----a-w- C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56 1390080 ----a-w- C:\Windows\System32\wininet.dll
2012-02-28 06:48:57 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55 1799168 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-02-23 17:18:36 279656 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 8:30:15.03 ===============





HERE IS ATTACH.TXT:




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/1/2009 3:34:03 PM
System Uptime: 5/16/2012 8:16:29 AM (0 hours ago)
.
Motherboard: MSI | | Aspen
Processor: AMD Phenom™ 9650 Quad-Core Processor | Socket AM2 | 1200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 684 GiB total, 318.547 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 2.062 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 466 GiB total, 235.047 GiB free.
K: is CDROM (UDF)
L: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0002
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter #3
PNP Device ID: ROOT\*ISATAP\0002
Service: tunnel
.
==== System Restore Points ===================
.
RP1113: 5/15/2012 12:56:57 PM - Installed HiJackThis
.
==== Installed Programs ======================
.
µTorrent
AAC Decoder
ACDSee Pro 3
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.5.0
AMD USB Audio Driver Filter
Apple Application Support
Apple Software Update
ASIO4ALL
ATI Catalyst Registration
AutoUpdate
Braid
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Compatibility Pack for the 2007 Office system
Counter-Strike: Source
Crysis WARHEAD®
CyberLink DVD Suite Deluxe
Debut Video Capture Software
Diablo II
Diablo III
Diablo III Beta
DirectX for Managed Code Update (Summer 2004)
DivX Codec
DivX Plus DirectShow Filters
DivX Version Checker
DVD Decrypter (Remove Only)
DVD Flick 1.3.0.7
DVD2one V2.4.0
EA Download Manager
EA Download Manager UI
Enhanced Multimedia Keyboard Solution
Express Burn
FL Studio 9
Google Quick Search Box
Google Toolbar for Internet Explorer
Google Update Helper
GunboundWC
H.264 Decoder
Half-Life 2
Hardcore
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Advisor
HP Customer Experience Enhancements
HP Demo
HP Easy Backup
HP Games
HP MediaSmart Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Odometer
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
IHA_MessageCenter
IL Download Manager
InterActual Player
iPhone Configuration Utility
IrfanView (remove only)
Java Auto Updater
Java™ 6 Update 29
LabelPrint
Left 4 Dead
LightScribe System Software
MagicDisc 2.7.106
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MKV Splitter
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NavNet
Netflix in Windows Media Center
PDF Settings CS5
PictureMover
PoiZone
Portal
Portal 2
Power DVD Rip Studio v1.1.7.100
Power2Go
PowerDirector
Prism Video Converter
Python 2.6 pywin32-212
Python 2.6.1
QuantZ Demo
QuickTime
R.U.S.E. Beta
RAIDXpert
Realtek High Definition Audio Driver
Sawer
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Shank Demo
Sid Meier's Civilization 4
SoundTap Streaming Audio Recorder
StarCraft II
Steam
Swarm Arena Demo
Team Fortress 2
The Lord of the Rings FREE Trial
The Rosetta Stone
Toxic Biohazard
TubEmAll Pro 1.3f
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
VC80CRTRedist - 8.0.50727.762
VLC media player 1.0.0
Vz In Home Agent
WavePad Sound Editor
WinRAR archiver
YouTube Downloader 3.5
.
==== Event Viewer Messages From Past Week ========
.
5/16/2012 8:18:29 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
5/15/2012 12:57:27 PM, Error: volsnap [20] - The shadow copies of volume C: were aborted because of a failed free space computation.
5/15/2012 12:53:00 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
5/15/2012 12:53:00 AM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/15/2012 11:49:17 AM, Error: Service Control Manager [7034] - The AMD RAIDXpert service terminated unexpectedly. It has done this 1 time(s).
5/13/2012 4:45:48 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Volume Shadow Copy service to connect.
5/13/2012 4:45:48 AM, Error: Service Control Manager [7000] - The Volume Shadow Copy service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/13/2012 4:45:48 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service VSS with arguments "" in order to run the server: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
.
==== End Of File ===========================



I hope these are the correct logs that you wanted and that you are able to help me. Thank you very much.

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 16 May 2012 - 12:32 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 19 May 2012 - 01:11 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 Uniquename2

Uniquename2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 19 May 2012 - 10:27 AM

ComboFix 12-05-19.01 - BDUB 05/19/2012 7:54.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8183.5871 [GMT -7:00]
Running from: c:\users\BDUB\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 15:04 . 2012-05-19 15:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-19 14:47 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D14957DE-7916-4AA6-A6CD-FCEEC54D088E}\mpengine.dll
2012-05-15 19:57 . 2012-05-15 19:57 388096 ----a-r- c:\users\BDUB\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-15 19:57 . 2012-05-15 19:57 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-15 18:49 . 2012-05-15 18:49 -------- d-----w- C:\_OTM
2012-05-15 09:56 . 2012-05-15 09:56 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-15 06:05 . 2012-05-15 06:53 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-14 14:44 . 2012-05-14 14:44 -------- d-----w- c:\users\BDUB\AppData\Local\Vidalia
2012-05-14 14:43 . 2012-05-14 14:43 -------- d-----w- c:\users\BDUB\AppData\Roaming\tor
2012-05-14 14:03 . 2012-05-14 14:03 -------- d-----w- c:\users\BDUB\AppData\Local\Mozilla
2012-05-14 14:03 . 2012-05-14 14:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-13 11:47 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 11:44 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 11:44 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-29 15:37 . 2012-04-12 10:02 5632 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:37 . 2012-04-12 10:02 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:35 . 2012-04-12 10:02 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 15:11 . 2012-04-12 10:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:02 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-29 15:09 . 2012-04-12 10:02 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-02-29 13:52 . 2012-04-12 10:02 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 06:56 . 2012-04-12 10:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 10:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 10:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 10:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 10:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 10:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18 . 2009-10-03 03:39 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-06-18 152064]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-11 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-31 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-20 122368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\BDUB\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2009-9-27 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 13:46]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 13:46]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-24 2692008]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 3828992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\BDUB\AppData\Roaming\Mozilla\Firefox\Profiles\56s2ti3a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
Wow6432Node-HKCU-Run-ACD Systems - c:\users\BDUB\AppData\Local\Apple Computer\ACD Systems\meiqposm.dll
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{66F644DA-4ED8-4D03-83D2-A7156AA562BC}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000517284ABB1713"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="691D7A74A28499721318E65C1F5EE42E7D836D81C179E62D035245131478EE546BB2C1F44C0E6EB6480E5DA428DE499F594D56E55F3DBB6582FED7C71EA34597D53B346E1592B4F4A2E631BB1AAC36B126BC5FB75231F29539A9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B5558EDD5E5BE2F6E667EECE32B07310612949C63FA6CE05B89F8F196A8A984BD1FDA341635C229A93EB80FCE905BD2AB5AD16BC7155EA48F385B2DF6B4100465C5AFECD0C7B712E9BB8884D2FD4A3C9EE1CD83BC2F44A800F8EA60A49D8E17ABE93880F62AFA81C5F6244A470783B4C96762A9F42F92E0F046A7A065204C5EE8724E6299688B8B11D52957F5E7D7FE13C3442D7C00F37AB523E63D91AA9987E460168579CC9F58D156683E9EDA2CD8FF0BE81665491EEDDFB20389C7763ABD88E8BFE652DE91A258B70B687D8DC69AE49F66BE359123F83881D75790700317F769E3DB4C494433F48B77E0D1B5478EA603025FA6AD6F8508134BB33A503444A9A865EBBA2A9F1771A754B4777670546D2AF7B6B6DD9CD49F6DBCC1CF7225FE21B84BC814A3D8B3E4F57331272257E94C2B1DC8785C75747F979139EE4C7E3C91C4DDB2685165B573F8071E054D2367FD4645A381F828F78A36A98B4171394CF430BDFD860B00C593F06623AAA68E302346C2DF6E69E56DE0BFE0EEF7ED51C9C3EDA90DFA93A30322FF18938479220EE8EDEAFD3CEE76ED0D17AC6734E96062A3B4BDB14F698BE9FEDC28B893F316AEA14C7DFF20EDA00779915BB79FC104249EEE351E220630E36DF6AB16EEAD926EDFBA661891F279550887B884CC4B1A59A109CA7CC3F645EDD6ECE6B3F68D418C37E6CFAE4BE359F2DCACC6B4D271D68165BE33868B71C4ED1074A4A65981E6A8FD9839763701CF0340E9C4A70E529A68610977D5F2C3F6623982904DF20E52DC3CFC34678F9AAC0DF04F3ACBE8860628A7111996D84B20EB319B0F1C0E792D12B267E39ABE3E2AAFC644F3ED3D9807D944715D163EC1413BC8014922D1E3CAD6126F4C796FE792FAC691ECEDEE97CC16B5DE30EA8563227C9CB7E0861342D7DD71EDE6EEB5BD8AFE5534452A50A7BDCA983ACDCB4F311DEBAFB0E97A95DE75E53DFE7496BD01C75F1621A608053D75C3F0D946D163E67B4C194D42B6915A0D2EABF2E1D6E77972A6FDEEA36DA201F37EDD136166E712105689ED7511696C0418E98C4CFDFAF4FDE4F92F6B1368F15C34D2E9CCD700EDC128AA7123CBBE3E1F4FBC6B36DBE99FD0558CC73D7A48430404600C9B36858708057BF72407643571AC9ADF4231E1D8F7622600751502799CB9A2C3308B157615AD27B5858F9BBA5C4DE31F7C526E2A66D1CA2CD6875E0B0EB5A"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\WinMsgBalloonServer.exe
c:\windows\SysWOW64\WinMsgBalloonClient.exe
c:\windows\SysWOW64\BeepApp.exe
.
**************************************************************************
.
Completion time: 2012-05-19 08:24:14 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 15:24
.
Pre-Run: 340,633,497,600 bytes free
Post-Run: 341,376,323,584 bytes free
.
- - End Of File - - 4E91BF6D333B7A692E3B41AA19730C8E

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 19 May 2012 - 01:12 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 Uniquename2

Uniquename2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 21 May 2012 - 09:06 AM

TDSSKiller REPORT:




13:32:46.0189 3488 TDSS rootkit removing tool 2.7.35.0 May 16 2012 07:37:57
13:32:47.0078 3488 ============================================================
13:32:47.0078 3488 Current date / time: 2012/05/20 13:32:47.0078
13:32:47.0078 3488 SystemInfo:
13:32:47.0078 3488
13:32:47.0078 3488 OS Version: 6.0.6002 ServicePack: 2.0
13:32:47.0078 3488 Product type: Workstation
13:32:47.0079 3488 ComputerName: BDUB-PC
13:32:47.0079 3488 UserName: BDUB
13:32:47.0079 3488 Windows directory: C:\Windows
13:32:47.0079 3488 System windows directory: C:\Windows
13:32:47.0079 3488 Running under WOW64
13:32:47.0079 3488 Processor architecture: Intel x64
13:32:47.0079 3488 Number of processors: 4
13:32:47.0079 3488 Page size: 0x1000
13:32:47.0079 3488 Boot type: Normal boot
13:32:47.0079 3488 ============================================================
13:32:48.0191 3488 Drive \Device\Harddisk0\DR0 - Size: 0xAE9F7B0000 (698.49 Gb), SectorSize: 0x200, Cylinders: 0x1642E, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:32:48.0194 3488 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:57.0351 3488 Drive \Device\Harddisk6\DR6 - Size: 0xF4B00000 (3.82 Gb), SectorSize: 0x200, Cylinders: 0x1F3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:32:57.0354 3488 ============================================================
13:32:57.0354 3488 \Device\Harddisk0\DR0:
13:32:57.0364 3488 MBR partitions:
13:32:57.0364 3488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x557D6C81
13:32:57.0364 3488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x557D6CC0, BlocksNum 0x1D23DEE
13:32:57.0364 3488 \Device\Harddisk1\DR1:
13:32:57.0367 3488 MBR partitions:
13:32:57.0367 3488 \Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
13:32:57.0367 3488 \Device\Harddisk6\DR6:
13:32:57.0369 3488 MBR partitions:
13:32:57.0369 3488 \Device\Harddisk6\DR6\Partition0: MBR, Type 0x7, StartLBA 0xAC8, BlocksNum 0x7A4D38
13:32:57.0369 3488 ============================================================
13:32:57.0395 3488 C: <-> \Device\Harddisk0\DR0\Partition0
13:32:57.0434 3488 D: <-> \Device\Harddisk0\DR0\Partition1
13:32:57.0479 3488 J: <-> \Device\Harddisk1\DR1\Partition0
13:32:57.0479 3488 ============================================================
13:32:57.0479 3488 Initialize success
13:32:57.0479 3488 ============================================================
13:32:59.0810 4780 ============================================================
13:32:59.0810 4780 Scan started
13:32:59.0810 4780 Mode: Manual;
13:32:59.0810 4780 ============================================================
13:33:01.0109 4780 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
13:33:01.0114 4780 ACPI - ok
13:33:01.0177 4780 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
13:33:01.0188 4780 adp94xx - ok
13:33:01.0230 4780 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
13:33:01.0236 4780 adpahci - ok
13:33:01.0255 4780 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
13:33:01.0257 4780 adpu160m - ok
13:33:01.0327 4780 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
13:33:01.0331 4780 adpu320 - ok
13:33:01.0354 4780 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
13:33:01.0355 4780 AeLookupSvc - ok
13:33:01.0390 4780 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
13:33:01.0398 4780 AFD - ok
13:33:01.0426 4780 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
13:33:01.0428 4780 agp440 - ok
13:33:01.0511 4780 ahcix64s (17d5f814286fa43a431e51ab1189c595) C:\Windows\system32\drivers\ahcix64s.sys
13:33:01.0514 4780 ahcix64s - ok
13:33:01.0595 4780 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
13:33:01.0598 4780 aic78xx - ok
13:33:01.0637 4780 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
13:33:01.0639 4780 ALG - ok
13:33:01.0679 4780 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
13:33:01.0680 4780 aliide - ok
13:33:02.0703 4780 AMD External Events Utility (0de7bf2a2e64a841f9abf9558870d9c4) C:\Windows\system32\atiesrxx.exe
13:33:02.0706 4780 AMD External Events Utility - ok
13:33:02.0746 4780 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
13:33:02.0747 4780 amdide - ok
13:33:02.0790 4780 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
13:33:02.0792 4780 AmdK8 - ok
13:33:03.0068 4780 amdkmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atipmdag.sys
13:33:03.0246 4780 amdkmdag - ok
13:33:03.0396 4780 amdkmdap (91e1daf0193bd2ab90b1b35c987237fe) C:\Windows\system32\DRIVERS\atikmpag.sys
13:33:03.0400 4780 amdkmdap - ok
13:33:03.0496 4780 AMD_RAIDXpert (ddef43e00d866724cb2d3e553cd4999e) C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
13:33:03.0499 4780 AMD_RAIDXpert - ok
13:33:03.0578 4780 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
13:33:03.0580 4780 Appinfo - ok
13:33:03.0629 4780 Apple Mobile Device (d8e18021f91ad79ca8491cb5a5da22d4) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:33:03.0631 4780 Apple Mobile Device - ok
13:33:03.0714 4780 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
13:33:03.0716 4780 arc - ok
13:33:03.0741 4780 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
13:33:03.0743 4780 arcsas - ok
13:33:03.0762 4780 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:03.0763 4780 AsyncMac - ok
13:33:03.0818 4780 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
13:33:03.0819 4780 atapi - ok
13:33:03.0895 4780 AtiHdmiService (6831c91c74afc9f1d88e1cccabada12b) C:\Windows\system32\drivers\AtiHdmi.sys
13:33:03.0898 4780 AtiHdmiService - ok
13:33:04.0416 4780 atikmdag (f284da3156166b45d02acc3c228ade1e) C:\Windows\system32\DRIVERS\atikmdag.sys
13:33:04.0552 4780 atikmdag - ok
13:33:04.0659 4780 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys
13:33:04.0660 4780 AtiPcie - ok
13:33:04.0785 4780 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:33:04.0792 4780 AudioEndpointBuilder - ok
13:33:04.0801 4780 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
13:33:04.0808 4780 AudioSrv - ok
13:33:04.0818 4780 Beep - ok
13:33:04.0871 4780 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
13:33:04.0879 4780 BFE - ok
13:33:05.0055 4780 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
13:33:05.0077 4780 BITS - ok
13:33:05.0156 4780 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
13:33:05.0158 4780 blbdrive - ok
13:33:05.0256 4780 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:33:05.0260 4780 Bonjour Service - ok
13:33:05.0361 4780 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
13:33:05.0364 4780 bowser - ok
13:33:05.0419 4780 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
13:33:05.0420 4780 BrFiltLo - ok
13:33:05.0442 4780 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
13:33:05.0444 4780 BrFiltUp - ok
13:33:05.0534 4780 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
13:33:05.0536 4780 Browser - ok
13:33:05.0649 4780 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
13:33:05.0652 4780 Brserid - ok
13:33:05.0676 4780 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
13:33:05.0678 4780 BrSerWdm - ok
13:33:05.0696 4780 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
13:33:05.0698 4780 BrUsbMdm - ok
13:33:05.0719 4780 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
13:33:05.0720 4780 BrUsbSer - ok
13:33:05.0756 4780 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
13:33:05.0758 4780 BTHMODEM - ok
13:33:05.0786 4780 catchme - ok
13:33:05.0806 4780 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:05.0809 4780 cdfs - ok
13:33:05.0931 4780 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:05.0939 4780 cdrom - ok
13:33:06.0009 4780 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:33:06.0010 4780 CertPropSvc - ok
13:33:06.0041 4780 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
13:33:06.0042 4780 circlass - ok
13:33:06.0086 4780 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
13:33:06.0094 4780 CLFS - ok
13:33:06.0230 4780 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:06.0231 4780 clr_optimization_v2.0.50727_32 - ok
13:33:06.0346 4780 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:06.0348 4780 clr_optimization_v2.0.50727_64 - ok
13:33:06.0390 4780 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:06.0394 4780 clr_optimization_v4.0.30319_32 - ok
13:33:06.0455 4780 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:06.0458 4780 clr_optimization_v4.0.30319_64 - ok
13:33:06.0475 4780 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
13:33:06.0477 4780 cmdide - ok
13:33:06.0492 4780 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
13:33:06.0493 4780 Compbatt - ok
13:33:06.0498 4780 COMSysApp - ok
13:33:06.0527 4780 cpuz134 (17719a7f571d4cd08223f0b30f71b8b8) C:\Windows\system32\drivers\cpuz134_x64.sys
13:33:06.0528 4780 cpuz134 - ok
13:33:06.0539 4780 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
13:33:06.0540 4780 crcdisk - ok
13:33:06.0566 4780 CryptSvc (18918613e63f387cde4d95ca7d49dcf7) C:\Windows\system32\cryptsvc.dll
13:33:06.0569 4780 CryptSvc - ok
13:33:06.0767 4780 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:33:06.0776 4780 DcomLaunch - ok
13:33:06.0839 4780 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
13:33:06.0842 4780 DfsC - ok
13:33:07.0112 4780 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
13:33:07.0150 4780 DFSR - ok
13:33:07.0266 4780 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
13:33:07.0268 4780 Dhcp - ok
13:33:07.0294 4780 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
13:33:07.0295 4780 disk - ok
13:33:07.0403 4780 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
13:33:07.0406 4780 Dnscache - ok
13:33:07.0444 4780 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
13:33:07.0448 4780 dot3svc - ok
13:33:07.0500 4780 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
13:33:07.0503 4780 DPS - ok
13:33:07.0570 4780 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
13:33:07.0571 4780 drmkaud - ok
13:33:07.0680 4780 dump_wmimmc - ok
13:33:07.0791 4780 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:07.0803 4780 DXGKrnl - ok
13:33:07.0980 4780 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
13:33:07.0983 4780 E1G60 - ok
13:33:08.0019 4780 eamon (55851f4864f8ad6e98b02307eca29db4) C:\Windows\system32\DRIVERS\eamon.sys
13:33:08.0021 4780 eamon - ok
13:33:08.0048 4780 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
13:33:08.0050 4780 EapHost - ok
13:33:08.0073 4780 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
13:33:08.0076 4780 Ecache - ok
13:33:08.0097 4780 ehdrv (62c96b617ac7c4c8a9c29d57a36aa874) C:\Windows\system32\DRIVERS\ehdrv.sys
13:33:08.0100 4780 ehdrv - ok
13:33:08.0248 4780 ehRecvr (33510be001ccdb5a01fcc88f4dd8dfc7) C:\Windows\ehome\ehRecvr.exe
13:33:08.0252 4780 ehRecvr - ok
13:33:08.0269 4780 ehSched (1abc6436b0edaa3d496d9c827f92820d) C:\Windows\ehome\ehsched.exe
13:33:08.0270 4780 ehSched - ok
13:33:08.0285 4780 ehstart (08f48cb2cd4019afb0456869b49cd76f) C:\Windows\ehome\ehstart.dll
13:33:08.0286 4780 ehstart - ok
13:33:08.0317 4780 EhttpSrv (6160f4cc52847923910cd5bb5dff4b31) C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
13:33:08.0318 4780 EhttpSrv - ok
13:33:08.0363 4780 ekrn (a5f63285c1b6c4b396d9ace0dffc88ef) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
13:33:08.0368 4780 ekrn - ok
13:33:08.0477 4780 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
13:33:08.0484 4780 elxstor - ok
13:33:08.0527 4780 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
13:33:08.0533 4780 EMDMgmt - ok
13:33:08.0555 4780 epfwwfpr (275395bfa2d37ac63b4c94cfa6a397cd) C:\Windows\system32\DRIVERS\epfwwfpr.sys
13:33:08.0558 4780 epfwwfpr - ok
13:33:08.0607 4780 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
13:33:08.0607 4780 ErrDev - ok
13:33:08.0852 4780 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
13:33:08.0855 4780 EventSystem - ok
13:33:08.0940 4780 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
13:33:08.0945 4780 exfat - ok
13:33:09.0038 4780 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
13:33:09.0042 4780 fastfat - ok
13:33:09.0071 4780 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
13:33:09.0073 4780 fdc - ok
13:33:09.0096 4780 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
13:33:09.0098 4780 fdPHost - ok
13:33:09.0129 4780 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
13:33:09.0132 4780 FDResPub - ok
13:33:09.0160 4780 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
13:33:09.0168 4780 FileInfo - ok
13:33:09.0198 4780 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
13:33:09.0200 4780 Filetrace - ok
13:33:09.0227 4780 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:33:09.0228 4780 flpydisk - ok
13:33:09.0260 4780 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
13:33:09.0266 4780 FltMgr - ok
13:33:09.0433 4780 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
13:33:09.0448 4780 FontCache - ok
13:33:09.0637 4780 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:09.0638 4780 FontCache3.0.0.0 - ok
13:33:09.0660 4780 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:09.0661 4780 Fs_Rec - ok
13:33:09.0678 4780 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
13:33:09.0680 4780 gagp30kx - ok
13:33:09.0757 4780 GameConsoleService (db3d8979064ce299927cc1da57e9a659) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
13:33:09.0761 4780 GameConsoleService - ok
13:33:09.0860 4780 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
13:33:09.0861 4780 GEARAspiWDM - ok
13:33:09.0931 4780 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
13:33:09.0941 4780 gpsvc - ok
13:33:10.0030 4780 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:10.0032 4780 gupdate - ok
13:33:10.0074 4780 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:10.0076 4780 gupdatem - ok
13:33:10.0241 4780 gusvc (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
13:33:10.0244 4780 gusvc - ok
13:33:10.0493 4780 HCW85BDA (49b940bad9f1b1e707dcf27684b6c7fb) C:\Windows\system32\drivers\HCW85BDA.sys
13:33:10.0540 4780 HCW85BDA - ok
13:33:10.0672 4780 hcw85cir (b6c86ac0ca60c10b6f46155a5e09d4a9) C:\Windows\system32\drivers\hcw85cir.sys
13:33:10.0673 4780 hcw85cir - ok
13:33:10.0742 4780 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
13:33:10.0749 4780 HdAudAddService - ok
13:33:10.0890 4780 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:10.0902 4780 HDAudBus - ok
13:33:10.0928 4780 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
13:33:10.0929 4780 HidBth - ok
13:33:10.0952 4780 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
13:33:10.0954 4780 HidIr - ok
13:33:10.0979 4780 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
13:33:10.0981 4780 hidserv - ok
13:33:10.0993 4780 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:10.0995 4780 HidUsb - ok
13:33:11.0020 4780 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
13:33:11.0023 4780 hkmsvc - ok
13:33:11.0077 4780 HP Health Check Service (aa9ef0b395097f24d289f64445b2fd2e) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
13:33:11.0079 4780 HP Health Check Service - ok
13:33:11.0131 4780 HPBtnSrv (deab3bf5aefbdc3f9ac0e020926ec81d) C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
13:33:11.0134 4780 HPBtnSrv - ok
13:33:11.0167 4780 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
13:33:11.0169 4780 HpCISSs - ok
13:33:11.0336 4780 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
13:33:11.0343 4780 HTTP - ok
13:33:11.0409 4780 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
13:33:11.0411 4780 i2omp - ok
13:33:11.0434 4780 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:11.0436 4780 i8042prt - ok
13:33:11.0460 4780 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
13:33:11.0466 4780 iaStorV - ok
13:33:11.0536 4780 IDriverT (1cf03c69b49acb70c722df92755c0c8c) C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
13:33:11.0538 4780 IDriverT - ok
13:33:11.0642 4780 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:11.0660 4780 idsvc - ok
13:33:11.0785 4780 IHA_MessageCenter (c135bff15563592b8ea070ea109967f7) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
13:33:11.0789 4780 IHA_MessageCenter - ok
13:33:11.0851 4780 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
13:33:11.0853 4780 iirsp - ok
13:33:11.0913 4780 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
13:33:11.0923 4780 IKEEXT - ok
13:33:12.0087 4780 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
13:33:12.0184 4780 IntcAzAudAddService - ok
13:33:12.0259 4780 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
13:33:12.0260 4780 intelide - ok
13:33:12.0280 4780 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:12.0282 4780 intelppm - ok
13:33:12.0312 4780 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
13:33:12.0315 4780 IPBusEnum - ok
13:33:12.0335 4780 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:12.0338 4780 IpFilterDriver - ok
13:33:12.0381 4780 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
13:33:12.0386 4780 iphlpsvc - ok
13:33:12.0391 4780 IpInIp - ok
13:33:12.0413 4780 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
13:33:12.0415 4780 IPMIDRV - ok
13:33:12.0436 4780 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
13:33:12.0439 4780 IPNAT - ok
13:33:12.0515 4780 iPod Service (3c0d4b3e80fc4854ca325dd123cc4ded) C:\Program Files\iPod\bin\iPodService.exe
13:33:12.0531 4780 iPod Service - ok
13:33:12.0550 4780 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
13:33:12.0552 4780 IRENUM - ok
13:33:12.0569 4780 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
13:33:12.0570 4780 isapnp - ok
13:33:12.0601 4780 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
13:33:12.0605 4780 iScsiPrt - ok
13:33:12.0632 4780 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
13:33:12.0634 4780 iteatapi - ok
13:33:12.0654 4780 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
13:33:12.0655 4780 iteraid - ok
13:33:12.0672 4780 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:12.0674 4780 kbdclass - ok
13:33:12.0708 4780 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:12.0710 4780 kbdhid - ok
13:33:12.0761 4780 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:12.0763 4780 KeyIso - ok
13:33:12.0792 4780 KSecDD (2758d174604f597bbc8a217ff667913d) C:\Windows\system32\Drivers\ksecdd.sys
13:33:12.0803 4780 KSecDD - ok
13:33:12.0822 4780 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
13:33:12.0824 4780 ksthunk - ok
13:33:12.0872 4780 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
13:33:12.0879 4780 KtmRm - ok
13:33:12.0963 4780 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
13:33:12.0968 4780 LanmanServer - ok
13:33:13.0009 4780 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
13:33:13.0015 4780 LanmanWorkstation - ok
13:33:13.0109 4780 LightScribeService (dfeff67508d3a9aeb1a85d7b0f513b24) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:33:13.0110 4780 LightScribeService - ok
13:33:13.0166 4780 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:13.0168 4780 lltdio - ok
13:33:13.0205 4780 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
13:33:13.0212 4780 lltdsvc - ok
13:33:13.0224 4780 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
13:33:13.0226 4780 lmhosts - ok
13:33:13.0258 4780 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
13:33:13.0260 4780 LSI_FC - ok
13:33:13.0290 4780 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
13:33:13.0293 4780 LSI_SAS - ok
13:33:13.0310 4780 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:13.0313 4780 LSI_SCSI - ok
13:33:13.0326 4780 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
13:33:13.0329 4780 luafv - ok
13:33:13.0360 4780 mcdbus (79d51e7f5926e8ce1b3ebecebae28cff) C:\Windows\system32\DRIVERS\mcdbus.sys
13:33:13.0365 4780 mcdbus - ok
13:33:13.0387 4780 Mcx2Svc (6da30c0de0cc8525e89d612c5063cac1) C:\Windows\system32\Mcx2Svc.dll
13:33:13.0391 4780 Mcx2Svc - ok
13:33:13.0416 4780 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
13:33:13.0417 4780 megasas - ok
13:33:13.0455 4780 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
13:33:13.0464 4780 MegaSR - ok
13:33:13.0491 4780 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:33:13.0492 4780 MMCSS - ok
13:33:13.0513 4780 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
13:33:13.0514 4780 Modem - ok
13:33:13.0534 4780 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
13:33:13.0535 4780 monitor - ok
13:33:13.0572 4780 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:13.0573 4780 mouclass - ok
13:33:13.0580 4780 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:13.0581 4780 mouhid - ok
13:33:13.0599 4780 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
13:33:13.0601 4780 MountMgr - ok
13:33:13.0656 4780 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:33:13.0658 4780 MozillaMaintenance - ok
13:33:13.0684 4780 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
13:33:13.0686 4780 mpio - ok
13:33:13.0696 4780 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
13:33:13.0697 4780 mpsdrv - ok
13:33:13.0733 4780 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
13:33:13.0738 4780 MpsSvc - ok
13:33:13.0755 4780 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
13:33:13.0757 4780 Mraid35x - ok
13:33:13.0780 4780 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
13:33:13.0783 4780 MRxDAV - ok
13:33:13.0805 4780 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:13.0807 4780 mrxsmb - ok
13:33:13.0841 4780 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:13.0845 4780 mrxsmb10 - ok
13:33:13.0857 4780 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:13.0859 4780 mrxsmb20 - ok
13:33:13.0883 4780 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
13:33:13.0884 4780 msahci - ok
13:33:13.0923 4780 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
13:33:13.0924 4780 msdsm - ok
13:33:13.0946 4780 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
13:33:13.0983 4780 MSDTC - ok
13:33:14.0016 4780 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
13:33:14.0017 4780 Msfs - ok
13:33:14.0022 4780 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
13:33:14.0023 4780 msisadrv - ok
13:33:14.0050 4780 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
13:33:14.0053 4780 MSiSCSI - ok
13:33:14.0056 4780 msiserver - ok
13:33:14.0085 4780 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:14.0086 4780 MSKSSRV - ok
13:33:14.0116 4780 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:14.0137 4780 MSPCLOCK - ok
13:33:14.0160 4780 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
13:33:14.0161 4780 MSPQM - ok
13:33:14.0404 4780 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
13:33:14.0411 4780 MsRPC - ok
13:33:14.0446 4780 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:14.0447 4780 mssmbios - ok
13:33:14.0467 4780 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
13:33:14.0485 4780 MSTEE - ok
13:33:14.0509 4780 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
13:33:14.0511 4780 Mup - ok
13:33:14.0544 4780 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
13:33:14.0553 4780 napagent - ok
13:33:15.0252 4780 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:15.0256 4780 NativeWifiP - ok
13:33:15.0330 4780 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
13:33:15.0340 4780 NDIS - ok
13:33:15.0391 4780 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:15.0393 4780 NdisTapi - ok
13:33:15.0401 4780 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:15.0403 4780 Ndisuio - ok
13:33:15.0420 4780 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:15.0423 4780 NdisWan - ok
13:33:15.0433 4780 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
13:33:15.0435 4780 NDProxy - ok
13:33:15.0447 4780 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
13:33:15.0449 4780 NetBIOS - ok
13:33:15.0471 4780 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
13:33:15.0477 4780 netbt - ok
13:33:15.0500 4780 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:15.0501 4780 Netlogon - ok
13:33:15.0641 4780 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
13:33:15.0647 4780 Netman - ok
13:33:15.0692 4780 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
13:33:15.0699 4780 netprofm - ok
13:33:15.0747 4780 netr7364 (0e27af88b9c2291d2fde9faaebd2e9a3) C:\Windows\system32\DRIVERS\netr7364.sys
13:33:15.0758 4780 netr7364 - ok
13:33:15.0798 4780 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:15.0800 4780 NetTcpPortSharing - ok
13:33:15.0812 4780 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
13:33:15.0813 4780 nfrd960 - ok
13:33:15.0866 4780 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
13:33:15.0870 4780 NlaSvc - ok
13:33:15.0927 4780 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
13:33:15.0930 4780 Npfs - ok
13:33:15.0935 4780 npggsvc - ok
13:33:15.0943 4780 NPPTNT2 - ok
13:33:15.0975 4780 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
13:33:15.0977 4780 nsi - ok
13:33:15.0983 4780 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
13:33:15.0985 4780 nsiproxy - ok
13:33:16.0122 4780 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
13:33:16.0137 4780 Ntfs - ok
13:33:16.0202 4780 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
13:33:16.0202 4780 Null - ok
13:33:16.0226 4780 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
13:33:16.0228 4780 nvraid - ok
13:33:16.0249 4780 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
13:33:16.0250 4780 nvstor - ok
13:33:16.0276 4780 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
13:33:16.0278 4780 nv_agp - ok
13:33:16.0283 4780 NwlnkFlt - ok
13:33:16.0291 4780 NwlnkFwd - ok
13:33:16.0386 4780 O&O Defrag (563a7757b71f70050a613a8f0c979262) C:\Windows\system32\oodag.exe
13:33:16.0430 4780 O&O Defrag - ok
13:33:16.0534 4780 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
13:33:16.0535 4780 ohci1394 - ok
13:33:16.0603 4780 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:16.0620 4780 p2pimsvc - ok
13:33:16.0635 4780 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:16.0648 4780 p2psvc - ok
13:33:16.0695 4780 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
13:33:16.0697 4780 Parport - ok
13:33:16.0727 4780 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
13:33:16.0728 4780 partmgr - ok
13:33:16.0756 4780 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
13:33:16.0758 4780 PcaSvc - ok
13:33:16.0868 4780 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
13:33:16.0873 4780 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - ok
13:33:16.0895 4780 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
13:33:16.0897 4780 pci - ok
13:33:16.0905 4780 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
13:33:16.0907 4780 pciide - ok
13:33:16.0934 4780 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
13:33:16.0937 4780 pcmcia - ok
13:33:17.0073 4780 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
13:33:17.0118 4780 PEAUTH - ok
13:33:17.0171 4780 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
13:33:17.0174 4780 PerfHost - ok
13:33:17.0296 4780 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
13:33:17.0464 4780 pla - ok
13:33:17.0508 4780 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
13:33:17.0516 4780 PlugPlay - ok
13:33:17.0572 4780 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:17.0588 4780 PNRPAutoReg - ok
13:33:17.0604 4780 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
13:33:17.0616 4780 PNRPsvc - ok
13:33:17.0695 4780 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
13:33:17.0703 4780 PolicyAgent - ok
13:33:17.0801 4780 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:17.0804 4780 PptpMiniport - ok
13:33:17.0831 4780 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
13:33:17.0833 4780 Processor - ok
13:33:17.0875 4780 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
13:33:17.0879 4780 ProfSvc - ok
13:33:17.0930 4780 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:17.0931 4780 ProtectedStorage - ok
13:33:18.0001 4780 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
13:33:18.0002 4780 Ps2 - ok
13:33:18.0028 4780 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
13:33:18.0030 4780 PSched - ok
13:33:18.0082 4780 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
13:33:18.0092 4780 ql2300 - ok
13:33:18.0203 4780 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
13:33:18.0207 4780 ql40xx - ok
13:33:18.0244 4780 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
13:33:18.0250 4780 QWAVE - ok
13:33:18.0262 4780 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
13:33:18.0263 4780 QWAVEdrv - ok
13:33:18.0277 4780 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:18.0279 4780 RasAcd - ok
13:33:18.0401 4780 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
13:33:18.0403 4780 RasAuto - ok
13:33:18.0436 4780 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:18.0438 4780 Rasl2tp - ok
13:33:18.0458 4780 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
13:33:18.0461 4780 RasMan - ok
13:33:18.0534 4780 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:18.0536 4780 RasPppoe - ok
13:33:18.0617 4780 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:18.0618 4780 RasSstp - ok
13:33:18.0650 4780 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:18.0655 4780 rdbss - ok
13:33:18.0668 4780 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:18.0670 4780 RDPCDD - ok
13:33:18.0697 4780 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
13:33:18.0702 4780 rdpdr - ok
13:33:18.0707 4780 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
13:33:18.0709 4780 RDPENCDD - ok
13:33:18.0783 4780 RDPWD (5c141fc457f1ac833664789235aca673) C:\Windows\system32\drivers\RDPWD.sys
13:33:18.0790 4780 RDPWD - ok
13:33:18.0811 4780 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
13:33:18.0813 4780 RemoteAccess - ok
13:33:18.0827 4780 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
13:33:18.0830 4780 RemoteRegistry - ok
13:33:18.0847 4780 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
13:33:18.0849 4780 RpcLocator - ok
13:33:18.0894 4780 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
13:33:18.0900 4780 RpcSs - ok
13:33:18.0911 4780 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:18.0913 4780 rspndr - ok
13:33:18.0949 4780 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
13:33:18.0952 4780 RTL8169 - ok
13:33:18.0979 4780 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
13:33:18.0980 4780 SamSs - ok
13:33:18.0991 4780 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
13:33:18.0993 4780 sbp2port - ok
13:33:19.0012 4780 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
13:33:19.0015 4780 SCardSvr - ok
13:33:19.0083 4780 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
13:33:19.0096 4780 Schedule - ok
13:33:19.0136 4780 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
13:33:19.0137 4780 SCPolicySvc - ok
13:33:19.0166 4780 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
13:33:19.0170 4780 SDRSVC - ok
13:33:19.0209 4780 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:19.0210 4780 secdrv - ok
13:33:19.0231 4780 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
13:33:19.0234 4780 seclogon - ok
13:33:19.0250 4780 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
13:33:19.0253 4780 SENS - ok
13:33:19.0268 4780 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
13:33:19.0270 4780 Serenum - ok
13:33:19.0297 4780 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
13:33:19.0300 4780 Serial - ok
13:33:19.0320 4780 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
13:33:19.0322 4780 sermouse - ok
13:33:19.0358 4780 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
13:33:19.0362 4780 SessionEnv - ok
13:33:19.0435 4780 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
13:33:19.0436 4780 sffdisk - ok
13:33:19.0452 4780 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:19.0453 4780 sffp_mmc - ok
13:33:19.0473 4780 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
13:33:19.0474 4780 sffp_sd - ok
13:33:19.0509 4780 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
13:33:19.0510 4780 sfloppy - ok
13:33:19.0587 4780 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
13:33:19.0592 4780 SharedAccess - ok
13:33:19.0793 4780 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
13:33:19.0797 4780 ShellHWDetection - ok
13:33:19.0811 4780 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
13:33:19.0813 4780 SiSRaid2 - ok
13:33:19.0825 4780 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
13:33:19.0826 4780 SiSRaid4 - ok
13:33:19.0976 4780 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
13:33:20.0062 4780 slsvc - ok
13:33:20.0176 4780 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
13:33:20.0178 4780 SLUINotify - ok
13:33:20.0293 4780 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
13:33:20.0296 4780 Smb - ok
13:33:20.0323 4780 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
13:33:20.0326 4780 SNMPTRAP - ok
13:33:20.0340 4780 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
13:33:20.0342 4780 spldr - ok
13:33:20.0378 4780 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
13:33:20.0384 4780 Spooler - ok
13:33:20.0420 4780 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
13:33:20.0430 4780 srv - ok
13:33:20.0451 4780 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
13:33:20.0456 4780 srv2 - ok
13:33:20.0471 4780 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:20.0476 4780 srvnet - ok
13:33:20.0527 4780 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
13:33:20.0531 4780 SSDPSRV - ok
13:33:20.0579 4780 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
13:33:20.0583 4780 SstpSvc - ok
13:33:20.0673 4780 Steam Client Service - ok
13:33:20.0714 4780 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
13:33:20.0726 4780 stisvc - ok
13:33:20.0747 4780 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
13:33:20.0749 4780 swenum - ok
13:33:20.0795 4780 SwitchBoard (f577910a133a592234ebaad3f3afa258) C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
13:33:20.0799 4780 SwitchBoard - ok
13:33:20.0832 4780 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
13:33:20.0837 4780 swprv - ok
13:33:20.0879 4780 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
13:33:20.0880 4780 Symc8xx - ok
13:33:20.0888 4780 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
13:33:20.0891 4780 Sym_hi - ok
13:33:20.0912 4780 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
13:33:20.0914 4780 Sym_u3 - ok
13:33:20.0998 4780 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
13:33:21.0005 4780 SysMain - ok
13:33:21.0045 4780 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
13:33:21.0047 4780 TabletInputService - ok
13:33:21.0064 4780 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
13:33:21.0067 4780 TapiSrv - ok
13:33:21.0082 4780 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
13:33:21.0084 4780 TBS - ok
13:33:21.0331 4780 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
13:33:21.0350 4780 Tcpip - ok
13:33:21.0581 4780 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:21.0598 4780 Tcpip6 - ok
13:33:21.0740 4780 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
13:33:21.0742 4780 tcpipreg - ok
13:33:21.0780 4780 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
13:33:21.0782 4780 TDPIPE - ok
13:33:21.0806 4780 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
13:33:21.0808 4780 TDTCP - ok
13:33:21.0909 4780 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
13:33:21.0911 4780 tdx - ok
13:33:21.0942 4780 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
13:33:21.0945 4780 TermDD - ok
13:33:22.0000 4780 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
13:33:22.0006 4780 TermService - ok
13:33:22.0084 4780 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
13:33:22.0088 4780 Themes - ok
13:33:22.0097 4780 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
13:33:22.0098 4780 THREADORDER - ok
13:33:22.0197 4780 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
13:33:22.0200 4780 TrkWks - ok
13:33:22.0249 4780 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
13:33:22.0250 4780 TrustedInstaller - ok
13:33:22.0293 4780 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:22.0294 4780 tssecsrv - ok
13:33:22.0334 4780 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
13:33:22.0335 4780 tunmp - ok
13:33:22.0367 4780 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:22.0369 4780 tunnel - ok
13:33:22.0391 4780 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
13:33:22.0394 4780 uagp35 - ok
13:33:22.0464 4780 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
13:33:22.0471 4780 udfs - ok
13:33:22.0503 4780 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
13:33:22.0506 4780 UI0Detect - ok
13:33:22.0525 4780 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
13:33:22.0528 4780 uliagpkx - ok
13:33:22.0563 4780 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
13:33:22.0569 4780 uliahci - ok
13:33:22.0603 4780 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
13:33:22.0607 4780 UlSata - ok
13:33:22.0684 4780 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
13:33:22.0689 4780 ulsata2 - ok
13:33:22.0757 4780 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
13:33:22.0759 4780 umbus - ok
13:33:22.0797 4780 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
13:33:22.0804 4780 upnphost - ok
13:33:22.0839 4780 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
13:33:22.0841 4780 USBAAPL64 - ok
13:33:22.0868 4780 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:22.0871 4780 usbccgp - ok
13:33:22.0947 4780 usbcir (8c39d53e1a343f4c47ee8f3c052126d8) C:\Windows\system32\DRIVERS\usbcir.sys
13:33:22.0950 4780 usbcir - ok
13:33:22.0984 4780 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:22.0987 4780 usbehci - ok
13:33:23.0017 4780 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys
13:33:23.0020 4780 usbfilter - ok
13:33:23.0064 4780 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:23.0070 4780 usbhub - ok
13:33:23.0103 4780 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
13:33:23.0106 4780 usbohci - ok
13:33:23.0125 4780 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
13:33:23.0127 4780 usbprint - ok
13:33:23.0161 4780 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:23.0165 4780 USBSTOR - ok
13:33:23.0184 4780 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
13:33:23.0185 4780 usbuhci - ok
13:33:23.0209 4780 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
13:33:23.0212 4780 UxSms - ok
13:33:23.0243 4780 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
13:33:23.0254 4780 vds - ok
13:33:23.0277 4780 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:23.0279 4780 vga - ok
13:33:23.0299 4780 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
13:33:23.0301 4780 VgaSave - ok
13:33:23.0314 4780 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
13:33:23.0315 4780 viaide - ok
13:33:23.0332 4780 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
13:33:23.0335 4780 volmgr - ok
13:33:23.0372 4780 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
13:33:23.0381 4780 volmgrx - ok
13:33:23.0406 4780 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
13:33:23.0421 4780 volsnap - ok
13:33:23.0443 4780 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
13:33:23.0446 4780 vsmraid - ok
13:33:23.0602 4780 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
13:33:23.0621 4780 VSS - ok
13:33:23.0914 4780 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
13:33:23.0936 4780 W32Time - ok
13:33:23.0960 4780 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
13:33:23.0962 4780 WacomPen - ok
13:33:23.0998 4780 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:24.0012 4780 Wanarp - ok
13:33:24.0018 4780 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:24.0020 4780 Wanarpv6 - ok
13:33:24.0058 4780 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
13:33:24.0092 4780 wcncsvc - ok
13:33:24.0162 4780 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
13:33:24.0165 4780 WcsPlugInService - ok
13:33:24.0189 4780 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
13:33:24.0191 4780 Wd - ok
13:33:24.0365 4780 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
13:33:24.0393 4780 Wdf01000 - ok
13:33:24.0407 4780 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:33:24.0411 4780 WdiServiceHost - ok
13:33:24.0416 4780 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
13:33:24.0420 4780 WdiSystemHost - ok
13:33:24.0440 4780 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
13:33:24.0447 4780 WebClient - ok
13:33:24.0475 4780 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
13:33:24.0481 4780 Wecsvc - ok
13:33:24.0493 4780 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
13:33:24.0497 4780 wercplsupport - ok
13:33:24.0517 4780 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
13:33:24.0521 4780 WerSvc - ok
13:33:24.0570 4780 WinDefend - ok
13:33:24.0581 4780 WinHttpAutoProxySvc - ok
13:33:24.0669 4780 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
13:33:24.0673 4780 Winmgmt - ok
13:33:24.0891 4780 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
13:33:25.0031 4780 WinRM - ok
13:33:25.0239 4780 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
13:33:25.0263 4780 Wlansvc - ok
13:33:25.0316 4780 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
13:33:25.0317 4780 WmiAcpi - ok
13:33:25.0344 4780 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:25.0346 4780 wmiApSrv - ok
13:33:25.0359 4780 WMPNetworkSvc - ok
13:33:25.0387 4780 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
13:33:25.0390 4780 WPCSvc - ok
13:33:25.0413 4780 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
13:33:25.0415 4780 WPDBusEnum - ok
13:33:25.0505 4780 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
13:33:25.0507 4780 WpdUsb - ok
13:33:25.0775 4780 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:33:25.0789 4780 WPFFontCache_v0400 - ok
13:33:25.0885 4780 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:25.0904 4780 ws2ifsl - ok
13:33:25.0929 4780 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
13:33:25.0931 4780 wscsvc - ok
13:33:25.0936 4780 WSearch - ok
13:33:26.0076 4780 wuauserv (fb3796754fe00f0bdc87a36f164a5f4d) C:\Windows\system32\wuaueng.dll
13:33:26.0245 4780 wuauserv - ok
13:33:26.0450 4780 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:26.0454 4780 WUDFRd - ok
13:33:26.0509 4780 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
13:33:26.0513 4780 wudfsvc - ok
13:33:26.0583 4780 {55662437-DA8C-40c0-AADA-2C816A897A49} (1cacfef9e5dd866c5b79a135ee729e18) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
13:33:26.0595 4780 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
13:33:26.0615 4780 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
13:33:26.0830 4780 \Device\Harddisk0\DR0 - ok
13:33:26.0853 4780 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
13:33:26.0858 4780 \Device\Harddisk1\DR1 - ok
13:33:26.0864 4780 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk6\DR6
13:33:28.0489 4780 \Device\Harddisk6\DR6 - ok
13:33:28.0504 4780 Boot (0x1200) (3740b6d370393e5f886435a3b907cf44) \Device\Harddisk0\DR0\Partition0
13:33:28.0507 4780 \Device\Harddisk0\DR0\Partition0 - ok
13:33:28.0533 4780 Boot (0x1200) (33d58f992964568017b79292d4f9544b) \Device\Harddisk0\DR0\Partition1
13:33:28.0536 4780 \Device\Harddisk0\DR0\Partition1 - ok
13:33:28.0542 4780 Boot (0x1200) (e153c1967a48ecee10db22e9d0396416) \Device\Harddisk1\DR1\Partition0
13:33:28.0547 4780 \Device\Harddisk1\DR1\Partition0 - ok
13:33:28.0555 4780 Boot (0x1200) (0fbfce556d20b70b5ecaed53ac4dddcd) \Device\Harddisk6\DR6\Partition0
13:33:28.0565 4780 \Device\Harddisk6\DR6\Partition0 - ok
13:33:28.0566 4780 ============================================================
13:33:28.0566 4780 Scan finished
13:33:28.0566 4780 ============================================================
13:33:28.0585 4352 Detected object count: 0
13:33:28.0585 4352 Actual detected object count: 0




aswMBR SAVELOG




aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-20 13:35:17
-----------------------------
13:35:17.664 OS Version: Windows x64 6.0.6002 Service Pack 2
13:35:17.664 Number of processors: 4 586 0x203
13:35:17.665 ComputerName: BDUB-PC UserName: BDUB
13:35:20.519 Initialize success
14:12:38.419 AVAST engine defs: 12052001
14:17:20.157 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000051
14:17:20.165 Disk 0 Vendor: ST375052 HP22 Size: 715255MB BusType: 8
14:17:20.173 Disk 0 MBR read successfully
14:17:20.177 Disk 0 MBR scan
14:17:20.185 Disk 0 unknown MBR code
14:17:20.190 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 700333 MB offset 63
14:17:20.226 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 14919 MB offset 1434283200
14:17:20.297 Disk 0 scanning C:\Windows\system32\drivers
14:17:33.777 Service scanning
14:18:01.684 Modules scanning
14:18:01.698 Disk 0 trace - called modules:
14:18:01.742 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys storport.sys hal.dll ahcix64s.sys
14:18:01.749 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80090b9790]
14:18:01.757 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> [0xfffffa8007f32040]
14:18:02.006 5 acpi.sys[fffffa60008f4fde] -> nt!IofCallDriver -> \Device\00000051[0xfffffa8007b82060]
14:18:06.397 AVAST engine scan C:\Windows
14:18:13.881 AVAST engine scan C:\Windows\system32
14:23:35.669 AVAST engine scan C:\Windows\system32\drivers
14:24:03.454 AVAST engine scan C:\Users\BDUB
15:10:58.605 AVAST engine scan C:\ProgramData
15:18:35.644 Scan finished successfully
07:05:59.613 Disk 0 MBR has been saved successfully to "C:\Users\BDUB\Desktop\MBR.dat"
07:05:59.622 The log file has been saved successfully to "C:\Users\BDUB\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 21 May 2012 - 01:26 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Uniquename2

Uniquename2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 21 May 2012 - 08:54 PM

I'm not sure if I did it correctly, but here is the log. It appears as though my computer has stopped re-directing me when I use Google, but how will I know that the problem has been fixed for certain?




ComboFix 12-05-21.05 - BDUB 05/21/2012 18:28:55.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8183.5666 [GMT -7:00]
Running from: c:\users\BDUB\Downloads\ComboFix.exe
Command switches used :: c:\users\BDUB\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-04-22 to 2012-05-22 )))))))))))))))))))))))))))))))
.
.
2012-05-22 01:38 . 2012-05-22 01:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-15 19:57 . 2012-05-15 19:57 388096 ----a-r- c:\users\BDUB\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-05-15 19:57 . 2012-05-15 19:57 -------- d-----w- c:\program files (x86)\Trend Micro
2012-05-15 18:49 . 2012-05-15 18:49 -------- d-----w- C:\_OTM
2012-05-15 09:56 . 2012-05-15 09:56 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-15 06:05 . 2012-05-15 06:53 -------- d-----w- c:\program files (x86)\Diablo III
2012-05-14 14:44 . 2012-05-14 14:44 -------- d-----w- c:\users\BDUB\AppData\Local\Vidalia
2012-05-14 14:43 . 2012-05-14 14:43 -------- d-----w- c:\users\BDUB\AppData\Roaming\tor
2012-05-14 14:03 . 2012-05-14 14:03 -------- d-----w- c:\users\BDUB\AppData\Local\Mozilla
2012-05-14 14:03 . 2012-05-14 14:03 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-05-13 11:47 . 2012-03-30 12:45 1423744 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-13 11:44 . 2012-04-03 08:22 4699520 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-13 11:44 . 2012-04-02 13:59 2766848 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-08 17:02 . 2012-05-19 14:47 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D14957DE-7916-4AA6-A6CD-FCEEC54D088E}\mpengine.dll
2012-02-29 15:37 . 2012-04-12 10:02 5632 ----a-w- c:\windows\system32\wmi.dll
2012-02-29 15:37 . 2012-04-12 10:02 219136 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 15:35 . 2012-04-12 10:02 78848 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 15:11 . 2012-04-12 10:02 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-02-29 15:11 . 2012-04-12 10:02 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-02-29 15:09 . 2012-04-12 10:02 157696 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-02-29 13:52 . 2012-04-12 10:02 16384 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-02-28 06:56 . 2012-04-12 10:03 2311168 ----a-w- c:\windows\system32\jscript9.dll
2012-02-28 06:49 . 2012-04-12 10:03 1390080 ----a-w- c:\windows\system32\wininet.dll
2012-02-28 06:48 . 2012-04-12 10:03 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2012-02-28 06:42 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-02-28 01:18 . 2012-04-12 10:03 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-02-28 01:11 . 2012-04-12 10:03 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-02-28 01:11 . 2012-04-12 10:03 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 01:03 . 2012-04-12 10:03 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-02-23 17:18 . 2009-10-03 03:39 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_15.21.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-01-21 02:23 . 2012-05-22 01:42 57214 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 15:45 . 2012-05-22 01:43 82980 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-07-15 02:48 . 2012-05-22 01:43 12616 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1433529587-1016935885-384632553-1000_UserData.bin
- 2009-07-15 02:48 . 2012-05-15 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-15 02:48 . 2012-05-22 01:18 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-05-15 20:10 . 2012-05-22 01:18 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-05-15 20:10 . 2012-05-15 20:32 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-15 02:48 . 2012-05-15 20:32 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-15 02:48 . 2012-05-22 01:18 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-05-19 15:06 . 2012-05-19 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 01:40 . 2012-05-22 01:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-05-22 01:40 . 2012-05-22 01:40 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-05-19 15:06 . 2012-05-19 15:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-04-30 22:49 . 2012-05-22 01:39 385100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2010-04-30 22:49 . 2012-05-19 15:05 385100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-06-15 11:55 . 2012-05-22 01:39 385868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1433529587-1016935885-384632553-1000-8192.dat
- 2010-06-15 11:55 . 2012-05-19 15:05 385868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1433529587-1016935885-384632553-1000-8192.dat
+ 2012-05-15 08:39 . 2012-05-22 01:39 2381448 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1433529587-1016935885-384632553-1000-4096.dat
+ 2010-05-07 08:39 . 2012-05-22 01:39 53229342 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1433529587-1016935885-384632553-1000-12288.dat
- 2010-05-07 08:39 . 2012-05-16 02:13 53229342 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1433529587-1016935885-384632553-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2009-06-18 152064]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-20 39408]
"Steam"="c:\program files (x86)\steam\steam.exe" [2011-08-11 1242448]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-03-31 399736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"KBD"="c:\program files (x86)\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-03-19 1148200]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-20 122368]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-07 98304]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-03-04 311296]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-30 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
.
c:\users\BDUB\AppData\Roaming\Microsoft\Windows\SendTo\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2009-9-15 576000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
UltraMon.lnk - c:\windows\Installer\{20A36691-B09B-4EF2-A371-64A5BD265E20}\IcoUltraMon.ico [2009-9-27 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 13:46]
.
2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-08 13:46]
.
2012-03-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [BU]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-24 2692008]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-09-04 3828992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
Trusted Zone: hp.com\pavilion.buttonredirect
Trusted Zone: hp.com\presario.buttonredirect
TCP: DhcpNameServer = 192.168.1.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\BDUB\AppData\Roaming\Mozilla\Firefox\Profiles\56s2ti3a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30po"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30pp"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.v30ppf"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Pro 3.xmp"
.
[HKEY_USERS\S-1-5-21-1433529587-1016935885-384632553-1000\Software\SecuROM\License information*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\ESET\ESET Security\CurrentVersion\Info]
@Denied: (2) (LocalSystem)
"AppDataDir"="c:\\ProgramData\\ESET\\ESET NOD32 Antivirus\\"
"DataDir"="ESET\\ESET NOD32 Antivirus\\"
"EditionName"=" "
"InstallDir"="c:\\Program Files\\ESET\\ESET NOD32 Antivirus\\"
"LanguageId"=dword:00000409
"PackageTag"=dword:6090e758
"ProductBase"=dword:00000000
"ProductCode"="{66F644DA-4ED8-4D03-83D2-A7156AA562BC}"
"ProductName"="ESET NOD32 Antivirus"
"ProductType"="eav"
"ProductVersion"="4.0.437.0"
"UniqueId"="000517284ABB1713"
"ScannerBuild"=dword:00001329
"ScannerVersionId"=dword:00000feb
"ScannerVersion"="Open window for status."
"FixId"=dword:00000009
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="691D7A74A28499721318E65C1F5EE42E7D836D81C179E62D035245131478EE546BB2C1F44C0E6EB6480E5DA428DE499F594D56E55F3DBB6582FED7C71EA34597D53B346E1592B4F4A2E631BB1AAC36B126BC5FB75231F29539A9FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933C038D530D6EB3452A2D97226D213B5558EDD5E5BE2F6E667EECE32B07310612949C63FA6CE05B89F8F196A8A984BD1FDA341635C229A93EB80FCE905BD2AB5AD16BC7155EA48F385B2DF6B4100465C5AFECD0C7B712E9BB8884D2FD4A3C9EE1CD83BC2F44A800F8EA60A49D8E17ABE93880F62AFA81C5F6244A470783B4C96762A9F42F92E0F046A7A065204C5EE8724E6299688B8B11D52957F5E7D7FE13C3442D7C00F37AB523E63D91AA9987E460168579CC9F58D156683E9EDA2CD8FF0BE81665491EEDDFB20389C7763ABD88E8BFE652DE91A258B70B687D8DC69AE49F66BE359123F83881D75790700317F769E3DB4C494433F48B77E0D1B5478EA603025FA6AD6F8508134BB33A503444A9A865EBBA2A9F1771A754B4777670546D2AF7B6B6DD9CD49F6DBCC1CF7225FE21B84BC814A3D8B3E4F57331272257E94C2B1DC8785C75747F979139EE4C7E3C91C4DDB2685165B573F8071E054D2367FD4645A381F828F78A36A98B4171394CF430BDFD860B00C593F06623AAA68E302346C2DF6E69E56DE0BFE0EEF7ED51C9C3EDA90DFA93A30322FF18938479220EE8EDEAFD3CEE76ED0D17AC6734E96062A3B4BDB14F698BE9FEDC28B893F316AEA14C7DFF20EDA00779915BB79FC104249EEE351E220630E36DF6AB16EEAD926EDFBA661891F279550887B884CC4B1A59A109CA7CC3F645EDD6ECE6B3F68D418C37E6CFAE4BE359F2DCACC6B4D271D68165BE33868B71C4ED1074A4A65981E6A8FD9839763701CF0340E9C4A70E529A68610977D5F2C3F6623982904DF20E52DC3CFC34678F9AAC0DF04F3ACBE8860628A7111996D84B20EB319B0F1C0E792D12B267E39ABE3E2AAFC644F3ED3D9807D944715D163EC1413BC8014922D1E3CAD6126F4C796FE792FAC691ECEDEE97CC16B5DE30EA8563227C9CB7E0861342D7DD71EDE6EEB5BD8AFE5534452A50A7BDCA983ACDCB4F311DEBAFB0E97A95DE75E53DFE7496BD01C75F1621A608053D75C3F0D946D163E67B4C194D42B6915A0D2EABF2E1D6E77972A6FDEEA36DA201F37EDD136166E712105689ED7511696C0418E98C4CFDFAF4FDE4F92F6B1368F15C34D2E9CCD700EDC128AA7123CBBE3E1F4FBC6B36DBE99FD0558CC73D7A48430404600C9B36858708057BF72407643571AC9ADF4231E1D8F7622600751502799CB9A2C3308B157615AD27B5858F9BBA5C4DE31F7C526E2A66D1CA2CD6875E0B0EB5A"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
c:\program files (x86)\AMD\RAIDXpert\bin\RAIDXpert.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
c:\program files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
c:\program files (x86)\Common Files\Steam\SteamService.exe
.
**************************************************************************
.
Completion time: 2012-05-21 18:50:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-22 01:50
ComboFix2.txt 2012-05-19 15:24
.
Pre-Run: 319,588,872,192 bytes free
Post-Run: 319,766,548,480 bytes free
.
- - End Of File - - 303FEA07A1DF3AC02D43712E1142A314

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 21 May 2012 - 09:48 PM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking allot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

µTorrent
Adobe Reader 9.5.0
Java™ 6 Update 29
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 24 May 2012 - 05:54 AM

Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 27 May 2012 - 06:18 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 134,447 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:20 AM

Posted 29 May 2012 - 11:19 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Uniquename2

Uniquename2
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:20 PM

Posted 07 July 2012 - 03:32 PM

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 1:29:55 PM, on 7/7/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
O4 - HKLM\..\Run: [SwitchBoard] "C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /install /silent
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Steam] "c:\program files (x86)\steam\steam.exe" -silent
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O4 - Global Startup: PictureMover.lnk = C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://pavilion.buttonredirect.hp.com
O15 - Trusted Zone: http://presario.buttonredirect.hp.com
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com//activex/ractrl.cab?lmi=724
O18 - Protocol: navnet - {AD6E5643-7B0C-46AA-95AD-9773FF2A857A} - C:\Program Files (x86)\NavNetApp\ComUtilities.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD RAIDXpert (AMD_RAIDXpert) - AMD - C:\Program Files (x86)\AMD\RAIDXpert\bin\RAIDXpertService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Easy Backup Button Service (HPBtnSrv) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP Easy Backup\HPBtnSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IHA_MessageCenter - Verizon - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11441 bytes



MBAM LOG



Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.07.07.07

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
BDUB :: BDUB-PC [administrator]

7/7/2012 1:11:10 PM
mbam-log-2012-07-07 (13-11-10).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215331
Time elapsed: 5 minute(s), 20 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users