Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Search Redirect Problem reappeared in Firefox & Chrome


  • This topic is locked This topic is locked
43 replies to this topic

#1 solsticeIL

solsticeIL

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 18 July 2012 - 12:30 PM

Hello,

Admin boopme instructed me to post here after assisting me in this thread http://www.bleepingcomputer.com/forums/topic460806.html/page__pid__2765463.

Issue: Google searches (usually the first result) redirects to strange pages like zapmeta, clickfindsearchresults
The issue appeared to be resolved but reappeared the next morning.

Computer Info: Vista 65-bit OS, SP2
Browser: Use Firefox 95% of the time but also affects Chrome

Steps taken today: Ran DeFogger, DDS, and GMER
Notes about GMER: Upon double-click, the program automatically scans. All boxes are greyed out except for Services, Registry, Files, C:/, ADS

Here is the DDS text log:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Admin at 10:37:58 on 2012-07-18
.
============== Running Processes ===============
.
C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Photo Commander 8\apc.exe
C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\AVG\AVG2012\avgcfgex.exe
C:\Users\Tina\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [TomTomHOME.exe] "C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe"
uRun: [Pogoplug] "C:\Program Files\Pogoplug\PPDrive.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [RoboForm] "C:\Users\Tina\AppData\Roaming\RoboForm\RoboTaskBarIcon.exe"
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [hpqSRMon]
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Customize Menu - file://C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComShowToolbar.html
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
TCP: Interfaces\{C38D5123-66D8-446B-AB79-05BC0144BD52} : DhcpNameServer = 68.94.156.1 68.94.157.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll
BHO-X64: AVG Do Not Track - No File
BHO-X64: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO-X64: Canon Easy-WebPrint EX BHO - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
EB-X64: {21347690-EC41-4F9A-8887-1F4AEE672439} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [hpqSRMon]
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [IJNetworkScanUtility] "C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe"
mRun-x64: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R? !SASCORE;SAS Core Service
R? a2acc;a2acc
R? ADExchange;ArcSoft Exchange Service
R? Apowersoft_AudioDevice;Apowersoft_AudioDevice
R? AVGIDSAgent;AVGIDSAgent
R? clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64
R? clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86
R? clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64
R? DfSdkS;Defragmentation-Service
R? DigiartyVirtualCDBus;Digiarty Virtual Driver
R? gupdate;Google Update Service (gupdate)
R? gupdatem;Google Update Service (gupdatem)
R? McComponentHostService;McAfee Security Scan Component Host Service
R? MozillaMaintenance;Mozilla Maintenance Service
R? NgFilter;Aventail VPN Filter
R? NgLog;Aventail VPN Logging
R? NgVpn;Aventail VPN Adapter
R? NgWfp;Aventail VPN Callout
R? PerfHost;Performance Counter DLL Host
R? SkypeUpdate;Skype Updater
R? WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0
S? AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9
S? AESTFilters;Andrea ST Filters Service
S? AVGIDSDriver;AVGIDSDriver
S? AVGIDSFilter;AVGIDSFilter
S? AVGIDSHA;AVGIDSHA
S? Avgldx64;AVG AVI Loader Driver
S? Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield
S? Avgrkx64;AVG Anti-Rootkit Driver
S? Avgtdia;AVG TDI Driver
S? avgwd;AVG WatchDog
S? Com4QLBEx;Com4QLBEx
S? DokanCEDriver;DokanCEDriver
S? DokanCEMounter;DokanCEMounter
S? enecir;ENE CIR Receiver
S? FontCache;Windows Font Cache Service
S? HBAdmin;HBAdmin
S? hpsrv;HP Service
S? IntcHdmiAddService;Intel® High Definition Audio HDMI
S? JMCR;JMCR
S? PxHlpa64;PxHlpa64
S? Recovery Service for Windows;Recovery Service for Windows
S? Viewpoint Manager Service;Viewpoint Manager Service
S? xcetap0;XCETAP0 Adapter
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-07-17 02:24:58 -------- d-----w- C:\Program Files (x86)\Oracle
2012-07-17 02:24:02 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-07-17 01:14:41 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-07-15 18:15:57 -------- d-----w- C:\Program Files (x86)\ESET
2012-07-13 20:23:44 -------- d-----w- C:\Users\Admin\AppData\Roaming\ChemTable Software
2012-07-13 17:56:27 -------- d-----w- C:\Users\Admin\AppData\Local\Macromedia
2012-07-11 13:34:30 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-06-22 14:13:01 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-22 14:12:49 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-22 14:12:49 88576 ----a-w- C:\Windows\SysWow64\wudriver.dll
2012-06-22 14:12:43 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-22 14:12:43 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2012-06-22 14:12:43 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-22 14:12:43 171904 ----a-w- C:\Windows\SysWow64\wuwebv.dll
.
==================== Find3M ====================
.
2012-07-17 02:23:29 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-17 01:14:15 839152 ----a-w- C:\Windows\System32\deployJava1.dll
2012-07-13 20:27:10 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-13 20:27:10 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 18:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-13 13:58:27 2769408 ----a-w- C:\Windows\System32\win32k.sys
2012-06-05 16:47:28 1401856 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-05 16:47:27 1248768 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-05 16:22:47 1797120 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-05 16:22:46 1869824 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-04 15:29:59 516480 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-02 00:22:56 347136 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 00:22:10 254464 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 00:05:11 77312 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 00:04:25 278528 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 00:03:42 204288 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-05-05 15:06:31 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 14:29:44 209920 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-04-23 16:25:30 174592 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-04-23 16:25:30 132096 ----a-w- C:\Windows\System32\cryptnet.dll
2012-04-23 16:25:30 1267200 ----a-w- C:\Windows\System32\crypt32.dll
2012-04-23 16:00:53 984064 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-04-23 16:00:53 98304 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-04-23 16:00:53 133120 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
.
============= FINISH: 10:38:35.03 ===============



Here is the DeFogger log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 10:32 on 18/07/2012 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 PM

Posted 21 July 2012 - 11:23 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 08:26 AM

Thanks Gringo!

Update: I didn't have to disable the Firewall.
I've attached ComboFix's log below.
--------------
Quick question: will any lurking viruses install themselves once I close my Windows Firewall?

I ask because a NEW and very strange problem appeared:

ssvagent.exe began appearing yesterday around 2 p.m. requesting permission to proceed.

This seemed very strange so I denied it. I searched and realize that it's a nasty virus. I keep getting several pop-ups from ssvagent.exe to continue.

For now, I will proceed with Security Check.

Edited by solsticeIL, 22 July 2012 - 09:01 AM.


#4 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 08:32 AM

This is the Security Check log

Results of screen317's Security Check version 0.99.43
Windows Vista Service Pack 2 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
AVG2012 successfully updated!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Adobe Flash Player 11.3.300.265
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

#5 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 09:01 AM

Here is the Combo Fix Log

ComboFix 12-07-21.01 - Admin 07/22/2012 8:44.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4058.2303 [GMT -5:00]
Running from: c:\users\Tina\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\AppData\Roaming\Microsoft\~DFK35b5c6a2.tmp
c:\users\Admin\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Admin\AppData\Roaming\Microsoft\bass.dll
c:\users\Admin\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Admin\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Admin\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Admin\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Admin\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Tina\AppData\Roaming\Microsoft\~DFK35b4ce11.tmp
c:\users\Tina\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\Tina\AppData\Roaming\Microsoft\bass.dll
c:\users\Tina\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\Tina\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\Tina\AppData\Roaming\Microsoft\peaadje.dll
c:\users\Tina\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\Tina\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\Tina\Documents\~WRL0001.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-06-22 to 2012-07-22 )))))))))))))))))))))))))))))))
.
.
2012-07-22 13:54 . 2012-07-22 13:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-22 13:54 . 2012-07-22 13:54 -------- d-----w- c:\users\Admin\AppData\Local\temp
2012-07-17 02:35 . 2012-07-17 02:35 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-07-17 02:24 . 2012-07-17 02:24 -------- d-----w- c:\program files (x86)\Oracle
2012-07-17 02:24 . 2012-07-17 02:23 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-17 01:14 . 2012-07-17 01:14 955888 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-17 01:14 . 2012-07-17 01:14 268784 ----a-w- c:\windows\system32\javaws.exe
2012-07-17 01:14 . 2012-07-17 01:14 189424 ----a-w- c:\windows\system32\javaw.exe
2012-07-17 01:14 . 2012-07-17 01:14 188912 ----a-w- c:\windows\system32\java.exe
2012-07-15 18:15 . 2012-07-15 18:15 -------- d-----w- c:\program files (x86)\ESET
2012-07-13 20:23 . 2012-07-13 20:23 -------- d-----w- c:\users\Admin\AppData\Roaming\ChemTable Software
2012-07-13 17:56 . 2012-07-13 17:56 -------- d-----w- c:\users\Admin\AppData\Local\Macromedia
2012-07-11 13:34 . 2012-06-05 16:47 708608 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-10 20:04 . 2012-07-10 20:04 -------- d-----w- c:\users\Tina\AppData\Local\Trend Micro
2012-07-05 14:53 . 2012-07-05 14:53 -------- d-----w- c:\users\Tina\AppData\Local\Macromedia
2012-06-22 14:13 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-22 14:13 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-22 14:13 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-22 14:13 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-22 14:12 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-22 14:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\SysWow64\wups.dll
2012-06-22 14:12 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-22 14:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\SysWow64\wuapi.dll
2012-06-22 14:12 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-22 14:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\SysWow64\wudriver.dll
2012-06-22 14:12 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-22 14:12 . 2012-06-02 20:19 171904 ----a-w- c:\windows\SysWow64\wuwebv.dll
2012-06-22 14:12 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-22 14:12 . 2012-06-02 20:12 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-17 02:23 . 2010-08-29 13:15 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-07-17 01:14 . 2012-02-03 14:58 839152 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-13 20:27 . 2012-04-05 19:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-13 20:27 . 2011-08-09 14:33 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-12 08:03 . 2006-11-02 12:35 59701280 ----a-w- c:\windows\system32\mrt.exe
2012-07-03 18:46 . 2010-08-22 03:35 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-05-05 15:06 . 2012-04-05 20:06 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-05-01 14:29 . 2012-06-13 14:12 209920 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-04-23 16:25 . 2012-06-13 14:11 1267200 ----a-w- c:\windows\system32\crypt32.dll
2012-04-23 16:25 . 2012-06-13 14:11 174592 ----a-w- c:\windows\system32\cryptsvc.dll
2012-04-23 16:25 . 2012-06-13 14:11 132096 ----a-w- c:\windows\system32\cryptnet.dll
2012-04-23 16:00 . 2012-06-13 14:11 984064 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-04-23 16:00 . 2012-06-13 14:11 133120 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-04-23 16:00 . 2012-06-13 14:11 98304 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"Pogoplug"="c:\program files\Pogoplug\PPDrive.exe" [2011-06-21 254784]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-04-05 17356424]
"RoboForm"="c:\users\Tina\AppData\Roaming\RoboForm\RoboTaskBarIcon.exe" [2012-05-01 109296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-04-24 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-03-14 202032]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"IJNetworkScanUtility"="c:\program files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe" [2010-08-23 206240]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
R2 ADExchange;ArcSoft Exchange Service;c:\program files (x86)\Common Files\ArcSoft\esinter\Bin\eservutil.exe [x]
R3 a2acc;a2acc;c:\program files (x86)\MAMUTU\a2accx64.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe [2008-02-12 86016]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 00:37]
.
2012-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-21 00:37]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-788194389-710293613-2749244959-1001Core.job
- c:\users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 16:24]
.
2012-07-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-788194389-710293613-2749244959-1001UA.job
- c:\users\Tina\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-27 16:24]
.
2012-07-13 c:\windows\Tasks\HPCeeScheduleForAdmin.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
2012-07-17 c:\windows\Tasks\HPCeeScheduleForTina.job
- c:\program files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe [2008-08-04 03:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-18 151064]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-18 209432]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-18 181784]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2008-01-21 246784]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-24 685568]
"SysTrayApp"="c:\program files (x86)\IDT\WDM\sttray64.exe" [2008-04-28 443904]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"Ashampoo HDD Control Guard"="c:\program files (x86)\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe" [2011-01-28 4085080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - file://c:\users\Tina\AppData\Roaming\RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\users\Tina\AppData\Roaming\RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\users\Tina\AppData\Roaming\RoboForm\RoboFormComSavePass.html
IE: Show RoboForm Toolbar - file://c:\users\Tina\AppData\Roaming\RoboForm\RoboFormComShowToolbar.html
TCP: DhcpNameServer = 68.94.156.1 68.94.157.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37153479-1976-43c3-a1ee-557513977b64} - (no file)
Wow6432Node-HKCU-Run-TomTomHOME.exe - c:\program files (x86)\TomTom HOME 2\TomTomHOMERunner.exe
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
Wow6432Node-HKLM-Run-hpqSRMon - (no file)
Wow6432Node-HKLM-Run-APSDaemon - c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2012-07-22 08:57:43
ComboFix-quarantined-files.txt 2012-07-22 13:57
.
Pre-Run: 161,145,401,344 bytes free
Post-Run: 162,492,964,864 bytes free
.
- - End Of File - - 8744386D36D8B150CEC3C0114792896D

#6 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 09:13 AM

While ComboFix was running, a PEV.exe stopped running message appeared but I ignored it

After running ComboFix, I waited 5 minutes to see if the ssvagent.exe pop ups would continue. They did not.
I also did a few Google searches in Firefox by clicking on the first links in several searches. No redirects

BUT checking Chrome, the second link redirected to merchantcircle.com on the first attempt.

So, the redirect problem continues.

Edited by solsticeIL, 22 July 2012 - 09:15 AM.


#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 PM

Posted 22 July 2012 - 11:46 AM

Greetings solsticeIL

I am glad things are running better but I still want to run a couple of deeper scans to be sure

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 06:11 PM

I rebooted my computer and ssvagent.exe came back instantly.

Here is the TDSSKiller log:

18:08:55.0668 3452 TDSS rootkit removing tool 2.7.46.0 Jul 16 2012 22:10:11
18:08:56.0016 3452 ============================================================
18:08:56.0016 3452 Current date / time: 2012/07/22 18:08:56.0016
18:08:56.0016 3452 SystemInfo:
18:08:56.0016 3452
18:08:56.0016 3452 OS Version: 6.0.6002 ServicePack: 2.0
18:08:56.0016 3452 Product type: Workstation
18:08:56.0016 3452 ComputerName: TINAA
18:08:56.0016 3452 UserName: Admin
18:08:56.0016 3452 Windows directory: C:\Windows
18:08:56.0016 3452 System windows directory: C:\Windows
18:08:56.0016 3452 Running under WOW64
18:08:56.0016 3452 Processor architecture: Intel x64
18:08:56.0016 3452 Number of processors: 2
18:08:56.0016 3452 Page size: 0x1000
18:08:56.0016 3452 Boot type: Normal boot
18:08:56.0016 3452 ============================================================
18:08:57.0327 3452 Drive \Device\Harddisk1\DR1 - Size: 0x3C1B00000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000048
18:08:57.0344 3452 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x7E2D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
18:08:57.0350 3452 Drive \Device\Harddisk1\DR1 - Size: 0x3C1B00000 (15.03 Gb), SectorSize: 0x200, Cylinders: 0x7A9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:08:57.0353 3452 ============================================================
18:08:57.0353 3452 \Device\Harddisk1\DR1:
18:08:57.0353 3452 MBR partitions:
18:08:57.0353 3452 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1E0B800
18:08:57.0353 3452 \Device\Harddisk0\DR0:
18:08:57.0353 3452 MBR partitions:
18:08:57.0353 3452 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BB4B7C1
18:08:57.0353 3452 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1BB4B800, BlocksNum 0x1678800
18:08:57.0353 3452 \Device\Harddisk1\DR1:
18:08:57.0354 3452 MBR partitions:
18:08:57.0354 3452 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1E0B800
18:08:57.0354 3452 ============================================================
18:08:57.0378 3452 C: <-> \Device\Harddisk0\DR0\Partition0
18:08:57.0439 3452 D: <-> \Device\Harddisk0\DR0\Partition1
18:08:57.0439 3452 ============================================================
18:08:57.0439 3452 Initialize success
18:08:57.0439 3452 ============================================================
18:09:00.0452 5496 ============================================================
18:09:00.0453 5496 Scan started
18:09:00.0453 5496 Mode: Manual;
18:09:00.0453 5496 ============================================================
18:09:01.0446 5496 !SASCORE - ok
18:09:01.0530 5496 a2acc - ok
18:09:01.0708 5496 Accelerometer (60fbb29ccce48b4c3a6517caf42c3496) C:\Windows\system32\DRIVERS\Accelerometer.sys
18:09:01.0710 5496 Accelerometer - ok
18:09:01.0802 5496 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
18:09:01.0805 5496 ACPI - ok
18:09:01.0904 5496 ADExchange - ok
18:09:02.0034 5496 AdobeActiveFileMonitor9.0 (c004f38974f4d321b4c20a240e1175c0) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
18:09:02.0037 5496 AdobeActiveFileMonitor9.0 - ok
18:09:02.0137 5496 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
18:09:02.0145 5496 adp94xx - ok
18:09:02.0213 5496 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
18:09:02.0220 5496 adpahci - ok
18:09:02.0253 5496 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
18:09:02.0256 5496 adpu160m - ok
18:09:02.0308 5496 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
18:09:02.0312 5496 adpu320 - ok
18:09:02.0349 5496 AeLookupSvc (0f421175574bfe0bf2f4d8e910a253bb) C:\Windows\System32\aelupsvc.dll
18:09:02.0351 5496 AeLookupSvc - ok
18:09:02.0458 5496 AESTFilters (05f4262fdbdfaeca7ef9b3f0807508fc) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe
18:09:02.0459 5496 AESTFilters - ok
18:09:02.0555 5496 AFD (c4f6ce6087760ad70960c9eb130e7943) C:\Windows\system32\drivers\afd.sys
18:09:02.0558 5496 AFD - ok
18:09:02.0590 5496 AgereModemAudio (8b0d8b5bafd4c9d57b41426bc68b32f9) C:\Windows\system32\agr64svc.exe
18:09:02.0590 5496 AgereModemAudio - ok
18:09:02.0760 5496 AgereSoftModem (c98356d813b581e9c425b42a5d146ce0) C:\Windows\system32\DRIVERS\agrsm64.sys
18:09:02.0768 5496 AgereSoftModem - ok
18:09:02.0827 5496 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
18:09:02.0828 5496 agp440 - ok
18:09:02.0879 5496 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
18:09:02.0881 5496 aic78xx - ok
18:09:02.0935 5496 ALG (5922f4f59b7868f3d74bbbbeb7b825a3) C:\Windows\System32\alg.exe
18:09:02.0936 5496 ALG - ok
18:09:02.0966 5496 aliide (9544c2c55541c0c6bfd7b489d0e7d430) C:\Windows\system32\drivers\aliide.sys
18:09:02.0967 5496 aliide - ok
18:09:02.0981 5496 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
18:09:02.0982 5496 amdide - ok
18:09:03.0060 5496 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
18:09:03.0061 5496 AmdK8 - ok
18:09:03.0113 5496 ApfiltrService (69d882157e5e4d17d32e30182f945046) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:09:03.0115 5496 ApfiltrService - ok
18:09:03.0153 5496 Apowersoft_AudioDevice (ad12f5c7251bb8d575d560894e73cbba) C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
18:09:03.0154 5496 Apowersoft_AudioDevice - ok
18:09:03.0212 5496 Appinfo (9c37b3fd5615477cb9a0cd116cf43f5c) C:\Windows\System32\appinfo.dll
18:09:03.0214 5496 Appinfo - ok
18:09:03.0250 5496 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
18:09:03.0252 5496 arc - ok
18:09:03.0280 5496 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
18:09:03.0282 5496 arcsas - ok
18:09:03.0309 5496 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
18:09:03.0310 5496 AsyncMac - ok
18:09:03.0358 5496 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
18:09:03.0359 5496 atapi - ok
18:09:03.0453 5496 AudioEndpointBuilder (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:09:03.0459 5496 AudioEndpointBuilder - ok
18:09:03.0470 5496 AudioSrv (79318c744693ec983d20e9337a2f8196) C:\Windows\System32\Audiosrv.dll
18:09:03.0476 5496 AudioSrv - ok
18:09:04.0058 5496 AVGIDSAgent (d67719bcfde5798f5c30d14efed3bcaf) C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
18:09:04.0100 5496 AVGIDSAgent - ok
18:09:04.0266 5496 AVGIDSDriver (1b2e9fcdc26dc7c81d4131430e2dc936) C:\Windows\system32\DRIVERS\avgidsdrivera.sys
18:09:04.0267 5496 AVGIDSDriver - ok
18:09:04.0297 5496 AVGIDSFilter (0f293406f64b48d5d2f0d3a1117f3a83) C:\Windows\system32\DRIVERS\avgidsfiltera.sys
18:09:04.0298 5496 AVGIDSFilter - ok
18:09:04.0319 5496 AVGIDSHA (cffc3a4a638f462e0561cb368b9a7a3a) C:\Windows\system32\DRIVERS\avgidsha.sys
18:09:04.0320 5496 AVGIDSHA - ok
18:09:04.0370 5496 Avgldx64 (59955b4c288dd2a8b9fd2cd5158355c5) C:\Windows\system32\DRIVERS\avgldx64.sys
18:09:04.0373 5496 Avgldx64 - ok
18:09:04.0397 5496 Avgmfx64 (a6aec362aae5e2dda7445e7690cb0f33) C:\Windows\system32\DRIVERS\avgmfx64.sys
18:09:04.0398 5496 Avgmfx64 - ok
18:09:04.0415 5496 Avgrkx64 (645c7f0a0e39758a0024a9b1748273c0) C:\Windows\system32\DRIVERS\avgrkx64.sys
18:09:04.0416 5496 Avgrkx64 - ok
18:09:04.0471 5496 Avgtdia (1bee674ad792b1c63bb0dac5fa724b23) C:\Windows\system32\DRIVERS\avgtdia.sys
18:09:04.0475 5496 Avgtdia - ok
18:09:04.0614 5496 avgwd (ea1145debcd508fd25bd1e95c4346929) C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
18:09:04.0619 5496 avgwd - ok
18:09:04.0848 5496 BCM43XV (b66ca2eee39ffa05fc99403653819bc6) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:09:04.0859 5496 BCM43XV - ok
18:09:04.0882 5496 BCM43XX (b66ca2eee39ffa05fc99403653819bc6) C:\Windows\system32\DRIVERS\bcmwl664.sys
18:09:04.0892 5496 BCM43XX - ok
18:09:04.0913 5496 Beep - ok
18:09:04.0997 5496 BFE (ffb96c2589ffa60473ead78b39fbde29) C:\Windows\System32\bfe.dll
18:09:05.0001 5496 BFE - ok
18:09:05.0406 5496 BITS (6d316f4859634071cc25c4fd4589ad2c) C:\Windows\system32\qmgr.dll
18:09:05.0416 5496 BITS - ok
18:09:05.0474 5496 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
18:09:05.0476 5496 blbdrive - ok
18:09:05.0581 5496 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
18:09:05.0585 5496 Bonjour Service - ok
18:09:05.0647 5496 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
18:09:05.0648 5496 bowser - ok
18:09:05.0697 5496 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
18:09:05.0698 5496 BrFiltLo - ok
18:09:05.0722 5496 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
18:09:05.0723 5496 BrFiltUp - ok
18:09:05.0801 5496 Browser (a1b39de453433b115b4ea69ee0343816) C:\Windows\System32\browser.dll
18:09:05.0803 5496 Browser - ok
18:09:05.0884 5496 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
18:09:05.0885 5496 Brserid - ok
18:09:05.0906 5496 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
18:09:05.0908 5496 BrSerWdm - ok
18:09:05.0928 5496 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
18:09:05.0929 5496 BrUsbMdm - ok
18:09:05.0974 5496 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
18:09:05.0975 5496 BrUsbSer - ok
18:09:05.0995 5496 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
18:09:05.0996 5496 BthEnum - ok
18:09:06.0026 5496 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
18:09:06.0027 5496 BTHMODEM - ok
18:09:06.0095 5496 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
18:09:06.0096 5496 BthPan - ok
18:09:06.0130 5496 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
18:09:06.0132 5496 BTHPORT - ok
18:09:06.0174 5496 BthServ (22e65ffd640f16968f855f5b3528d366) C:\Windows\System32\bthserv.dll
18:09:06.0175 5496 BthServ - ok
18:09:06.0203 5496 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
18:09:06.0204 5496 BTHUSB - ok
18:09:06.0208 5496 catchme - ok
18:09:06.0242 5496 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
18:09:06.0243 5496 cdfs - ok
18:09:06.0295 5496 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
18:09:06.0297 5496 cdrom - ok
18:09:06.0368 5496 CertPropSvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:09:06.0369 5496 CertPropSvc - ok
18:09:06.0382 5496 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\DRIVERS\circlass.sys
18:09:06.0383 5496 circlass - ok
18:09:06.0442 5496 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
18:09:06.0445 5496 CLFS - ok
18:09:06.0529 5496 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:09:06.0530 5496 clr_optimization_v2.0.50727_32 - ok
18:09:06.0613 5496 clr_optimization_v2.0.50727_64 (ce07a466201096f021cd09d631b21540) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:09:06.0615 5496 clr_optimization_v2.0.50727_64 - ok
18:09:06.0737 5496 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:09:06.0740 5496 clr_optimization_v4.0.30319_32 - ok
18:09:06.0823 5496 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
18:09:06.0825 5496 clr_optimization_v4.0.30319_64 - ok
18:09:06.0887 5496 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
18:09:06.0888 5496 CmBatt - ok
18:09:06.0923 5496 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
18:09:06.0924 5496 cmdide - ok
18:09:07.0093 5496 Com4QLBEx (7795f8cebc284a426b53f541e538695f) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
18:09:07.0096 5496 Com4QLBEx - ok
18:09:07.0160 5496 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
18:09:07.0161 5496 Compbatt - ok
18:09:07.0166 5496 COMSysApp - ok
18:09:07.0182 5496 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
18:09:07.0183 5496 crcdisk - ok
18:09:07.0259 5496 CryptSvc (62740b9d2a137e8ced41a9e4239a7a31) C:\Windows\system32\cryptsvc.dll
18:09:07.0261 5496 CryptSvc - ok
18:09:07.0368 5496 DcomLaunch (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:09:07.0374 5496 DcomLaunch - ok
18:09:07.0431 5496 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
18:09:07.0432 5496 DfsC - ok
18:09:07.0571 5496 DfSdkS (d51b32ba3897f630d99713b74b40d6a2) C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\Dfsdks.exe
18:09:07.0575 5496 DfSdkS - ok
18:09:07.0885 5496 DFSR (c647f468f7de343df8c143655c5557d4) C:\Windows\system32\DFSR.exe
18:09:07.0918 5496 DFSR - ok
18:09:08.0098 5496 Dhcp (3ed0321127ce70acdaabbf77e157c2a7) C:\Windows\System32\dhcpcsvc.dll
18:09:08.0102 5496 Dhcp - ok
18:09:08.0225 5496 DigiartyVirtualCDBus (79b9d7643c9e3ad10b89df8ef0a9d2fe) C:\Windows\system32\drivers\DigiartyVirtualCDBus.sys
18:09:08.0230 5496 DigiartyVirtualCDBus - ok
18:09:08.0266 5496 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
18:09:08.0268 5496 disk - ok
18:09:08.0388 5496 Dnscache (06230f1b721494a6df8d47fd395bb1b0) C:\Windows\System32\dnsrslvr.dll
18:09:08.0391 5496 Dnscache - ok
18:09:08.0515 5496 DokanCEDriver (6f6d869252db86b571bf2018fb0dc686) C:\Program Files\Pogoplug\dokance.sys
18:09:08.0516 5496 DokanCEDriver - ok
18:09:08.0547 5496 DokanCEMounter (9be28d1e518a35979385c9bd77562bab) C:\Program Files\Pogoplug\dokanmnt.exe
18:09:08.0549 5496 DokanCEMounter - ok
18:09:08.0608 5496 dot3svc (1a7156dd1e850e9914e5e991e3225b94) C:\Windows\System32\dot3svc.dll
18:09:08.0610 5496 dot3svc - ok
18:09:08.0664 5496 DPS (1583b39790db3eaec7edb0cb0140c708) C:\Windows\system32\dps.dll
18:09:08.0665 5496 DPS - ok
18:09:08.0714 5496 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
18:09:08.0715 5496 drmkaud - ok
18:09:08.0820 5496 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
18:09:08.0828 5496 DXGKrnl - ok
18:09:08.0870 5496 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
18:09:08.0871 5496 E1G60 - ok
18:09:08.0929 5496 EapHost (c2303883fd9be49dc36a6400643002ea) C:\Windows\System32\eapsvc.dll
18:09:08.0931 5496 EapHost - ok
18:09:08.0999 5496 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
18:09:09.0001 5496 Ecache - ok
18:09:09.0097 5496 ehRecvr (14ce384d2e27b64c256bda4dc39c312d) C:\Windows\ehome\ehRecvr.exe
18:09:09.0101 5496 ehRecvr - ok
18:09:09.0150 5496 ehSched (b93159c1313d66fdfbbe876f5189cd52) C:\Windows\ehome\ehsched.exe
18:09:09.0152 5496 ehSched - ok
18:09:09.0174 5496 ehstart (f5ee2527d74449868e3c3227a59bcd28) C:\Windows\ehome\ehstart.dll
18:09:09.0175 5496 ehstart - ok
18:09:09.0232 5496 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
18:09:09.0236 5496 elxstor - ok
18:09:09.0327 5496 EMDMgmt (a9b18b63a4fd6baab83326706d857fab) C:\Windows\system32\emdmgmt.dll
18:09:09.0332 5496 EMDMgmt - ok
18:09:09.0371 5496 enecir (3a70dc8951b995c73a22b9a23210833e) C:\Windows\system32\DRIVERS\enecir.sys
18:09:09.0373 5496 enecir - ok
18:09:09.0396 5496 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
18:09:09.0397 5496 ErrDev - ok
18:09:09.0482 5496 EventSystem (e12f22b73f153dece721cd45ec05b4af) C:\Windows\system32\es.dll
18:09:09.0486 5496 EventSystem - ok
18:09:09.0539 5496 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
18:09:09.0541 5496 exfat - ok
18:09:09.0598 5496 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
18:09:09.0599 5496 fastfat - ok
18:09:09.0631 5496 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
18:09:09.0632 5496 fdc - ok
18:09:09.0665 5496 fdPHost (bb9267acacd8b7533dd936c34a0cba5e) C:\Windows\system32\fdPHost.dll
18:09:09.0666 5496 fdPHost - ok
18:09:09.0684 5496 FDResPub (300c80931eabbe1db7591c516efe8d0f) C:\Windows\system32\fdrespub.dll
18:09:09.0685 5496 FDResPub - ok
18:09:09.0701 5496 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
18:09:09.0702 5496 FileInfo - ok
18:09:09.0722 5496 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
18:09:09.0723 5496 Filetrace - ok
18:09:09.0901 5496 FlipShare Service (7a7f1d1c598c5c8b21ceaaab892b9fb8) C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe
18:09:09.0905 5496 FlipShare Service - ok
18:09:09.0919 5496 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:09:09.0920 5496 flpydisk - ok
18:09:09.0981 5496 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
18:09:09.0983 5496 FltMgr - ok
18:09:10.0129 5496 FontCache (be1c5bd1ca7ed015bc6fa1ae67e592c8) C:\Windows\system32\FntCache.dll
18:09:10.0138 5496 FontCache - ok
18:09:10.0226 5496 FontCache3.0.0.0 (bc5b0be5af3510b0fd8c140ee42c6d3e) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:09:10.0228 5496 FontCache3.0.0.0 - ok
18:09:10.0299 5496 Fs_Rec (5779b86cd8b32519fbecb136394d946a) C:\Windows\system32\drivers\Fs_Rec.sys
18:09:10.0300 5496 Fs_Rec - ok
18:09:10.0346 5496 FTDIBUS (ed07200cff78facfb66ebb0b89f503a4) C:\Windows\system32\drivers\ftdibus.sys
18:09:10.0348 5496 FTDIBUS - ok
18:09:10.0416 5496 FTSER2K (9980e7584484a009e77e9bfa14c0c18a) C:\Windows\system32\drivers\ftser2k.sys
18:09:10.0418 5496 FTSER2K - ok
18:09:10.0457 5496 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
18:09:10.0459 5496 gagp30kx - ok
18:09:10.0603 5496 GameConsoleService (6139ae70e943b2a57ad04b70a316c0a0) C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
18:09:10.0607 5496 GameConsoleService - ok
18:09:10.0722 5496 gpsvc (a0e1b575ba8f504968cd40c0faeb2384) C:\Windows\System32\gpsvc.dll
18:09:10.0735 5496 gpsvc - ok
18:09:10.0811 5496 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:09:10.0812 5496 gupdate - ok
18:09:10.0829 5496 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:09:10.0831 5496 gupdatem - ok
18:09:10.0985 5496 HBAdmin (8baae663949ee0b12bd7bf8a438471fc) C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe
18:09:10.0991 5496 HBAdmin - ok
18:09:11.0125 5496 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
18:09:11.0127 5496 HdAudAddService - ok
18:09:11.0228 5496 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:09:11.0235 5496 HDAudBus - ok
18:09:11.0256 5496 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
18:09:11.0257 5496 HidBth - ok
18:09:11.0283 5496 HidIr (5f47839455d01ff6403b008d481a6f5b) C:\Windows\system32\DRIVERS\hidir.sys
18:09:11.0284 5496 HidIr - ok
18:09:11.0320 5496 hidserv (59361d38a297755d46a540e450202b2a) C:\Windows\System32\hidserv.dll
18:09:11.0322 5496 hidserv - ok
18:09:11.0343 5496 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
18:09:11.0344 5496 HidUsb - ok
18:09:11.0374 5496 hkmsvc (b12f367ea39c0795fd57e31242ce1a5a) C:\Windows\system32\kmsvc.dll
18:09:11.0376 5496 hkmsvc - ok
18:09:11.0513 5496 HP Health Check Service (a19b0bb5a7eb6df2dd4a0711d36955ee) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:09:11.0515 5496 HP Health Check Service - ok
18:09:11.0563 5496 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
18:09:11.0564 5496 HpCISSs - ok
18:09:11.0599 5496 hpdskflt (4a435ca815a54639ca09ddf75d751ebc) C:\Windows\system32\DRIVERS\hpdskflt.sys
18:09:11.0601 5496 hpdskflt - ok
18:09:11.0624 5496 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
18:09:11.0625 5496 HpqKbFiltr - ok
18:09:11.0676 5496 hpqwmiex (d50fdad1e57aa60f1973cfc77d905f0e) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
18:09:11.0678 5496 hpqwmiex - ok
18:09:11.0734 5496 hpsrv (6bf024ea61d7894bf4af0b10a90b546e) C:\Windows\system32\Hpservice.exe
18:09:11.0737 5496 hpsrv - ok
18:09:11.0842 5496 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:09:11.0845 5496 HSFHWAZL - ok
18:09:11.0969 5496 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:09:11.0985 5496 HSF_DPV - ok
18:09:12.0145 5496 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
18:09:12.0150 5496 HTTP - ok
18:09:12.0172 5496 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
18:09:12.0173 5496 i2omp - ok
18:09:12.0205 5496 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
18:09:12.0206 5496 i8042prt - ok
18:09:12.0256 5496 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
18:09:12.0258 5496 iaStorV - ok
18:09:12.0347 5496 IDriverT (6f95324909b502e2651442c1548ab12f) C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
18:09:12.0349 5496 IDriverT - ok
18:09:12.0519 5496 idsvc (749f5f8cedca70f2a512945325fc489d) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:09:12.0526 5496 idsvc - ok
18:09:13.0177 5496 igfx (663e7364f650a915d415eeb2da98d86a) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:09:13.0233 5496 igfx - ok
18:09:13.0351 5496 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
18:09:13.0352 5496 iirsp - ok
18:09:13.0426 5496 IKEEXT (0c9ea6e654e7b0471741e343a6c671af) C:\Windows\System32\ikeext.dll
18:09:13.0430 5496 IKEEXT - ok
18:09:13.0468 5496 IntcHdmiAddService (c7c9720a5b0fd2b974fc4f72e405204b) C:\Windows\system32\drivers\IntcHdmi.sys
18:09:13.0470 5496 IntcHdmiAddService - ok
18:09:13.0513 5496 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
18:09:13.0514 5496 intelide - ok
18:09:13.0526 5496 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
18:09:13.0527 5496 intelppm - ok
18:09:13.0563 5496 IPBusEnum (5624bc1bc5eeb49c0ab76a8114f05ea3) C:\Windows\system32\ipbusenum.dll
18:09:13.0565 5496 IPBusEnum - ok
18:09:13.0621 5496 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:09:13.0622 5496 IpFilterDriver - ok
18:09:13.0658 5496 iphlpsvc (bf0dbfa9792c5c14fa00f61c75116c1b) C:\Windows\System32\iphlpsvc.dll
18:09:13.0661 5496 iphlpsvc - ok
18:09:13.0666 5496 IpInIp - ok
18:09:13.0735 5496 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
18:09:13.0737 5496 IPMIDRV - ok
18:09:13.0761 5496 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
18:09:13.0765 5496 IPNAT - ok
18:09:13.0790 5496 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
18:09:13.0791 5496 IRENUM - ok
18:09:13.0840 5496 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
18:09:13.0841 5496 isapnp - ok
18:09:13.0904 5496 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
18:09:13.0907 5496 iScsiPrt - ok
18:09:13.0937 5496 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
18:09:13.0938 5496 iteatapi - ok
18:09:13.0999 5496 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
18:09:14.0001 5496 iteraid - ok
18:09:14.0048 5496 JMCR (f12fdd192cc5729304ac7ce9e89c81a0) C:\Windows\system32\DRIVERS\jmcr.sys
18:09:14.0050 5496 JMCR - ok
18:09:14.0076 5496 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
18:09:14.0077 5496 kbdclass - ok
18:09:14.0102 5496 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
18:09:14.0104 5496 kbdhid - ok
18:09:14.0135 5496 KeyIso (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:09:14.0138 5496 KeyIso - ok
18:09:14.0217 5496 KSecDD (88956ad9fa510848ad176777a6c6c1f5) C:\Windows\system32\Drivers\ksecdd.sys
18:09:14.0223 5496 KSecDD - ok
18:09:14.0253 5496 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
18:09:14.0255 5496 ksthunk - ok
18:09:14.0337 5496 KtmRm (1faf6926f3416d3da05c5b265491bdae) C:\Windows\system32\msdtckrm.dll
18:09:14.0343 5496 KtmRm - ok
18:09:14.0403 5496 LanmanServer (50c7a3cb427e9bb5ed0708a669956ab5) C:\Windows\System32\srvsvc.dll
18:09:14.0407 5496 LanmanServer - ok
18:09:14.0460 5496 LanmanWorkstation (caf86fc1388be1e470f1a7b43e348adb) C:\Windows\System32\wkssvc.dll
18:09:14.0463 5496 LanmanWorkstation - ok
18:09:14.0487 5496 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
18:09:14.0488 5496 lltdio - ok
18:09:14.0540 5496 lltdsvc (961ccbd0b1ccb5675d64976fae37d092) C:\Windows\System32\lltdsvc.dll
18:09:14.0543 5496 lltdsvc - ok
18:09:14.0568 5496 lmhosts (a47f8080cacc23c91fe823ad19aa5612) C:\Windows\System32\lmhsvc.dll
18:09:14.0570 5496 lmhosts - ok
18:09:14.0632 5496 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
18:09:14.0633 5496 LSI_FC - ok
18:09:14.0677 5496 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
18:09:14.0678 5496 LSI_SAS - ok
18:09:14.0691 5496 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
18:09:14.0693 5496 LSI_SCSI - ok
18:09:14.0703 5496 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
18:09:14.0705 5496 luafv - ok
18:09:14.0790 5496 McComponentHostService (f453d1e6d881e8f8717e20ccd4199e85) C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
18:09:14.0792 5496 McComponentHostService - ok
18:09:14.0824 5496 Mcx2Svc (76a58df02bd4ea29f189b82d0bef17f8) C:\Windows\system32\Mcx2Svc.dll
18:09:14.0827 5496 Mcx2Svc - ok
18:09:14.0846 5496 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
18:09:14.0847 5496 megasas - ok
18:09:14.0886 5496 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
18:09:14.0890 5496 MegaSR - ok
18:09:14.0910 5496 MMCSS (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:09:14.0912 5496 MMCSS - ok
18:09:14.0924 5496 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
18:09:14.0925 5496 Modem - ok
18:09:14.0945 5496 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
18:09:14.0947 5496 monitor - ok
18:09:14.0969 5496 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
18:09:14.0970 5496 mouclass - ok
18:09:14.0988 5496 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
18:09:14.0989 5496 mouhid - ok
18:09:15.0032 5496 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
18:09:15.0033 5496 MountMgr - ok
18:09:15.0335 5496 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:09:15.0337 5496 MozillaMaintenance - ok
18:09:15.0458 5496 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
18:09:15.0460 5496 mpio - ok
18:09:15.0509 5496 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
18:09:15.0510 5496 mpsdrv - ok
18:09:15.0596 5496 MpsSvc (897e3baf68ba406a61682ae39c83900c) C:\Windows\system32\mpssvc.dll
18:09:15.0603 5496 MpsSvc - ok
18:09:15.0630 5496 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
18:09:15.0631 5496 Mraid35x - ok
18:09:15.0700 5496 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
18:09:15.0701 5496 MRxDAV - ok
18:09:15.0914 5496 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:09:15.0916 5496 mrxsmb - ok
18:09:15.0975 5496 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:09:15.0978 5496 mrxsmb10 - ok
18:09:15.0992 5496 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:09:15.0994 5496 mrxsmb20 - ok
18:09:16.0036 5496 msahci (aa459f2ab3ab603c357ff117cae3d818) C:\Windows\system32\drivers\msahci.sys
18:09:16.0038 5496 msahci - ok
18:09:16.0078 5496 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
18:09:16.0080 5496 msdsm - ok
18:09:16.0131 5496 MSDTC (7ec02ce772f068ed0beafa3da341a9bc) C:\Windows\System32\msdtc.exe
18:09:16.0135 5496 MSDTC - ok
18:09:16.0181 5496 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
18:09:16.0183 5496 Msfs - ok
18:09:16.0251 5496 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
18:09:16.0252 5496 msisadrv - ok
18:09:16.0310 5496 MSiSCSI (366b0c1f4478b519c181e37d43dcda32) C:\Windows\system32\iscsiexe.dll
18:09:16.0322 5496 MSiSCSI - ok
18:09:16.0339 5496 msiserver - ok
18:09:16.0383 5496 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
18:09:16.0385 5496 MSKSSRV - ok
18:09:16.0410 5496 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
18:09:16.0410 5496 MSPCLOCK - ok
18:09:16.0423 5496 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
18:09:16.0424 5496 MSPQM - ok
18:09:16.0486 5496 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
18:09:16.0488 5496 MsRPC - ok
18:09:16.0522 5496 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
18:09:16.0523 5496 mssmbios - ok
18:09:16.0535 5496 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
18:09:16.0536 5496 MSTEE - ok
18:09:16.0562 5496 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
18:09:16.0563 5496 Mup - ok
18:09:16.0632 5496 napagent (a5b10c845e7538c60c0f5d87a57cb3f5) C:\Windows\system32\qagentRT.dll
18:09:16.0637 5496 napagent - ok
18:09:16.0718 5496 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
18:09:16.0720 5496 NativeWifiP - ok
18:09:16.0827 5496 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
18:09:16.0832 5496 NDIS - ok
18:09:16.0886 5496 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
18:09:16.0887 5496 NdisTapi - ok
18:09:16.0937 5496 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
18:09:16.0938 5496 Ndisuio - ok
18:09:16.0988 5496 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
18:09:16.0990 5496 NdisWan - ok
18:09:17.0008 5496 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
18:09:17.0010 5496 NDProxy - ok
18:09:17.0023 5496 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
18:09:17.0024 5496 NetBIOS - ok
18:09:17.0090 5496 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
18:09:17.0092 5496 netbt - ok
18:09:17.0113 5496 Netlogon (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:09:17.0115 5496 Netlogon - ok
18:09:17.0173 5496 Netman (9b63b29defc0f3115a559d2597bf5d75) C:\Windows\System32\netman.dll
18:09:17.0178 5496 Netman - ok
18:09:17.0219 5496 netprofm (7846d0136cc2b264926a73047ba7688a) C:\Windows\System32\netprofm.dll
18:09:17.0224 5496 netprofm - ok
18:09:17.0308 5496 NetTcpPortSharing (74751dda198165947fd7454d83f49825) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:09:17.0310 5496 NetTcpPortSharing - ok
18:09:17.0362 5496 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
18:09:17.0364 5496 nfrd960 - ok
18:09:17.0389 5496 NgFilter - ok
18:09:17.0398 5496 NgLog - ok
18:09:17.0407 5496 NgVpn - ok
18:09:17.0416 5496 NgWfp - ok
18:09:17.0486 5496 NlaSvc (f145bf4c4668e7e312069f81ef847cfc) C:\Windows\System32\nlasvc.dll
18:09:17.0490 5496 NlaSvc - ok
18:09:17.0537 5496 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
18:09:17.0539 5496 Npfs - ok
18:09:17.0550 5496 nsi (acb62baa1c319b17752553df3026eeeb) C:\Windows\system32\nsisvc.dll
18:09:17.0553 5496 nsi - ok
18:09:17.0579 5496 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
18:09:17.0580 5496 nsiproxy - ok
18:09:17.0743 5496 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
18:09:17.0754 5496 Ntfs - ok
18:09:17.0961 5496 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
18:09:17.0962 5496 Null - ok
18:09:18.0032 5496 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
18:09:18.0037 5496 NVENETFD - ok
18:09:18.0059 5496 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
18:09:18.0061 5496 nvraid - ok
18:09:18.0079 5496 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
18:09:18.0080 5496 nvstor - ok
18:09:18.0114 5496 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
18:09:18.0116 5496 nv_agp - ok
18:09:18.0120 5496 NwlnkFlt - ok
18:09:18.0130 5496 NwlnkFwd - ok
18:09:18.0273 5496 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:09:18.0276 5496 odserv - ok
18:09:18.0340 5496 ohci1394 (7b58953e2f263421fdbb09a192712a85) C:\Windows\system32\drivers\ohci1394.sys
18:09:18.0341 5496 ohci1394 - ok
18:09:18.0651 5496 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:09:18.0652 5496 ose - ok
18:09:19.0049 5496 p2pimsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:09:19.0056 5496 p2pimsvc - ok
18:09:19.0066 5496 p2psvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:09:19.0074 5496 p2psvc - ok
18:09:19.0125 5496 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
18:09:19.0127 5496 Parport - ok
18:09:19.0165 5496 partmgr (b43751085e2abe389da466bc62a4b987) C:\Windows\system32\drivers\partmgr.sys
18:09:19.0166 5496 partmgr - ok
18:09:19.0195 5496 PcaSvc (9ab157b374192ff276c1628fbdba2b0e) C:\Windows\System32\pcasvc.dll
18:09:19.0197 5496 PcaSvc - ok
18:09:19.0247 5496 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
18:09:19.0249 5496 pci - ok
18:09:19.0263 5496 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
18:09:19.0264 5496 pciide - ok
18:09:19.0308 5496 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
18:09:19.0310 5496 pcmcia - ok
18:09:19.0380 5496 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
18:09:19.0386 5496 PEAUTH - ok
18:09:19.0461 5496 PerfHost (0ed8727ea0172860f47258456c06caea) C:\Windows\SysWow64\perfhost.exe
18:09:19.0462 5496 PerfHost - ok
18:09:19.0626 5496 pla (e9e68c1a0f25cf4a7ac966eea74ee89e) C:\Windows\system32\pla.dll
18:09:19.0638 5496 pla - ok
18:09:19.0704 5496 PlugPlay (fe6b0f59215c9fd9f9d26539c58c8b82) C:\Windows\system32\umpnpmgr.dll
18:09:19.0709 5496 PlugPlay - ok
18:09:19.0803 5496 PNRPAutoReg (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:09:19.0812 5496 PNRPAutoReg - ok
18:09:19.0825 5496 PNRPsvc (9ae31d2e1d15c10d91318e0ec149ceac) C:\Windows\system32\p2psvc.dll
18:09:19.0833 5496 PNRPsvc - ok
18:09:19.0919 5496 PolicyAgent (89a5560671c2d8b4a4b51f3e1aa069d8) C:\Windows\System32\ipsecsvc.dll
18:09:19.0924 5496 PolicyAgent - ok
18:09:20.0002 5496 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
18:09:20.0004 5496 PptpMiniport - ok
18:09:20.0034 5496 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
18:09:20.0035 5496 Processor - ok
18:09:20.0102 5496 ProfSvc (e058ce4fc2449d8bfa14739c83b7ff2a) C:\Windows\system32\profsvc.dll
18:09:20.0105 5496 ProfSvc - ok
18:09:20.0168 5496 ProtectedStorage (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:09:20.0169 5496 ProtectedStorage - ok
18:09:20.0224 5496 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
18:09:20.0225 5496 PSched - ok
18:09:20.0251 5496 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
18:09:20.0252 5496 PxHlpa64 - ok
18:09:20.0408 5496 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
18:09:20.0416 5496 ql2300 - ok
18:09:20.0433 5496 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
18:09:20.0434 5496 ql40xx - ok
18:09:20.0619 5496 QPCapSvc (6803b69c14696cc4907c5f77fbb04a14) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
18:09:20.0622 5496 QPCapSvc - ok
18:09:20.0657 5496 QPSched (95a0b86b9f1d27b613830864341a8252) C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
18:09:20.0659 5496 QPSched - ok
18:09:20.0706 5496 QWAVE (90574842c3da781e279061a3eff91f07) C:\Windows\system32\qwave.dll
18:09:20.0710 5496 QWAVE - ok
18:09:20.0738 5496 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
18:09:20.0739 5496 QWAVEdrv - ok
18:09:20.0787 5496 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
18:09:20.0788 5496 RasAcd - ok
18:09:20.0898 5496 RasAuto (b2ae18f847d07f0044404ddf7cb04497) C:\Windows\System32\rasauto.dll
18:09:20.0902 5496 RasAuto - ok
18:09:20.0940 5496 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:09:20.0942 5496 Rasl2tp - ok
18:09:21.0047 5496 RasMan (3ad83e4046c43be510de681588acb8af) C:\Windows\System32\rasmans.dll
18:09:21.0053 5496 RasMan - ok
18:09:21.0115 5496 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
18:09:21.0116 5496 RasPppoe - ok
18:09:21.0177 5496 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
18:09:21.0178 5496 RasSstp - ok
18:09:21.0261 5496 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
18:09:21.0263 5496 rdbss - ok
18:09:21.0286 5496 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:09:21.0287 5496 RDPCDD - ok
18:09:21.0331 5496 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
18:09:21.0334 5496 rdpdr - ok
18:09:21.0340 5496 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
18:09:21.0341 5496 RDPENCDD - ok
18:09:21.0396 5496 RDPWD (ae4bd9e1c33d351d8e607fc81f15160c) C:\Windows\system32\drivers\RDPWD.sys
18:09:21.0399 5496 RDPWD - ok
18:09:21.0463 5496 Recovery Service for Windows (431723f23d0e065bef502389e8ffdc10) C:\Windows\SMINST\BLService.exe
18:09:21.0466 5496 Recovery Service for Windows - ok
18:09:21.0501 5496 RemoteAccess (c612b9557da73f70d41f8a6fbc8e5344) C:\Windows\System32\mprdim.dll
18:09:21.0504 5496 RemoteAccess - ok
18:09:21.0556 5496 RemoteRegistry (44b9d8ec2f3ef3a0efb00857af70d861) C:\Windows\system32\regsvc.dll
18:09:21.0560 5496 RemoteRegistry - ok
18:09:21.0635 5496 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
18:09:21.0636 5496 RFCOMM - ok
18:09:21.0775 5496 RichVideo (17e0bef5ca5c9ce52cc8082ac6ebc449) C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
18:09:21.0778 5496 RichVideo - ok
18:09:21.0811 5496 RpcLocator (f46c457840d4b7a4daafee739ce04102) C:\Windows\system32\locator.exe
18:09:21.0814 5496 RpcLocator - ok
18:09:21.0923 5496 RpcSs (cf8b9a3a5e7dc57724a89d0c3e8cf9ef) C:\Windows\system32\rpcss.dll
18:09:21.0933 5496 RpcSs - ok
18:09:21.0970 5496 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
18:09:21.0972 5496 rspndr - ok
18:09:22.0026 5496 RTL8169 (f49d8df8895d809cb0a4deb44113de6f) C:\Windows\system32\DRIVERS\Rtlh64.sys
18:09:22.0028 5496 RTL8169 - ok
18:09:22.0091 5496 SamSs (260bf9c43ee12c6898a9f5aab0fb0e5d) C:\Windows\system32\lsass.exe
18:09:22.0093 5496 SamSs - ok
18:09:22.0112 5496 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
18:09:22.0114 5496 sbp2port - ok
18:09:22.0187 5496 SCardSvr (fd1cdcf108d5ef3366f00d18b70fb89b) C:\Windows\System32\SCardSvr.dll
18:09:22.0192 5496 SCardSvr - ok
18:09:22.0441 5496 Schedule (0f838c811ad295d2a4489b9993096c63) C:\Windows\system32\schedsvc.dll
18:09:22.0449 5496 Schedule - ok
18:09:22.0526 5496 SCPolicySvc (5a268127633c7ee2a7fb87f39d748d56) C:\Windows\System32\certprop.dll
18:09:22.0527 5496 SCPolicySvc - ok
18:09:22.0690 5496 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
18:09:22.0691 5496 sdbus - ok
18:09:22.0737 5496 SDRSVC (4ff71b076a7760fe75ea5ae2d0ee0018) C:\Windows\System32\SDRSVC.dll
18:09:22.0740 5496 SDRSVC - ok
18:09:22.0776 5496 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:09:22.0777 5496 secdrv - ok
18:09:22.0785 5496 seclogon (5acdcbc67fcf894a1815b9f96d704490) C:\Windows\system32\seclogon.dll
18:09:22.0787 5496 seclogon - ok
18:09:22.0810 5496 SENS (90973a64b96cd647ff81c79443618eed) C:\Windows\system32\sens.dll
18:09:22.0812 5496 SENS - ok
18:09:22.0830 5496 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\DRIVERS\serenum.sys
18:09:22.0831 5496 Serenum - ok
18:09:22.0857 5496 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
18:09:22.0858 5496 Serial - ok
18:09:22.0886 5496 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
18:09:22.0887 5496 sermouse - ok
18:09:22.0914 5496 SessionEnv (a8e4a4407a09f35dccc3771af590b0c4) C:\Windows\system32\sessenv.dll
18:09:22.0916 5496 SessionEnv - ok
18:09:22.0932 5496 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
18:09:22.0932 5496 sffdisk - ok
18:09:22.0949 5496 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
18:09:22.0950 5496 sffp_mmc - ok
18:09:22.0965 5496 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
18:09:22.0965 5496 sffp_sd - ok
18:09:22.0981 5496 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
18:09:22.0981 5496 sfloppy - ok
18:09:23.0037 5496 SharedAccess (4c5aee179da7e1ee9a9ccb9da289af34) C:\Windows\System32\ipnathlp.dll
18:09:23.0041 5496 SharedAccess - ok
18:09:23.0107 5496 ShellHWDetection (56793271ecdedd350c5add305603e963) C:\Windows\System32\shsvcs.dll
18:09:23.0111 5496 ShellHWDetection - ok
18:09:23.0125 5496 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
18:09:23.0126 5496 SiSRaid2 - ok
18:09:23.0158 5496 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
18:09:23.0160 5496 SiSRaid4 - ok
18:09:23.0245 5496 SkypeUpdate (68ea68d03bf58389fe6ad2b38fad798c) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:09:23.0246 5496 SkypeUpdate - ok
18:09:23.0520 5496 slsvc (a9a27a8e257b45a604fdad4f26fe7241) C:\Windows\system32\SLsvc.exe
18:09:23.0548 5496 slsvc - ok
18:09:23.0744 5496 SLUINotify (fd74b4b7c2088e390a30c85a896fc3af) C:\Windows\system32\SLUINotify.dll
18:09:23.0746 5496 SLUINotify - ok
18:09:23.0813 5496 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
18:09:23.0814 5496 Smb - ok
18:09:23.0852 5496 SNMPTRAP (f8f47f38909823b1af28d60b96340cff) C:\Windows\System32\snmptrap.exe
18:09:23.0855 5496 SNMPTRAP - ok
18:09:23.0905 5496 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
18:09:23.0905 5496 spldr - ok
18:09:23.0959 5496 Spooler (f66ff751e7efc816d266977939ef5dc3) C:\Windows\System32\spoolsv.exe
18:09:23.0962 5496 Spooler - ok
18:09:24.0331 5496 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
18:09:24.0336 5496 srv - ok
18:09:24.0406 5496 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
18:09:24.0409 5496 srv2 - ok
18:09:24.0432 5496 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
18:09:24.0435 5496 srvnet - ok
18:09:24.0481 5496 SSDPSRV (192c74646ec5725aef3f80d19ff75f6a) C:\Windows\System32\ssdpsrv.dll
18:09:24.0486 5496 SSDPSRV - ok
18:09:24.0599 5496 SstpSvc (2ee3fa0308e6185ba64a9a7f2e74332b) C:\Windows\system32\sstpsvc.dll
18:09:24.0604 5496 SstpSvc - ok
18:09:24.0770 5496 STacSV (7dbd99805605a1eff5ae5997a190b385) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe
18:09:24.0775 5496 STacSV - ok
18:09:24.0884 5496 STHDA (96f8175849082158497505fb574953eb) C:\Windows\system32\DRIVERS\stwrt64.sys
18:09:24.0887 5496 STHDA - ok
18:09:24.0959 5496 stisvc (15825c1fbfb8779992cb65087f316af5) C:\Windows\System32\wiaservc.dll
18:09:24.0965 5496 stisvc - ok
18:09:24.0996 5496 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
18:09:24.0997 5496 swenum - ok
18:09:25.0082 5496 swprv (6de37f4de19d4efd9c48c43addbc949a) C:\Windows\System32\swprv.dll
18:09:25.0087 5496 swprv - ok
18:09:25.0100 5496 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
18:09:25.0101 5496 Symc8xx - ok
18:09:25.0109 5496 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
18:09:25.0111 5496 Sym_hi - ok
18:09:25.0130 5496 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
18:09:25.0131 5496 Sym_u3 - ok
18:09:25.0227 5496 SysMain (92d7a8b0f87b036f17d25885937897a6) C:\Windows\system32\sysmain.dll
18:09:25.0234 5496 SysMain - ok
18:09:25.0259 5496 TabletInputService (005ce42567f9113a3bccb3b20073b029) C:\Windows\System32\TabSvc.dll
18:09:25.0261 5496 TabletInputService - ok
18:09:25.0328 5496 TapiSrv (cc2562b4d55e0b6a4758c65407f63b79) C:\Windows\System32\tapisrv.dll
18:09:25.0332 5496 TapiSrv - ok
18:09:25.0352 5496 TBS (cdbe8d7c1e201b911cdc346d06617fb5) C:\Windows\System32\tbssvc.dll
18:09:25.0354 5496 TBS - ok
18:09:25.0499 5496 Tcpip (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\drivers\tcpip.sys
18:09:25.0510 5496 Tcpip - ok
18:09:25.0529 5496 Tcpip6 (46d448e9117464e4d3bbf36d7e3fa48e) C:\Windows\system32\DRIVERS\tcpip.sys
18:09:25.0541 5496 Tcpip6 - ok
18:09:25.0580 5496 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
18:09:25.0581 5496 tcpipreg - ok
18:09:25.0642 5496 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
18:09:25.0643 5496 TDPIPE - ok
18:09:25.0696 5496 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
18:09:25.0697 5496 TDTCP - ok
18:09:25.0767 5496 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
18:09:25.0768 5496 tdx - ok
18:09:25.0801 5496 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
18:09:25.0802 5496 TermDD - ok
18:09:25.0886 5496 TermService (5cdd30bc217082dac71a9878d9bfd566) C:\Windows\System32\termsrv.dll
18:09:25.0895 5496 TermService - ok
18:09:25.0965 5496 Themes (56793271ecdedd350c5add305603e963) C:\Windows\system32\shsvcs.dll
18:09:25.0971 5496 Themes - ok
18:09:26.0011 5496 THREADORDER (3cbe4995e80e13ccfbc42e5dcf3ac81a) C:\Windows\system32\mmcss.dll
18:09:26.0012 5496 THREADORDER - ok
18:09:26.0050 5496 TrkWks (f4689f05af472a651a7b1b7b02d200e7) C:\Windows\System32\trkwks.dll
18:09:26.0053 5496 TrkWks - ok
18:09:26.0133 5496 TrustedInstaller (66328b08ef5a9305d8ede36b93930369) C:\Windows\servicing\TrustedInstaller.exe
18:09:26.0134 5496 TrustedInstaller - ok
18:09:26.0172 5496 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:09:26.0173 5496 tssecsrv - ok
18:09:26.0192 5496 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
18:09:26.0193 5496 tunmp - ok
18:09:26.0233 5496 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
18:09:26.0234 5496 tunnel - ok
18:09:26.0265 5496 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
18:09:26.0266 5496 uagp35 - ok
18:09:26.0318 5496 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
18:09:26.0321 5496 udfs - ok
18:09:26.0366 5496 UI0Detect (060507c4113391394478f6953a79eedc) C:\Windows\system32\UI0Detect.exe
18:09:26.0369 5496 UI0Detect - ok
18:09:26.0400 5496 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
18:09:26.0401 5496 uliagpkx - ok
18:09:26.0440 5496 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
18:09:26.0443 5496 uliahci - ok
18:09:26.0467 5496 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
18:09:26.0469 5496 UlSata - ok
18:09:26.0503 5496 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
18:09:26.0505 5496 ulsata2 - ok
18:09:26.0531 5496 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
18:09:26.0533 5496 umbus - ok
18:09:26.0575 5496 upnphost (7093799ff80e9deca0680d2e3535be60) C:\Windows\System32\upnphost.dll
18:09:26.0580 5496 upnphost - ok
18:09:26.0616 5496 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
18:09:26.0618 5496 usbccgp - ok
18:09:26.0656 5496 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
18:09:26.0658 5496 usbcir - ok
18:09:26.0738 5496 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
18:09:26.0739 5496 usbehci - ok
18:09:26.0775 5496 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
18:09:26.0778 5496 usbhub - ok
18:09:26.0805 5496 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
18:09:26.0806 5496 usbohci - ok
18:09:26.0848 5496 usbprint (acfee697af477021bb3ec78c5431fed2) C:\Windows\system32\drivers\usbprint.sys
18:09:26.0850 5496 usbprint - ok
18:09:26.0881 5496 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:09:26.0884 5496 USBSTOR - ok
18:09:26.0913 5496 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
18:09:26.0915 5496 usbuhci - ok
18:09:26.0964 5496 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
18:09:26.0966 5496 usbvideo - ok
18:09:27.0025 5496 UxSms (d76e231e4850bb3f88a3d9a78df191e3) C:\Windows\System32\uxsms.dll
18:09:27.0028 5496 UxSms - ok
18:09:27.0096 5496 vds (294945381dfa7ce58cecf0a9896af327) C:\Windows\System32\vds.exe
18:09:27.0105 5496 vds - ok
18:09:27.0143 5496 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
18:09:27.0144 5496 vga - ok
18:09:27.0170 5496 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
18:09:27.0171 5496 VgaSave - ok
18:09:27.0188 5496 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
18:09:27.0189 5496 viaide - ok
18:09:27.0291 5496 Viewpoint Manager Service (5f974fde801c73952770736becde11e7) C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
18:09:27.0292 5496 Viewpoint Manager Service - ok
18:09:27.0325 5496 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
18:09:27.0326 5496 volmgr - ok
18:09:27.0407 5496 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
18:09:27.0411 5496 volmgrx - ok
18:09:27.0444 5496 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
18:09:27.0447 5496 volsnap - ok
18:09:27.0486 5496 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
18:09:27.0488 5496 vsmraid - ok
18:09:27.0652 5496 VSS (b75232dad33bfd95bf6f0a3e6bff51e1) C:\Windows\system32\vssvc.exe
18:09:27.0668 5496 VSS - ok
18:09:27.0730 5496 W32Time (f14a7de2ea41883e250892e1e5230a9a) C:\Windows\system32\w32time.dll
18:09:27.0737 5496 W32Time - ok
18:09:27.0809 5496 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
18:09:27.0810 5496 WacomPen - ok
18:09:27.0895 5496 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:27.0897 5496 Wanarp - ok
18:09:27.0902 5496 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
18:09:27.0907 5496 Wanarpv6 - ok
18:09:27.0993 5496 wcncsvc (b4e4c37d0aa6100090a53213ee2bf1c1) C:\Windows\System32\wcncsvc.dll
18:09:28.0000 5496 wcncsvc - ok
18:09:28.0050 5496 WcsPlugInService (ea4b369560e986f19d93f45a881484ac) C:\Windows\System32\WcsPlugInService.dll
18:09:28.0052 5496 WcsPlugInService - ok
18:09:28.0078 5496 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
18:09:28.0079 5496 Wd - ok
18:09:28.0146 5496 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
18:09:28.0152 5496 Wdf01000 - ok
18:09:28.0209 5496 WdiServiceHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:09:28.0212 5496 WdiServiceHost - ok
18:09:28.0216 5496 WdiSystemHost (c5efda73ebfca8b02a094898de0a9276) C:\Windows\system32\wdi.dll
18:09:28.0219 5496 WdiSystemHost - ok
18:09:28.0279 5496 WebClient (3e6d05381cf35f75ebb055544a8ed9ac) C:\Windows\System32\webclnt.dll
18:09:28.0282 5496 WebClient - ok
18:09:28.0348 5496 Wecsvc (8d40bc587993f876658bf9fb0f7d3462) C:\Windows\system32\wecsvc.dll
18:09:28.0352 5496 Wecsvc - ok
18:09:28.0390 5496 wercplsupport (9c980351d7e96288ea0c23ae232bd065) C:\Windows\System32\wercplsupport.dll
18:09:28.0393 5496 wercplsupport - ok
18:09:28.0410 5496 WerSvc (66b9ecebc46683f47edc06333c075fef) C:\Windows\System32\WerSvc.dll
18:09:28.0413 5496 WerSvc - ok
18:09:28.0547 5496 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:09:28.0553 5496 winachsf - ok
18:09:28.0622 5496 WinDefend - ok
18:09:28.0636 5496 WinHttpAutoProxySvc - ok
18:09:28.0784 5496 Winmgmt (d2e7296ed1bd26d8db2799770c077a02) C:\Windows\system32\wbem\WMIsvc.dll
18:09:28.0786 5496 Winmgmt - ok
18:09:29.0031 5496 WinRM (6cbb0c68f13b9c2ec1b16f5fa5e7c869) C:\Windows\system32\WsmSvc.dll
18:09:29.0054 5496 WinRM - ok
18:09:29.0233 5496 Wlansvc (ec339c8115e91baed835957e9a677f16) C:\Windows\System32\wlansvc.dll
18:09:29.0242 5496 Wlansvc - ok
18:09:29.0280 5496 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:09:29.0281 5496 WmiAcpi - ok
18:09:29.0403 5496 wmiApSrv (21fa389e65a852698b6a1341f36ee02d) C:\Windows\system32\wbem\WmiApSrv.exe
18:09:29.0407 5496 wmiApSrv - ok
18:09:29.0470 5496 WMPNetworkSvc - ok
18:09:29.0515 5496 WPCSvc (cbc156c913f099e6680d1df9307db7a8) C:\Windows\System32\wpcsvc.dll
18:09:29.0519 5496 WPCSvc - ok
18:09:29.0574 5496 WPDBusEnum (490a18b4e4d53dc10879deaa8e8b70d9) C:\Windows\system32\wpdbusenum.dll
18:09:29.0576 5496 WPDBusEnum - ok
18:09:29.0645 5496 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
18:09:29.0646 5496 WpdUsb - ok
18:09:29.0827 5496 WPFFontCache_v0400 (991e2c2cf3bc204c2bb2ee1476149e4e) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:09:29.0834 5496 WPFFontCache_v0400 - ok
18:09:29.0880 5496 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
18:09:29.0881 5496 ws2ifsl - ok
18:09:29.0950 5496 wscsvc (9ea3e6d0ef7a5c2b9181961052a4b01a) C:\Windows\system32\wscsvc.dll
18:09:29.0954 5496 wscsvc - ok
18:09:29.0959 5496 WSearch - ok
18:09:30.0216 5496 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:09:30.0242 5496 wuauserv - ok
18:09:30.0378 5496 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:09:30.0380 5496 WUDFRd - ok
18:09:30.0424 5496 wudfsvc (6cbd51ff913c851d56ed9dc7f2a27dde) C:\Windows\System32\WUDFSvc.dll
18:09:30.0429 5496 wudfsvc - ok
18:09:30.0487 5496 xcetap0 (1044f84c619f517b8442d1d00cfca2e6) C:\Windows\system32\DRIVERS\xcetap0.sys
18:09:30.0489 5496 xcetap0 - ok
18:09:30.0547 5496 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:09:30.0615 5496 \Device\Harddisk1\DR1 - ok
18:09:30.0648 5496 MBR (0x1B8) (85d751f0e41b8e520aee8c07a8da777b) \Device\Harddisk0\DR0
18:09:31.0140 5496 \Device\Harddisk0\DR0 - ok
18:09:31.0147 5496 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
18:09:31.0179 5496 \Device\Harddisk1\DR1 - ok
18:09:31.0184 5496 Boot (0x1200) (058437a99d162e53b5ad2e5dfac4f8a7) \Device\Harddisk1\DR1\Partition0
18:09:31.0185 5496 \Device\Harddisk1\DR1\Partition0 - ok
18:09:31.0190 5496 Boot (0x1200) (c9251ccfb25924c4b55035d8f7f9d132) \Device\Harddisk0\DR0\Partition0
18:09:31.0191 5496 \Device\Harddisk0\DR0\Partition0 - ok
18:09:31.0196 5496 Boot (0x1200) (c021f34b51f62e1cb56aed2ef549724d) \Device\Harddisk0\DR0\Partition1
18:09:31.0198 5496 \Device\Harddisk0\DR0\Partition1 - ok
18:09:31.0203 5496 Boot (0x1200) (058437a99d162e53b5ad2e5dfac4f8a7) \Device\Harddisk1\DR1\Partition0
18:09:31.0205 5496 \Device\Harddisk1\DR1\Partition0 - ok
18:09:31.0206 5496 ============================================================
18:09:31.0206 5496 Scan finished
18:09:31.0206 5496 ============================================================
18:09:31.0221 6124 Detected object count: 0
18:09:31.0221 6124 Actual detected object count: 0

#9 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 06:35 PM

Here is the aswMBR log

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-22 18:12:01
-----------------------------
18:12:01.372 OS Version: Windows x64 6.0.6002 Service Pack 2
18:12:01.373 Number of processors: 2 586 0xF0D
18:12:01.373 ComputerName: TINAA UserName: Admin
18:12:02.919 Initialize success
18:16:14.728 AVAST engine defs: 12072201
18:16:30.958 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
18:16:30.962 Disk 0 Vendor: TOSHIBA_MK2552GSX LV011C Size: 238475MB BusType: 3
18:16:30.968 Disk 1 \Device\Harddisk1\DR1 -> \Device\Scsi\JMCR1Port4Path0Target0Lun0
18:16:30.973 Disk 1 Vendor: JMCR Size: 15387MB BusType: 0
18:16:31.025 Disk 0 MBR read successfully
18:16:31.030 Disk 0 MBR scan
18:16:31.040 Disk 0 unknown MBR code
18:16:31.046 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226966 MB offset 63
18:16:31.079 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11505 MB offset 464828416
18:16:31.140 Disk 0 scanning C:\Windows\system32\drivers
18:16:44.948 Service scanning
18:17:28.143 Modules scanning
18:17:28.150 Disk 0 trace - called modules:
18:17:28.174 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
18:17:28.179 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004e14300]
18:17:28.184 3 CLASSPNP.SYS[fffffa6000a57c33] -> nt!IofCallDriver -> [0xfffffa8004fef5d0]
18:17:28.189 5 hpdskflt.sys[fffffa6001a020ee] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004cb1940]
18:17:29.722 AVAST engine scan C:\Windows
18:17:37.878 AVAST engine scan C:\Windows\system32
18:23:31.032 AVAST engine scan C:\Windows\system32\drivers
18:23:47.458 AVAST engine scan C:\Users\Admin
18:26:42.334 AVAST engine scan C:\ProgramData
18:33:03.645 Scan finished successfully
18:34:38.244 Disk 0 MBR has been saved successfully to "C:\Users\Tina\Desktop\MBR.dat"
18:34:38.244 The log file has been saved successfully to "C:\Users\Tina\Desktop\aswMBR Jul22log.txt"

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 PM

Posted 22 July 2012 - 06:39 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 22 July 2012 - 06:55 PM

Here is OTL log

OTL logfile created on: 7/22/2012 6:43:51 PM - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Tina\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.96 Gb Total Physical Memory | 2.17 Gb Available Physical Memory | 54.80% Memory free
8.15 Gb Paging File | 6.10 Gb Available in Paging File | 74.87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 221.65 Gb Total Space | 151.16 Gb Free Space | 68.20% Space Free | Partition Type: NTFS
Drive D: | 11.24 Gb Total Space | 1.32 Gb Free Space | 11.74% Space Free | Partition Type: NTFS
Drive E: | 3.21 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
Drive H: | 15.02 Gb Total Space | 14.87 Gb Free Space | 99.02% Space Free | Partition Type: FAT32

Computer Name: TINAA | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Tina\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Users\Tina\AppData\Roaming\RoboForm\robotaskbaricon.exe (Siber Systems)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
PRC - C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\WINDOWS\SMINST\BLService.exe ()
PRC - C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE File not found
SRV:64bit: - (HBAdmin) -- C:\Program Files\Pogoplug\HBPLUG\hbadmin.exe (Cloud Engines, Inc.)
SRV:64bit: - (DokanCEMounter) -- C:\Program Files\Pogoplug\dokanmnt.exe (Cloud Engines)
SRV:64bit: - (STacSV) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\STacSV64.exe (IDT, Inc.)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\Hpservice.exe (Hewlett-Packard Corporation)
SRV:64bit: - (AESTFilters) -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_3c6572ef\AESTSr64.exe (Andrea Electronics Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AgereModemAudio) -- C:\Windows\SysNative\agr64svc.exe (Agere Systems)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (FlipShare Service) -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (DfSdkS) -- C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\DfSdkS.exe (mst software GmbH, Germany)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Recovery Service for Windows) -- C:\WINDOWS\SMINST\BLService.exe ()
SRV - (Viewpoint Manager Service) -- C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\DRIVERS\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\DRIVERS\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\DRIVERS\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (DigiartyVirtualCDBus) -- C:\Windows\SysNative\drivers\DigiartyVirtualCDBus.sys (Digiarty Software, Inc.)
DRV:64bit: - (DokanCEDriver) -- C:\Program Files\Pogoplug\dokance.sys (Cloud Engines)
DRV:64bit: - (xcetap0) -- C:\Windows\SysNative\DRIVERS\xcetap0.sys (Cloud Engines, Inc.)
DRV:64bit: - (Apowersoft_AudioDevice) -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys (Wondershare)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys (Broadcom Corporation)
DRV:64bit: - (FTDIBUS) -- C:\Windows\SysNative\drivers\ftdibus.sys (FTDI Ltd.)
DRV:64bit: - (FTSER2K) -- C:\Windows\SysNative\drivers\ftser2k.sys (FTDI Ltd.)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\Drivers\PxHlpa64.sys (Sonic Solutions)
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys (Microsoft Corporation)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\DRIVERS\agrsm64.sys (LSI Corporation)
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys (Realtek Corporation )
DRV:64bit: - (igfx) -- C:\Windows\SysNative\DRIVERS\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\DRIVERS\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\DRIVERS\jmcr.sys (JMicron Technology Corp.)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\DRIVERS\hpdskflt.sys (Hewlett-Packard Corporation)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\DRIVERS\Accelerometer.sys (Hewlett-Packard Corporation)
DRV:64bit: - (ApfiltrService) -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys (Alps Electric Co., Ltd.)
DRV:64bit: - (enecir) -- C:\Windows\SysNative\DRIVERS\enecir.sys (ENE TECHNOLOGY INC.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys (NVIDIA Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6F983AA9-79B7-4D5A-9B46-3E116BC60304}
IE:64bit: - HKLM\..\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE:64bit: - HKLM\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKLM\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes,DefaultScope = {6F983AA9-79B7-4D5A-9B46-3E116BC60304}
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304}: "URL" = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\SearchScopes,DefaultScope = {6F983AA9-79B7-4D5A-9B46-3E116BC60304}
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\SearchScopes\{6F983AA9-79B7-4D5A-9B46-3E116BC60304}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-pvnb
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..CommunityToolbar.SearchFromAddressBarSavedUrl: "data:text/plain,keyword.URL=http://search.yahoo.com/search?ei=UTF-8&fr=yff35awe&p="
FF - prefs.js..CommunityToolbar.originalSearchEngine: "data:text/plain,browser.search.defaultenginename=Yahoo"
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=937811&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {37153479-1976-43c3-a1ee-557513977b64}:3.8.1.0
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:12.0.0.1912
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 17:30:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012/07/02 09:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Users\Tina\AppData\Roaming\RoboForm\Firefox [2012/05/01 08:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012/07/02 09:34:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 08:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/16 21:24:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/09/12 17:30:41 | 000,000,000 | ---D | M]

[2010/08/22 12:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Extensions
[2012/07/13 12:56:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions
[2011/12/05 10:19:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/03/26 09:41:51 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)
[2011/09/07 14:29:12 | 000,000,925 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\searchplugins\conduit.xml
[2012/03/26 20:44:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012/03/26 09:40:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions(6)
[2012/03/26 09:40:57 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\extensions(6)\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/07/02 09:34:49 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG2012\FIREFOX4
[2012/04/25 08:23:59 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/08 11:21:11 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll
[2011/07/13 17:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2011/07/13 17:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/03/12 23:38:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/03/12 23:38:32 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========


O1 HOSTS File: ([2012/07/22 08:54:54 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O2:64bit: - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (RoboForm Toolbar Helper) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm Toolbar) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\Toolbar\WebBrowser: (&RoboForm Toolbar) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Ashampoo HDD Control Guard] C:\Program Files (x86)\Ashampoo\Ashampoo HDD Control\HDDControlGuard.exe (Ashampoo Development GmbH & Co. KG)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1000..\Run: [Pogoplug] C:\Program Files\Pogoplug\PPDrive.exe (CloudEngines)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1000..\Run: [RoboForm] C:\Users\Tina\AppData\Roaming\RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [AllMyNotes] C:\Program Files (x86)\AllMyNotes Organizer\AllMyNotes.exe (Vladonai Software (http://www.vladonai.com))
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [Apple] rundll32.exe "C:\Users\Tina\AppData\Local\Apple Computer\Apple\nycxqejl.dll",CreateInstance File not found
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [googletalk] C:\Users\Tina\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [RoboForm] C:\Users\Tina\AppData\Roaming\RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [Trend Micro] C:\Users\Tina\AppData\Local\Trend Micro\shjyjvpf.dll (flashget)
O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Customize Menu - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComCustomizeIEMenu.html ()
O8:64bit: - Extra context menu item: Fill Forms - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComFillForms.html ()
O8:64bit: - Extra context menu item: Save Forms - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComSavePass.html ()
O8:64bit: - Extra context menu item: Show RoboForm Toolbar - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Customize Menu - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: Save Forms - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComSavePass.html ()
O8 - Extra context menu item: Show RoboForm Toolbar - C:\Users\Tina\AppData\Roaming\RoboForm\RoboFormComShowToolbar.html ()
O9:64bit: - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9:64bit: - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform-x64.dll (Siber Systems Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O9 - Extra 'Tools' menuitem : Show RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Users\Tina\AppData\Roaming\RoboForm\roboform.dll (Siber Systems Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..Trusted Domains: allure.com ([www] http in Trusted sites)
O15 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
O15 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.94.156.1 68.94.157.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C38D5123-66D8-446B-AB79-05BC0144BD52}: DhcpNameServer = 68.94.156.1 68.94.157.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\img24.jpg
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/22 17:54:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/22 08:57:45 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\temp
[2012/07/22 08:42:41 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/22 08:42:41 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/22 08:42:41 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/22 08:42:34 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/07/22 08:42:19 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/17 09:21:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012/07/16 21:35:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/07/16 21:24:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Oracle
[2012/07/16 21:24:02 | 000,772,592 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/16 21:24:01 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 21:23:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 21:23:47 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/16 20:14:41 | 000,955,888 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/16 20:14:41 | 000,268,784 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/16 20:14:30 | 000,189,424 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/16 20:14:30 | 000,188,912 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/15 20:54:18 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\GooredFix Backups
[2012/07/15 13:15:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/07/13 15:23:44 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\ChemTable Software
[2012/07/13 13:23:14 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe
[2012/07/13 12:56:27 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Macromedia
[2012/07/13 12:49:25 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\tdsskiller(1)
[2012/07/12 03:01:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/07/12 03:01:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/07/12 03:01:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/07/12 03:01:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/07/12 03:01:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/07/12 03:01:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/07/12 03:01:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/07/12 03:01:48 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/07/12 03:01:48 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/07/12 03:01:47 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/07/12 03:01:47 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/07/12 03:01:47 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/07/12 03:01:47 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/07/11 08:34:25 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll

========== Files - Modified Within 30 Days ==========

[2012/07/22 18:21:01 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-788194389-710293613-2749244959-1001UA.job
[2012/07/22 18:00:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/22 17:59:57 | 000,703,516 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/07/22 17:59:57 | 000,604,752 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/07/22 17:59:57 | 000,104,420 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/07/22 17:54:57 | 000,000,355 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/07/22 17:54:40 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/22 17:54:23 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 17:54:22 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/22 17:54:13 | 4256,133,120 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/22 11:40:01 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/07/22 08:54:54 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/07/22 08:23:08 | 101,968,570 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012/07/22 08:21:35 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-788194389-710293613-2749244959-1001Core.job
[2012/07/20 17:06:00 | 000,566,330 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012/07/18 10:32:43 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012/07/17 19:51:27 | 002,117,152 | ---- | M] () -- C:\Users\Admin\Desktop\tdsskiller(2).zip
[2012/07/17 19:49:58 | 002,117,152 | ---- | M] () -- C:\Users\Admin\Desktop\tdsskiller(1).zip
[2012/07/17 19:48:39 | 002,117,152 | ---- | M] () -- C:\Users\Admin\Desktop\tdsskiller.zip
[2012/07/17 09:21:35 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2012.lnk
[2012/07/16 21:23:30 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/07/16 21:23:30 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/07/16 21:23:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/07/16 21:23:30 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/07/16 21:23:29 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/07/16 20:19:19 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForTina.job
[2012/07/16 20:14:16 | 000,955,888 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2012/07/16 20:14:16 | 000,268,784 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2012/07/16 20:14:16 | 000,189,424 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2012/07/16 20:14:16 | 000,188,912 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2012/07/16 20:14:15 | 000,839,152 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2012/07/15 18:38:56 | 000,000,512 | ---- | M] () -- C:\Users\Public\Documents\MBR.dat
[2012/07/15 18:37:52 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/13 17:54:06 | 000,000,334 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForAdmin.job
[2012/07/13 15:27:10 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/07/13 15:27:10 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/07/13 14:03:26 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/07/13 13:23:16 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\Admin\Desktop\HijackThis.exe
[2012/07/12 03:27:06 | 000,398,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/07/03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2012/07/22 08:42:41 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/22 08:42:41 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/22 08:42:41 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/22 08:42:41 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/22 08:42:41 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/22 08:18:15 | 4256,133,120 | -HS- | C] () -- C:\hiberfil.sys
[2012/07/18 10:32:43 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012/07/17 19:51:20 | 002,117,152 | ---- | C] () -- C:\Users\Admin\Desktop\tdsskiller(2).zip
[2012/07/17 19:49:57 | 002,117,152 | ---- | C] () -- C:\Users\Admin\Desktop\tdsskiller(1).zip
[2012/07/17 19:48:35 | 002,117,152 | ---- | C] () -- C:\Users\Admin\Desktop\tdsskiller.zip
[2012/07/15 18:38:56 | 000,000,512 | ---- | C] () -- C:\Users\Public\Documents\MBR.dat
[2012/07/15 13:14:23 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat
[2012/07/13 14:03:26 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/04/12 09:06:21 | 005,752,220 | ---- | C] () -- C:\Program Files (x86)\AllMyNotesOrganizerDeluxe.zip
[2012/03/13 10:25:33 | 000,000,040 | ---- | C] () -- C:\Windows\iltwain.ini
[2012/01/06 14:18:18 | 000,001,096 | -HS- | C] () -- C:\ProgramData\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
[2011/12/30 15:39:55 | 000,001,128 | -HS- | C] () -- C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q
[2011/12/25 21:49:10 | 000,001,466 | -HS- | C] () -- C:\ProgramData\wpiyhave0j0l
[2011/12/13 17:33:20 | 000,001,464 | -HS- | C] () -- C:\ProgramData\2i82rp8s48l127
[2011/12/11 19:25:25 | 000,001,288 | -HS- | C] () -- C:\ProgramData\o2pi10k4qn3jko
[2011/12/09 11:45:54 | 000,008,550 | -HS- | C] () -- C:\ProgramData\4h82fh5s08h625
[2011/10/08 12:22:40 | 000,164,888 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2011/05/29 06:18:07 | 000,000,632 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2010/11/21 15:14:46 | 000,059,232 | ---- | C] () -- C:\Windows\SysWow64\CNC990W.DAT
[2010/10/09 08:29:19 | 000,046,956 | ---- | C] () -- C:\Program Files\flockstar.png
[2010/10/05 18:44:33 | 000,000,735 | ---- | C] () -- C:\Users\Admin\.recently-used.xbel
[2010/09/17 22:43:12 | 000,011,776 | ---- | C] () -- C:\Users\Admin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/12 17:30:26 | 000,023,114 | ---- | C] () -- C:\Windows\hpqins15.dat
[2010/08/28 11:23:03 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2010/08/28 11:22:34 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2010/08/28 11:22:03 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2010/08/23 04:21:36 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2010/08/22 12:49:32 | 000,000,031 | ---- | C] () -- C:\Windows\MTC!.INI

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 PM

Posted 23 July 2012 - 05:09 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O3 - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\Toolbar\WebBrowser: (no name) - {37153479-1976-43C3-A1EE-557513977B64} - No CLSID value found.
    O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [Apple] rundll32.exe "C:\Users\Tina\AppData\Local\Apple Computer\Apple\nycxqejl.dll",CreateInstance File not found
    O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe File not found
    O4 - HKU\S-1-5-21-788194389-710293613-2749244959-1001..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe File not found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    IE:64bit: - HKLM\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
    IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKLM\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647
    IE - HKU\S-1-5-21-788194389-710293613-2749244959-1000\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    IE - HKU\S-1-5-21-788194389-710293613-2749244959-1001\..\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}: "URL" = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpl
    FF - prefs.js..browser.search.defaultthis.engineName: "Coupons.com Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}"
    FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q="
    [2012/03/26 09:41:51 | 000,000,000 | ---D | M] (CompTool0234 Community Toolbar) -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)
    [2011/09/07 14:29:12 | 000,000,925 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\searchplugins\conduit.xml
    [2012/01/06 14:18:18 | 000,001,096 | -HS- | C] () -- C:\ProgramData\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132
    [2011/12/30 15:39:55 | 000,001,128 | -HS- | C] () -- C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q
    [2011/12/25 21:49:10 | 000,001,466 | -HS- | C] () -- C:\ProgramData\wpiyhave0j0l
    [2011/12/13 17:33:20 | 000,001,464 | -HS- | C] () -- C:\ProgramData\2i82rp8s48l127
    [2011/12/11 19:25:25 | 000,001,288 | -HS- | C] () -- C:\ProgramData\o2pi10k4qn3jko
    [2011/12/09 11:45:54 | 000,008,550 | -HS- | C] () -- C:\ProgramData\4h82fh5s08h625
      
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 23 July 2012 - 10:45 AM

Good morning Gringo!

I was not asked to reboot the machine but I will do it anyway (problems usually appear after doing so).
Here is the report

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@java.com/JavaPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{37153479-1976-43C3-A1EE-557513977B64} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{37153479-1976-43C3-A1EE-557513977B64}\ not found.
Registry value HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Apple deleted successfully.
Registry value HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\SUPERAntiSpyware deleted successfully.
Registry value HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Windows\CurrentVersion\Run\\WMPNSCFG deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ not found.
Registry key HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1000\Software\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ not found.
Registry key HKEY_USERS\S-1-5-21-788194389-710293613-2749244959-1001\Software\Microsoft\Internet Explorer\SearchScopes\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D36439C9-37CD-47CA-97D6-93DB9EADB688}\ not found.
Prefs.js: "Coupons.com Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=2&q=" removed from keyword.URL
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\searchplugin folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\modules folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\META-INF folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\defaults folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\components folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111)\chrome folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\extensions\{37153479-1976-43c3-a1ee-557513977b64}(111) folder moved successfully.
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6pufymy1.default\searchplugins\conduit.xml moved successfully.
C:\ProgramData\ly036el178fysd08075qy86316l25xr415g3pj4f0vd132 moved successfully.
C:\ProgramData\213ms54md02a01808426vojooi4k641umf6gp23374q moved successfully.
C:\ProgramData\wpiyhave0j0l moved successfully.
C:\ProgramData\2i82rp8s48l127 moved successfully.
C:\ProgramData\o2pi10k4qn3jko moved successfully.
C:\ProgramData\4h82fh5s08h625 moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Tina\Desktop\cmd.bat deleted successfully.
C:\Users\Tina\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: Admin
->Java cache emptied: 2027 bytes

User: All Users

User: AppData

User: Default

User: Default User

User: Public

User: Tina
->Java cache emptied: 8990473 bytes

Total Java Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: Admin
->Flash cache emptied: 1700 bytes

User: All Users

User: AppData

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

User: Tina
->Flash cache emptied: 57564 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.54.0 log created on 07232012_104252

#14 solsticeIL

solsticeIL
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Local time:01:14 PM

Posted 23 July 2012 - 10:52 AM

Upon reboot, ssvagent.exe appeared instantly and the first attempt at Google search in Firefox was a redirect.

Oh! I also forgot to add that two iexplorer processes are running even though I rarely use Internet Explorer. Attempts to kill the processes fails. The processes come right back.

Edited by solsticeIL, 23 July 2012 - 12:16 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 135,626 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:03:14 PM

Posted 23 July 2012 - 01:38 PM

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic


Please Only Copy And Paste Reports Into Topic - Do Not Attach

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users