Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

DDS log


  • This topic is locked This topic is locked
35 replies to this topic

#1 tsquared56

tsquared56

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 14 June 2011 - 06:41 AM

From here. http://www.bleepingcomputer.com/forums/topic402433.html/page__gopid__2291252#entry2291252

64-bit, so no GMER.

DDS log:

.
DDS (Ver_2011-06-12.02) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Tim at 7:31:01 on 2011-06-14
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5095 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files\LSI SoftModem\agr64svc.exe
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\PROGRA~1\HEWLET~1\HPREMO~1\HPREMO~1.EXE
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe
C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files (x86)\Ask.com\Updater\Updater.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://my.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uURLSearchHooks: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
uURLSearchHooks: H - No File
BHO: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB: Dealio Toolbar: {01398b87-61af-4ffb-9ab5-1a1c5fb39a9c} - C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [SoftAuto.exe] "C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe"
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart /startifwork
uRun: [Desktop Software] "C:\Program Files (x86)\Common Files\SupportSoft\bin\bcont.exe" /ini "C:\Program Files (x86)\ComcastUI\Desktop Software\uinstaller.ini" /fromrun /starthidden
uRun: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Memeo Instant Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
mRun: [<NO NAME>]
mRun: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PICTUR~1.LNK - C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {49232000-16E4-426C-A231-62846947304B} - hxxps://wimpro2.cce.hp.com/ChatEntry/downloads/sysinfo.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.21.0.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15110/CTPID.cab
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
TCP: Interfaces\{82A4CFEA-4151-4588-A37A-5403FF50E6F4} : DhcpNameServer = 68.87.71.230 68.87.73.246
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
BHO-X64: LimeWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO-X64: Ask Toolbar BHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0552.0\msneshellx.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: LimeWire Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
TB-X64: Dealio Toolbar: {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - No File
TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [UpdateP2GoShortCut] "c:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdateLBPShortCut] "c:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePDIRShortCut] "c:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [UpdatePSTShortCut] "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\CyberLink\CyberLink DVD Suite Deluxe" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [Microsoft Default Manager] "c:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun-x64: [Google Quick Search Box] "C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [DVDAgent] "c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Memeo Instant Backup] "C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" --silent --no_ui
mRun-x64: [Seagate Dashboard] "C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" --silent --no_ui
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [ddoctorv2] "C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" /P ddoctorv2
mRun-x64: [Carbonite Backup] "C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe"
mRun-x64: [(Default)]
mRun-x64: [SearchSettings] "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\fy7e4zw3.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=8BF75FF8-CE1F-4D62-AA49-D135DAE833D1&apn_ptnrs=OE&apn_sauid=B7E9CD63-0ECB-48BB-8360-10C896075BDB&apn_dtid=VIN003WTUS&q=
FF - component: C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - component: C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\fy7e4zw3.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\Tim\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2010-2-17 14920]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2010-2-17 12360]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2010-6-29 128752]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 Application Updater;Application Updater;C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2011-5-6 393112]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-7-9 42184]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-1-24 25824]
R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-4-30 14088]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
R3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 atidgllk;atidgllk;C:\Program Files\PC-Doctor for Windows\atidgllk.sys [2009-2-2 5632]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
S3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CT20XUT;CT20XUT;C:\Windows\system32\drivers\CT20XUT.SYS --> C:\Windows\system32\drivers\CT20XUT.SYS [?]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTEXFIFX;CTEXFIFX;C:\Windows\system32\drivers\CTEXFIFX.SYS --> C:\Windows\system32\drivers\CTEXFIFX.SYS [?]
S3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTHWIUT;CTHWIUT;C:\Windows\system32\drivers\CTHWIUT.SYS --> C:\Windows\system32\drivers\CTHWIUT.SYS [?]
S3 CTUPnPSv;Creative Centrale Media Server;C:\Program Files (x86)\Creative\Creative Centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;C:\Program Files (x86)\Dragon Age\bin_ship\daupdatersvc.service.exe [2009-12-15 25832]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-1-30 135664]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\PC-Doctor for Windows\pcdsrvc_x64.pkms [2009-2-2 23536]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-12-25 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-06-14 11:08:01 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FB8C8CFC-9366-4F6B-B6D2-9DDEBAC743E2}\mpengine.dll
2011-05-31 16:31:47 -------- d-----w- C:\Users\Tim\AppData\Local\{99CDDBB3-EE1E-4886-BD05-6781CC388145}
2011-05-31 00:49:41 -------- d-----w- C:\Users\Tim\AppData\Local\{A5393CA6-2C55-43B4-90E7-14D6FB318E02}
2011-05-28 10:09:59 -------- d-----w- C:\Program Files (x86)\Common Files\xing shared
2011-05-22 12:32:54 -------- d-----w- C:\Users\Tim\AppData\Local\Electronic Arts
2011-05-21 15:15:47 -------- d-----w- C:\Program Files (x86)\Dealio Toolbar
2011-05-21 15:15:47 -------- d-----w- C:\Program Files (x86)\Application Updater
2011-05-21 15:13:33 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-04-09 22:55:44 15453336 ----a-w- C:\Windows\SysWow64\xlive.dll
2011-04-09 22:55:42 13642904 ----a-w- C:\Windows\SysWow64\xlivefnt.dll
.
============= FINISH: 7:37:24.29 ===============

BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 22 June 2011 - 07:10 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. Click the Watch This Topic button at the top on the right.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :thumbup2:
Posted Image
m0le is a proud member of UNITE

#3 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 23 June 2011 - 02:08 PM

I'm here.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 23 June 2011 - 06:18 PM

Please run aswMBR, to see if rootkit activity is present.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Posted Image
m0le is a proud member of UNITE

#5 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 24 June 2011 - 04:36 PM

I've tried to run that program three times and on all three tries, Windows has restarted and upon starting up I get a dialog stating that "Windows has recovered from an unexpected error."

The third time I noticed I got a blue screen right before it shut down and the only wording I could make out of it was "an attempt to write to read-only was made" - The first two times I had run it and left the computer for a while. The third time the restart occurred approximately 3 minutes into the scan, if that means anything.

Edited by tsquared56, 24 June 2011 - 04:39 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 24 June 2011 - 04:38 PM

That's an unusual reaction. Please try TDSSKiller and MBRCheck

  • Download TDSSKiller and save it to your Desktop.

  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.

  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l report.txt

  • Now click Start Scan.
  • If Malicious objects are found, ensure Cure is selected then click Continue > Reboot now.
  • Click Close
  • Finally press Report and copy and paste the contents into your next reply. If you've rebooted then the log will be found at C:\


And

Please download MBRCheck to your desktop.

1. Double click MBRCheck.exe to run it (Right click and run as Administrator for Vista).
2. It will open a black window, please do not fix anything (if it gives you an option).
3. Exit that window and it will produce a log (MBRCheck_date_time).
4. Please post that log when you reply.
Posted Image
m0le is a proud member of UNITE

#7 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 24 June 2011 - 04:43 PM

Here's the TDSS report:

2011/06/24 17:41:49.0999 2800 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
2011/06/24 17:41:50.0360 2800 ================================================================================
2011/06/24 17:41:50.0360 2800 SystemInfo:
2011/06/24 17:41:50.0360 2800
2011/06/24 17:41:50.0361 2800 OS Version: 6.0.6002 ServicePack: 2.0
2011/06/24 17:41:50.0361 2800 Product type: Workstation
2011/06/24 17:41:50.0361 2800 ComputerName: TIM-PC
2011/06/24 17:41:50.0361 2800 UserName: Tim
2011/06/24 17:41:50.0361 2800 Windows directory: C:\Windows
2011/06/24 17:41:50.0361 2800 System windows directory: C:\Windows
2011/06/24 17:41:50.0361 2800 Running under WOW64
2011/06/24 17:41:50.0361 2800 Processor architecture: Intel x64
2011/06/24 17:41:50.0361 2800 Number of processors: 2
2011/06/24 17:41:50.0361 2800 Page size: 0x1000
2011/06/24 17:41:50.0361 2800 Boot type: Normal boot
2011/06/24 17:41:50.0361 2800 ================================================================================
2011/06/24 17:41:50.0985 2800 Initialize success
2011/06/24 17:41:54.0704 3388 ================================================================================
2011/06/24 17:41:54.0704 3388 Scan started
2011/06/24 17:41:54.0704 3388 Mode: Manual;
2011/06/24 17:41:54.0704 3388 ================================================================================
2011/06/24 17:41:56.0511 3388 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
2011/06/24 17:41:56.0888 3388 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
2011/06/24 17:41:56.0953 3388 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
2011/06/24 17:41:56.0993 3388 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
2011/06/24 17:41:57.0055 3388 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
2011/06/24 17:41:57.0657 3388 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
2011/06/24 17:41:57.0902 3388 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\Windows\system32\DRIVERS\agrsm64.sys
2011/06/24 17:41:57.0958 3388 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
2011/06/24 17:41:58.0059 3388 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
2011/06/24 17:41:58.0128 3388 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
2011/06/24 17:41:58.0202 3388 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
2011/06/24 17:41:58.0270 3388 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
2011/06/24 17:41:58.0517 3388 amdkmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/24 17:41:58.0685 3388 amdkmdap (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
2011/06/24 17:41:58.0795 3388 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
2011/06/24 17:41:58.0851 3388 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
2011/06/24 17:41:59.0517 3388 aswFsBlk (f810e3ea3d1f3c3ba26f2f4719bdca4f) C:\Windows\system32\drivers\aswFsBlk.sys
2011/06/24 17:41:59.0597 3388 aswMonFlt (3687fd9cedf56d3b9f18923f4e14f3f9) C:\Windows\system32\drivers\aswMonFlt.sys
2011/06/24 17:41:59.0644 3388 aswRdr (e99e48596b35e5d5240104bcd61b3471) C:\Windows\system32\drivers\aswRdr.sys
2011/06/24 17:41:59.0731 3388 aswSnx (84ad8fb3fd2efa52d8599a0028bbb6fe) C:\Windows\system32\drivers\aswSnx.sys
2011/06/24 17:42:00.0379 3388 aswSP (8cba6cc5dca9e3829f1792bf98f06901) C:\Windows\system32\drivers\aswSP.sys
2011/06/24 17:42:00.0419 3388 aswTdi (184248f2ded7b1641c7f3b30381baa2a) C:\Windows\system32\drivers\aswTdi.sys
2011/06/24 17:42:00.0477 3388 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/06/24 17:42:00.0542 3388 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
2011/06/24 17:42:00.0660 3388 atidgllk (9d2844367ab6f8e75b4726e74dc18164) C:\Program Files\PC-Doctor for Windows\atidgllk.sys
2011/06/24 17:42:00.0755 3388 AtiHDAudioService (5d6566d19fccaf8a10d46b6c479227a9) C:\Windows\system32\drivers\AtihdLH6.sys
2011/06/24 17:42:01.0009 3388 atikmdag (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/24 17:42:01.0525 3388 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
2011/06/24 17:42:01.0628 3388 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
2011/06/24 17:42:02.0093 3388 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
2011/06/24 17:42:02.0127 3388 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
2011/06/24 17:42:02.0220 3388 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
2011/06/24 17:42:02.0268 3388 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
2011/06/24 17:42:02.0335 3388 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
2011/06/24 17:42:02.0568 3388 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
2011/06/24 17:42:03.0052 3388 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
2011/06/24 17:42:03.0162 3388 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
2011/06/24 17:42:03.0225 3388 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
2011/06/24 17:42:03.0332 3388 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
2011/06/24 17:42:03.0452 3388 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
2011/06/24 17:42:03.0768 3388 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
2011/06/24 17:42:03.0803 3388 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
2011/06/24 17:42:03.0897 3388 cpuz135 (ccb09eb78e047c931708149992c2e435) C:\Windows\system32\drivers\cpuz135_x64.sys
2011/06/24 17:42:03.0960 3388 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
2011/06/24 17:42:04.0143 3388 CT20XUT (b3b541b3b25adb02d793c51953b22491) C:\Windows\system32\drivers\CT20XUT.SYS
2011/06/24 17:42:04.0693 3388 CT20XUT.SYS (b3b541b3b25adb02d793c51953b22491) C:\Windows\System32\drivers\CT20XUT.SYS
2011/06/24 17:42:05.0101 3388 ctac32k (f2e098f140b769ae62803e89230f11a9) C:\Windows\system32\drivers\ctac32k.sys
2011/06/24 17:42:05.0612 3388 ctaud2k (5c315e9dabf63d9d12973585a6113066) C:\Windows\system32\drivers\ctaud2k.sys
2011/06/24 17:42:05.0797 3388 CTEXFIFX (59d681564c6d5cd72890082925501be9) C:\Windows\system32\drivers\CTEXFIFX.SYS
2011/06/24 17:42:05.0873 3388 CTEXFIFX.SYS (59d681564c6d5cd72890082925501be9) C:\Windows\System32\drivers\CTEXFIFX.SYS
2011/06/24 17:42:05.0927 3388 CTHWIUT (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\system32\drivers\CTHWIUT.SYS
2011/06/24 17:42:05.0947 3388 CTHWIUT.SYS (d0ebcff35fe9a4f9d3ca2fd6a38bee56) C:\Windows\System32\drivers\CTHWIUT.SYS
2011/06/24 17:42:05.0994 3388 ctprxy2k (ef305cab6295b8a250a77a7fd5f9f113) C:\Windows\system32\drivers\ctprxy2k.sys
2011/06/24 17:42:06.0182 3388 ctsfm2k (01323c189318b92bb7781b911de9d62b) C:\Windows\system32\drivers\ctsfm2k.sys
2011/06/24 17:42:06.0371 3388 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
2011/06/24 17:42:06.0483 3388 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
2011/06/24 17:42:06.0575 3388 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
2011/06/24 17:42:06.0694 3388 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
2011/06/24 17:42:06.0770 3388 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
2011/06/24 17:42:07.0394 3388 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
2011/06/24 17:42:07.0467 3388 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
2011/06/24 17:42:07.0545 3388 emupia (1b68c7ddd39811df63fc04af937be91a) C:\Windows\system32\drivers\emupia2k.sys
2011/06/24 17:42:07.0587 3388 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
2011/06/24 17:42:07.0660 3388 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
2011/06/24 17:42:08.0138 3388 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
2011/06/24 17:42:08.0199 3388 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
2011/06/24 17:42:08.0277 3388 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
2011/06/24 17:42:08.0346 3388 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
2011/06/24 17:42:08.0379 3388 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/06/24 17:42:08.0579 3388 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
2011/06/24 17:42:08.0673 3388 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
2011/06/24 17:42:08.0725 3388 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
2011/06/24 17:42:08.0934 3388 ha20x2k (c1c61e83f44b105a4a131cb0c583174c) C:\Windows\system32\drivers\ha20x2k.sys
2011/06/24 17:42:09.0042 3388 HdAudAddService (68e732382b32417ff61fd663259b4b09) C:\Windows\system32\drivers\HdAudio.sys
2011/06/24 17:42:09.0107 3388 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/06/24 17:42:09.0144 3388 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
2011/06/24 17:42:09.0222 3388 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
2011/06/24 17:42:09.0786 3388 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
2011/06/24 17:42:09.0853 3388 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
2011/06/24 17:42:09.0988 3388 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
2011/06/24 17:42:10.0022 3388 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
2011/06/24 17:42:10.0144 3388 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/06/24 17:42:10.0710 3388 iaStor (8eacf469269fb1509561961a3188f670) C:\Windows\system32\drivers\iastor.sys
2011/06/24 17:42:10.0874 3388 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
2011/06/24 17:42:11.0228 3388 igfx (a124c87cd0b39c9e510e138534468383) C:\Windows\system32\DRIVERS\igdkmd64.sys
2011/06/24 17:42:11.0366 3388 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
2011/06/24 17:42:11.0472 3388 IntcAzAudAddService (1edab7f9b9de4424beccdef950ce2ff0) C:\Windows\system32\drivers\RTKVHD64.sys
2011/06/24 17:42:11.0547 3388 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
2011/06/24 17:42:11.0613 3388 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
2011/06/24 17:42:11.0697 3388 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/06/24 17:42:11.0777 3388 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
2011/06/24 17:42:11.0831 3388 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
2011/06/24 17:42:11.0893 3388 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
2011/06/24 17:42:12.0399 3388 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
2011/06/24 17:42:12.0498 3388 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/06/24 17:42:12.0529 3388 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
2011/06/24 17:42:12.0561 3388 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
2011/06/24 17:42:12.0634 3388 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/06/24 17:42:12.0718 3388 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/06/24 17:42:12.0816 3388 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
2011/06/24 17:42:13.0416 3388 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
2011/06/24 17:42:13.0535 3388 L8042Kbd (f33c5d79d3273530e1892a0922283a7b) C:\Windows\system32\DRIVERS\L8042Kbd.sys
2011/06/24 17:42:13.0578 3388 L8042mou (a6fe2e63441094074f57243fb0fdb45a) C:\Windows\system32\DRIVERS\L8042mou.Sys
2011/06/24 17:42:13.0746 3388 LEqdUsb (00ba093a3f316d43a4c3e098a96ae912) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
2011/06/24 17:42:13.0956 3388 LHidEqd (3067cfad2baa4a208130cd0afb130bc9) C:\Windows\system32\DRIVERS\LHidEqd.Sys
2011/06/24 17:42:14.0066 3388 LHidFilt (24e09882ba51b9830ae029888a3aaf18) C:\Windows\system32\DRIVERS\LHidFilt.Sys
2011/06/24 17:42:14.0150 3388 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
2011/06/24 17:42:14.0195 3388 LMouFilt (2f94325d8c10e2b715f3d753c2422aac) C:\Windows\system32\DRIVERS\LMouFilt.Sys
2011/06/24 17:42:14.0256 3388 LMouKE (f518c34c137348b7dbe5343acc646a1c) C:\Windows\system32\DRIVERS\LMouKE.Sys
2011/06/24 17:42:14.0306 3388 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
2011/06/24 17:42:14.0374 3388 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
2011/06/24 17:42:15.0064 3388 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
2011/06/24 17:42:15.0110 3388 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
2011/06/24 17:42:15.0215 3388 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
2011/06/24 17:42:15.0286 3388 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
2011/06/24 17:42:15.0353 3388 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
2011/06/24 17:42:15.0400 3388 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
2011/06/24 17:42:15.0487 3388 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
2011/06/24 17:42:15.0561 3388 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
2011/06/24 17:42:16.0074 3388 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
2011/06/24 17:42:16.0113 3388 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
2011/06/24 17:42:16.0186 3388 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
2011/06/24 17:42:16.0247 3388 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
2011/06/24 17:42:16.0288 3388 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
2011/06/24 17:42:16.0385 3388 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
2011/06/24 17:42:16.0455 3388 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/06/24 17:42:16.0502 3388 mrxsmb10 (6dc9461915a551c2a625986f5fb3b851) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/06/24 17:42:16.0531 3388 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/06/24 17:42:16.0566 3388 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
2011/06/24 17:42:16.0622 3388 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
2011/06/24 17:42:16.0710 3388 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
2011/06/24 17:42:16.0758 3388 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
2011/06/24 17:42:16.0827 3388 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
2011/06/24 17:42:17.0012 3388 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/06/24 17:42:17.0065 3388 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
2011/06/24 17:42:17.0119 3388 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
2011/06/24 17:42:17.0160 3388 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/06/24 17:42:17.0755 3388 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
2011/06/24 17:42:17.0858 3388 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
2011/06/24 17:42:17.0951 3388 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
2011/06/24 17:42:18.0725 3388 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
2011/06/24 17:42:18.0874 3388 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/06/24 17:42:18.0932 3388 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/06/24 17:42:19.0021 3388 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/06/24 17:42:19.0122 3388 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
2011/06/24 17:42:19.0151 3388 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
2011/06/24 17:42:19.0400 3388 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
2011/06/24 17:42:19.0479 3388 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
2011/06/24 17:42:19.0577 3388 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
2011/06/24 17:42:19.0659 3388 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
2011/06/24 17:42:19.0791 3388 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
2011/06/24 17:42:19.0836 3388 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
2011/06/24 17:42:19.0893 3388 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
2011/06/24 17:42:19.0948 3388 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
2011/06/24 17:42:20.0006 3388 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
2011/06/24 17:42:20.0595 3388 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/06/24 17:42:20.0735 3388 ossrv (eb8724534cee0977eac4878812682f6b) C:\Windows\system32\drivers\ctoss2k.sys
2011/06/24 17:42:20.0807 3388 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
2011/06/24 17:42:21.0334 3388 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
2011/06/24 17:42:21.0471 3388 PCDSRVC{F36B3A4C-F95654BD-06000000}_0 (51209fbdb13a46e05c1b0077a9310264) c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms
2011/06/24 17:42:21.0805 3388 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
2011/06/24 17:42:21.0859 3388 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
2011/06/24 17:42:21.0919 3388 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
2011/06/24 17:42:21.0965 3388 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
2011/06/24 17:42:22.0163 3388 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
2011/06/24 17:42:22.0220 3388 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
2011/06/24 17:42:22.0345 3388 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
2011/06/24 17:42:22.0451 3388 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
2011/06/24 17:42:22.0520 3388 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
2011/06/24 17:42:22.0603 3388 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
2011/06/24 17:42:23.0315 3388 R300 (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
2011/06/24 17:42:23.0451 3388 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
2011/06/24 17:42:24.0014 3388 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/06/24 17:42:24.0138 3388 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/06/24 17:42:24.0210 3388 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
2011/06/24 17:42:24.0298 3388 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
2011/06/24 17:42:24.0361 3388 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/06/24 17:42:24.0417 3388 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
2011/06/24 17:42:24.0439 3388 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
2011/06/24 17:42:24.0494 3388 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
2011/06/24 17:42:24.0601 3388 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
2011/06/24 17:42:24.0674 3388 RTL8169 (d53c84ec99ab4d78a90001e5ce5386ec) C:\Windows\system32\DRIVERS\Rtlh64.sys
2011/06/24 17:42:24.0827 3388 SASDIFSV (99df79c258b3342b6c8a5f802998de56) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
2011/06/24 17:42:24.0905 3388 SASKUTIL (2859c35c0651e8eb0d86d48e740388f2) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
2011/06/24 17:42:24.0958 3388 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
2011/06/24 17:42:25.0050 3388 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
2011/06/24 17:42:25.0114 3388 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
2011/06/24 17:42:25.0172 3388 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
2011/06/24 17:42:25.0208 3388 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
2011/06/24 17:42:25.0288 3388 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
2011/06/24 17:42:25.0747 3388 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
2011/06/24 17:42:25.0858 3388 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
2011/06/24 17:42:25.0907 3388 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
2011/06/24 17:42:25.0972 3388 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
2011/06/24 17:42:26.0051 3388 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
2011/06/24 17:42:26.0558 3388 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
2011/06/24 17:42:26.0643 3388 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
2011/06/24 17:42:26.0762 3388 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
2011/06/24 17:42:26.0879 3388 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
2011/06/24 17:42:27.0004 3388 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
2011/06/24 17:42:27.0168 3388 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
2011/06/24 17:42:27.0238 3388 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
2011/06/24 17:42:27.0310 3388 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
2011/06/24 17:42:27.0347 3388 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
2011/06/24 17:42:27.0436 3388 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
2011/06/24 17:42:27.0537 3388 Tcpip (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\drivers\tcpip.sys
2011/06/24 17:42:27.0671 3388 Tcpip6 (973658a2ea9c06b2976884b9046dfc6c) C:\Windows\system32\DRIVERS\tcpip.sys
2011/06/24 17:42:27.0750 3388 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
2011/06/24 17:42:27.0803 3388 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
2011/06/24 17:42:27.0865 3388 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
2011/06/24 17:42:28.0357 3388 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
2011/06/24 17:42:28.0429 3388 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
2011/06/24 17:42:28.0525 3388 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/06/24 17:42:28.0563 3388 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
2011/06/24 17:42:28.0670 3388 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
2011/06/24 17:42:29.0123 3388 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
2011/06/24 17:42:29.0211 3388 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
2011/06/24 17:42:29.0309 3388 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
2011/06/24 17:42:29.0384 3388 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
2011/06/24 17:42:29.0458 3388 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
2011/06/24 17:42:29.0540 3388 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
2011/06/24 17:42:29.0570 3388 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
2011/06/24 17:42:29.0670 3388 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/06/24 17:42:29.0703 3388 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
2011/06/24 17:42:29.0782 3388 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
2011/06/24 17:42:29.0880 3388 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
2011/06/24 17:42:29.0929 3388 usbohci (eba14ef0c07cec233f1529c698d0d154) C:\Windows\system32\drivers\usbohci.sys
2011/06/24 17:42:30.0005 3388 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
2011/06/24 17:42:30.0146 3388 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/06/24 17:42:30.0181 3388 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/06/24 17:42:30.0245 3388 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/06/24 17:42:30.0286 3388 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
2011/06/24 17:42:30.0317 3388 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
2011/06/24 17:42:30.0393 3388 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
2011/06/24 17:42:30.0939 3388 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
2011/06/24 17:42:31.0011 3388 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
2011/06/24 17:42:31.0065 3388 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
2011/06/24 17:42:31.0157 3388 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
2011/06/24 17:42:31.0230 3388 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/24 17:42:31.0638 3388 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
2011/06/24 17:42:31.0718 3388 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
2011/06/24 17:42:31.0803 3388 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
2011/06/24 17:42:31.0983 3388 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
2011/06/24 17:42:32.0120 3388 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/06/24 17:42:32.0205 3388 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
2011/06/24 17:42:32.0323 3388 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/06/24 17:42:32.0395 3388 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
2011/06/24 17:42:32.0701 3388 ================================================================================
2011/06/24 17:42:32.0701 3388 Scan finished
2011/06/24 17:42:32.0701 3388 ================================================================================
2011/06/24 17:42:32.0722 2124 Detected object count: 0
2011/06/24 17:42:32.0722 2124 Actual detected object count: 0

#8 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 24 June 2011 - 04:45 PM

And the MBRCheck:

MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows Vista Home Premium Edition
Windows Information: Service Pack 2 (build 6002), 64-bit
Base Board Manufacturer: PEGATRON CORPORATION
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: HP-Pavilion
System Product Name: NY429AA-ABA p6110y
Logical Drives Mask: 0x000001fc

Kernel Drivers (total 140):
0x02C57000 \SystemRoot\system32\ntoskrnl.exe
0x02C11000 \SystemRoot\system32\hal.dll
0x0060F000 \SystemRoot\system32\kdcom.dll
0x00619000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00654000 \SystemRoot\system32\PSHED.dll
0x00668000 \SystemRoot\system32\CLFS.SYS
0x006C5000 \SystemRoot\system32\CI.dll
0x00808000 \SystemRoot\system32\drivers\Wdf01000.sys
0x008E2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x008F0000 \SystemRoot\system32\drivers\acpi.sys
0x00946000 \SystemRoot\system32\drivers\WMILIB.SYS
0x0094F000 \SystemRoot\system32\drivers\msisadrv.sys
0x00959000 \SystemRoot\system32\drivers\pci.sys
0x00989000 \SystemRoot\System32\drivers\partmgr.sys
0x0099E000 \SystemRoot\system32\drivers\volmgr.sys
0x00777000 \SystemRoot\System32\drivers\volmgrx.sys
0x009B2000 \SystemRoot\System32\drivers\mountmgr.sys
0x00A04000 \SystemRoot\system32\drivers\iastor.sys
0x00B20000 \SystemRoot\system32\drivers\fltmgr.sys
0x00B67000 \SystemRoot\system32\drivers\fileinfo.sys
0x00C01000 \SystemRoot\System32\Drivers\ksecdd.sys
0x00E0E000 \SystemRoot\system32\drivers\ndis.sys
0x00C88000 \SystemRoot\system32\drivers\msrpc.sys
0x00CD8000 \SystemRoot\system32\drivers\NETIO.SYS
0x01005000 \SystemRoot\System32\drivers\tcpip.sys
0x0117B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0120F000 \SystemRoot\System32\Drivers\Ntfs.sys
0x0138F000 \SystemRoot\system32\drivers\volsnap.sys
0x013D3000 \SystemRoot\System32\Drivers\spldr.sys
0x013DB000 \SystemRoot\System32\Drivers\mup.sys
0x011A7000 \SystemRoot\System32\drivers\ecache.sys
0x011D3000 \SystemRoot\system32\drivers\disk.sys
0x00FD1000 \SystemRoot\system32\drivers\CLASSPNP.SYS
0x013ED000 \SystemRoot\system32\drivers\crcdisk.sys
0x02321000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x0232E000 \SystemRoot\system32\DRIVERS\tunmp.sys
0x02337000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x0234A000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x0240C000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x02D08000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x02DEB000 \SystemRoot\System32\drivers\watchdog.sys
0x02E00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x02EED000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02EF9000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x02F3F000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x02F50000 \SystemRoot\system32\DRIVERS\Rtlh64.sys
0x02F83000 \SystemRoot\system32\DRIVERS\ohci1394.sys
0x02F95000 \SystemRoot\system32\DRIVERS\1394BUS.SYS
0x02FA5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02FC1000 \SystemRoot\system32\DRIVERS\msiscsi.sys
0x02398000 \SystemRoot\system32\DRIVERS\storport.sys
0x011E7000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x00D31000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x02400000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00D54000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x00D85000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x00D95000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x00DB3000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x00DCB000 \SystemRoot\system32\DRIVERS\termdd.sys
0x00E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x011F4000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x02FFA000 \SystemRoot\system32\DRIVERS\swenum.sys
0x00B7B000 \SystemRoot\system32\DRIVERS\ks.sys
0x023F5000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x00DDE000 \SystemRoot\system32\DRIVERS\umbus.sys
0x00BAF000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x009C5000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x009D9000 \SystemRoot\system32\drivers\AtihdLH6.sys
0x04206000 \SystemRoot\system32\drivers\portcls.sys
0x04241000 \SystemRoot\system32\drivers\drmk.sys
0x04607000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x04264000 \SystemRoot\System32\Drivers\aswSnx.SYS
0x047A7000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0x047B1000 \SystemRoot\System32\Drivers\Null.SYS
0x047C5000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x047E3000 \SystemRoot\System32\drivers\vga.sys
0x042E4000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x047F1000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x047BA000 \SystemRoot\system32\drivers\rdpencdd.sys
0x047CD000 \SystemRoot\System32\Drivers\Msfs.SYS
0x04309000 \SystemRoot\System32\Drivers\Npfs.SYS
0x047D8000 \SystemRoot\System32\DRIVERS\rasacd.sys
0x0431A000 \SystemRoot\system32\DRIVERS\tdx.sys
0x04337000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x04347000 \SystemRoot\system32\DRIVERS\smb.sys
0x04362000 \SystemRoot\system32\drivers\afd.sys
0x043CD000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x04801000 \SystemRoot\System32\DRIVERS\netbt.sys
0x04845000 \SystemRoot\system32\DRIVERS\pacer.sys
0x04863000 \SystemRoot\system32\DRIVERS\netbios.sys
0x04872000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x0488D000 \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
0x04897000 \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
0x048A1000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x048EE000 \SystemRoot\system32\drivers\nsiproxy.sys
0x048FA000 \SystemRoot\System32\Drivers\dfsc.sys
0x04917000 \SystemRoot\System32\Drivers\aswSP.SYS
0x04962000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x0497A000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x0497C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02200000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x0498A000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x049A6000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x049AF000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x049C1000 \SystemRoot\system32\DRIVERS\LEqdUsb.Sys
0x049D8000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x049E3000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x049EE000 \SystemRoot\system32\DRIVERS\LHidEqd.Sys
0x043D7000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x043EC000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x000D0000 \SystemRoot\System32\win32k.sys
0x01200000 \SystemRoot\System32\drivers\Dxapi.sys
0x007DD000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004D0000 \SystemRoot\System32\TSDDD.dll
0x006C0000 \SystemRoot\System32\cdd.dll
0x00840000 \SystemRoot\System32\ATMFD.DLL
0x0620D000 \SystemRoot\system32\drivers\luafv.sys
0x0622F000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x06269000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x06272000 \SystemRoot\system32\drivers\spsys.sys
0x0630C000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x06320000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x06338000 \SystemRoot\system32\drivers\HTTP.sys
0x06C0A000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x06C33000 \SystemRoot\system32\DRIVERS\bowser.sys
0x06C51000 \SystemRoot\System32\drivers\mpsdrv.sys
0x06C6B000 \SystemRoot\system32\drivers\mrxdav.sys
0x06C92000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x06CBB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x06D04000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x06D23000 \SystemRoot\System32\DRIVERS\srv2.sys
0x06D55000 \SystemRoot\System32\DRIVERS\srv.sys
0x06DE8000 \??\C:\Windows\system32\drivers\cpuz135_x64.sys
0x07806000 \SystemRoot\system32\drivers\peauth.sys
0x078BC000 \SystemRoot\System32\Drivers\secdrv.SYS
0x078C7000 \SystemRoot\System32\drivers\tcpipreg.sys
0x078D7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x078F7000 \SystemRoot\system32\DRIVERS\WUDFPf.sys
0x0790D000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x77770000 \Windows\System32\ntdll.dll

Processes (total 87):
0 System Idle Process
4 System
564 C:\Windows\System32\smss.exe
632 csrss.exe
696 C:\Windows\System32\wininit.exe
716 csrss.exe
752 C:\Windows\System32\services.exe
776 C:\Windows\System32\lsass.exe
784 C:\Windows\System32\lsm.exe
832 C:\Windows\System32\winlogon.exe
972 C:\Windows\System32\svchost.exe
372 C:\Windows\System32\svchost.exe
500 C:\Windows\System32\svchost.exe
720 C:\Windows\System32\atiesrxx.exe
968 C:\Windows\System32\svchost.exe
604 C:\Windows\System32\svchost.exe
1032 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\audiodg.exe
1224 C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
1300 C:\Windows\System32\svchost.exe
1316 C:\Windows\System32\SLsvc.exe
1336 C:\Windows\System32\svchost.exe
1392 C:\Windows\System32\atieclxx.exe
1496 C:\Windows\System32\svchost.exe
1592 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1940 C:\Windows\System32\spoolsv.exe
1972 C:\Windows\System32\svchost.exe
2052 C:\Windows\System32\taskeng.exe
2068 C:\Windows\System32\dwm.exe
2084 C:\Windows\explorer.exe
2132 C:\Windows\System32\taskeng.exe
2424 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
2468 C:\Program Files\LSI SoftModem\agr64svc.exe
2496 C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
2508 C:\Program Files\Carbonite\Carbonite Backup\CarboniteService.exe
2540 C:\Program Files (x86)\Creative\Shared Files\CTDevSrv.exe
2588 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
2696 C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
2768 C:\Program Files (x86)\Nero\Update\NASvc.exe
2784 C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
2872 C:\Windows\System32\svchost.exe
2896 C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe
2944 C:\Program Files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
2960 C:\Windows\System32\svchost.exe
2988 C:\Windows\System32\svchost.exe
3020 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
772 C:\Windows\System32\SearchIndexer.exe
864 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1372 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2412 WUDFHost.exe
2740 C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
3344 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
952 C:\Program Files\Logitech\SetPointP\SetPoint.exe
2128 C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
2556 C:\Windows\ehome\ehtray.exe
2812 C:\Program Files (x86)\Creative\Software Update 3\SoftAuto.exe
2552 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
3568 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
3436 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
3576 C:\Program Files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe
3572 C:\Program Files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe
1088 C:\Program Files\Windows Media Player\wmpnscfg.exe
1188 C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
3496 C:\Program Files\Windows Media Player\wmpnetwk.exe
3772 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
2344 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
4140 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
4212 C:\Program Files\Windows Defender\MSASCui.exe
4236 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
4276 C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe
4300 C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
4308 C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
4320 C:\Program Files (x86)\Ask.com\Updater\Updater.exe
4972 C:\Windows\System32\svchost.exe
3528 WmiPrvSE.exe
3808 C:\Windows\ehome\ehmsas.exe
5012 WmiPrvSE.exe
4892 C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
1440 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
2372 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
2956 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4512 C:\Windows\servicing\TrustedInstaller.exe
1568 C:\Windows\System32\SearchProtocolHost.exe
3888 C:\Windows\System32\SearchFilterHost.exe
2076 taskeng.exe
3260 C:\Windows\explorer.exe
1248 C:\Users\Tim\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000091`9fbe1000 (NTFS)

PhysicalDrive0 Model Number: WDCWD6400AAKS-65A7B2, Rev: 01.03B01

Size Device Name MBR Status
--------------------------------------------
596 GB \\.\PhysicalDrive0 Hewlett-Packard MBR code detected
SHA1: F362CE084BC77B454330005C1657154A64FB9456


Done!

#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 24 June 2011 - 04:47 PM

For now, we will treat the aswMBR failure as non-malicious and continue with the clean up. Please run Combofix next

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications including Firewalls, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#10 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 24 June 2011 - 05:45 PM

This is the ComboFix log that popped up: (I don't know how to read this thing, but the first thing that jumped out is a few references to a "dealio toolbar", which I have no idea what it is, so I assume that's not good)

ComboFix 11-06-24.02 - Tim 06/24/2011 17:58:12.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.8190.5838 [GMT -4:00]
Running from: c:\users\Tim\Desktop\comfix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Dealio Toolbar
c:\program files (x86)\Dealio Toolbar\FF\chrome.manifest
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files (x86)\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files (x86)\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files (x86)\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files (x86)\Dealio Toolbar\FF\install.rdf
c:\program files (x86)\Dealio Toolbar\IE\4.4\config.ini
c:\program files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll
c:\program files (x86)\Dealio Toolbar\Res\amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\apple.gif
c:\program files (x86)\Dealio Toolbar\Res\barnes.gif
c:\program files (x86)\Dealio Toolbar\Res\bestbuy.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo.gif
c:\program files (x86)\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files (x86)\Dealio Toolbar\Res\ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\icon_settings.gif
c:\program files (x86)\Dealio Toolbar\Res\macys.gif
c:\program files (x86)\Dealio Toolbar\Res\newegg.gif
c:\program files (x86)\Dealio Toolbar\Res\overstock.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-button.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files (x86)\Dealio Toolbar\Res\search-chevron.gif
c:\program files (x86)\Dealio Toolbar\Res\search_amazon.gif
c:\program files (x86)\Dealio Toolbar\Res\search_dealio.gif
c:\program files (x86)\Dealio Toolbar\Res\search_ebay.gif
c:\program files (x86)\Dealio Toolbar\Res\search_yahoo.gif
c:\program files (x86)\Dealio Toolbar\Res\target.gif
c:\program files (x86)\Dealio Toolbar\Res\walmart.gif
c:\program files (x86)\Dealio Toolbar\Res\widgets.xml
c:\program files (x86)\Dealio Toolbar\WidgiHelper.exe
c:\program files (x86)\Mozilla Firefox\extensions\dealio@mybrowserbar.com
.
.
((((((((((((((((((((((((( Files Created from 2011-05-24 to 2011-06-24 )))))))))))))))))))))))))))))))
.
.
2011-06-24 22:13 . 2011-06-24 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-24 21:52 . 2011-06-24 21:53 -------- d-----w- C:\32788R22FWJFW
2011-06-24 21:38 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADE32663-BA5D-4AE7-B952-5C9FC7E15338}\mpengine.dll
2011-06-21 21:24 . 2011-06-21 21:24 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-06-21 21:23 . 2011-06-21 21:24 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-06-19 18:59 . 2011-06-19 18:59 -------- d-----w- c:\users\Tim\AppData\Roaming\Nero
2011-06-17 21:13 . 2011-06-17 21:14 -------- d-----w- c:\programdata\Nero
2011-06-17 21:13 . 2011-06-17 21:13 -------- d-----w- c:\program files (x86)\Common Files\Nero
2011-06-17 21:13 . 2011-06-17 21:14 -------- d-----w- c:\program files (x86)\Nero
2011-06-16 13:31 . 2010-12-20 16:59 847360 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-04 21:14 . 2011-06-04 21:14 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-31 16:31 . 2011-06-01 07:00 -------- d-----w- c:\users\Tim\AppData\Local\{99CDDBB3-EE1E-4886-BD05-6781CC388145}
2011-05-31 00:49 . 2011-05-31 00:49 -------- d-----w- c:\users\Tim\AppData\Local\{A5393CA6-2C55-43B4-90E7-14D6FB318E02}
2011-05-28 10:09 . 2011-05-28 10:09 -------- d-----w- c:\program files (x86)\Common Files\xing shared
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 12:19 . 2011-05-21 15:13 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 13:11 . 2010-05-22 14:38 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 13:11 . 2010-05-22 14:38 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-24 23:14 . 2009-10-03 04:45 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-04-16 10:34 . 2010-06-24 15:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-04-09 22:55 . 2011-04-09 22:55 15453336 ----a-w- c:\windows\SysWow64\xlive.dll
2011-04-09 22:55 . 2011-04-09 22:55 13642904 ----a-w- c:\windows\SysWow64\xlivefnt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-05-17 17:29 1490312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-05-17 1490312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:52 762000 ----a-r- c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"SoftAuto.exe"="c:\program files (x86)\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Desktop Software"="c:\program files (x86)\Common Files\SupportSoft\bin\bcont.exe" [2009-04-24 1025320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Health Check Scheduler"="c:\program files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-12-04 75016]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePDIRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"UpdatePSTShortCut"="c:\program files (x86)\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2009-02-02 210216]
"TSMAgent"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2009-04-10 1328424]
"CLMLServer for HP TouchSmart"="c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2009-04-10 185640]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-06 224616]
"Google Quick Search Box"="c:\program files (x86)\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-07-13 122368]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2010-05-25 37888]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"DVDAgent"="c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2009-09-09 1148200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-09-08 421888]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Memeo Instant Backup"="c:\program files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe" [2011-01-24 136416]
"Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2010-04-30 79112]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"ddoctorv2"="c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtcmd.exe" [2008-04-24 202560]
"Carbonite Backup"="c:\program files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe" [2011-03-04 948880]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-05-06 532320]
"TkBellExe"="c:\program files (x86)\real\realplayer\Update\realsched.exe" [2011-05-28 273544]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PictureMover.lnk - c:\program files (x86)\PictureMover\Bin\PictureMover.exe [2009-2-9 430080]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 atidgllk;atidgllk;c:\program files\PC-Doctor for Windows\atidgllk.sys [2009-02-02 5632]
R3 ATIXPGAA;ATIXPGAA;c:\program files\PC-Doctor for Windows\ATIXPGAA.SYS [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-12-19 79360]
R3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [2009-12-15 25832]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 135664]
R3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0;PCDSRVC{F36B3A4C-F95654BD-06000000}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [2009-02-02 23536]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2010-02-17 14920]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2010-02-17 12360]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2010-06-29 128752]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2011-05-06 393112]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-01-24 25824]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2010-04-30 14088]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [x]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;c:\windows\system32\DRIVERS\LEqdUsb.Sys [x]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;c:\windows\system32\DRIVERS\LHidEqd.Sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 12:17]
.
2011-06-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-01-30 12:17]
.
2011-06-09 c:\windows\Tasks\HPCeeScheduleForTim.job
- c:\program files (x86)\Hewlett-Packard\SDP\Ceement\HPCEE.exe [2009-04-28 01:17]
.
2011-05-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-02-02 18:59]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Green]
@="{95A27763-F62A-4114-9072-E81D87DE3B68}"
[HKEY_CLASSES_ROOT\CLSID\{95A27763-F62A-4114-9072-E81D87DE3B68}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Partial]
@="{E300CD91-100F-4E67-9AF3-1384A6124015}"
[HKEY_CLASSES_ROOT\CLSID\{E300CD91-100F-4E67-9AF3-1384A6124015}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\Carbonite.Yellow]
@="{5E529433-B50E-4bef-A63B-16A6B71B071A}"
[HKEY_CLASSES_ROOT\CLSID\{5E529433-B50E-4bef-A63B-16A6B71B071A}]
2011-03-04 00:36 1174672 ----a-r- c:\program files\Carbonite\Carbonite Backup\CarboniteNSE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Remote Software"="c:\program files\Hewlett-Packard\HP Remote\HP REMOTE V1.0.5.exe" [2009-02-06 172032]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-05 154648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-05 227352]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-05 202264]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-12-04 186904]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=93&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.87.71.230 68.87.73.246
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\fy7e4zw3.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=LMW2&o=16046&locale=en_US&apn_uid=8BF75FF8-CE1F-4D62-AA49-D135DAE833D1&apn_ptnrs=OE&apn_sauid=B7E9CD63-0ECB-48BB-8360-10C896075BDB&apn_dtid=VIN003WTUS&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c2db4fe6-8409-45ce-8010-189a7b5cce86} - (no file)
Wow6432Node-HKCU-Run-WMPNSCFG - c:\program files (x86)\Windows Media Player\WMPNSCFG.exe
WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{C2DB4FE6-8409-45CE-8010-189A7B5CCE86} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-SmartMenu - c:\program files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
AddRemove-sp44626 - c:\hp\Softpaq\sp44626\sp44626.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCDSRVC{F36B3A4C-F95654BD-06000000}_0]
"ImagePath"="\??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1707849457-4000350321-2465520559-1000\Software\SecuROM\License information*]
"datasecu"=hex:74,38,32,e3,61,02,f3,2b,bc,3a,66,15,29,36,99,09,5e,f4,d1,72,5f,
c3,94,23,62,32,0f,dd,cb,34,5a,54,14,87,6e,42,ea,cc,3e,6c,a1,09,b0,6b,12,60,\
"rkeysecu"=hex:4f,af,52,92,09,ed,95,12,ea,67,12,21,74,e8,75,84
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10q_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10q.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Creative\Shared Files\CTDevSrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2011-06-24 18:30:27 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-24 22:30
.
Pre-Run: 321,164,111,872 bytes free
Post-Run: 321,011,212,288 bytes free
.
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - A4B82D5B5DE2D2CB9D450CC6F2A34B57

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 24 June 2011 - 07:20 PM

the Ask toolbar is not recommended. This toolbar enhances internet browsing and provides a direct link to the "ask.com" search engine. This program is not known to be bundled with spyware - The company strongly denies the toolbar as being malware.

Please read why it might be good to remove it here.

If you choose to remove it then follow the instructions below.

Click "start" on the taskbar and then click on the "Control Panel" icon.
Please doubleclick (or right-click, if you are using Vista) the "Add or Remove Programs" icon
A list of programs installed will be "populated" this may take a bit of time.
If they exist, uninstall the following by clicking on the following entries and selecting "remove":



Ask.com



Additional instructions can be found here if needed.


Please visit ESET and run their online scanner

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Under scan settings, check Posted Image and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
If no log is generated that means nothing was found. Please let me know if this happens.
Posted Image
m0le is a proud member of UNITE

#12 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 25 June 2011 - 05:26 AM

The thing with the ask.com toolbar is I have no idea how it got there in the first place. I'm figuring it got installed when Firefox updated, because I noticed it there at the same time that I had a newer version of Firefox, but I just can't figure out how to remove it. Going to the add/remove programs page doesn't help because ask.com doesn't show up there.

Here's the log of the ESET Scan:

C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Program Files (x86)\Dealio Toolbar\IE\4.4\dealioToolbarIE.dll.vir a variant of Win32/Adware.Toolbar.Dealio application cleaned by deleting - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0\55d743c0-4aab15fb multiple threats deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11\13bc228b-1fb9cec2 a variant of Java/TrojanDownloader.OpenStream.NBG trojan deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\10a11793-6741d9b5 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\12879fc2-2e7ecdfc a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24\2b1f6a98-7672f34a multiple threats deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\51301ce6-6d813f8b multiple threats deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44\629cc8ec-51c29003 multiple threats deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\2ec82cba-1943c2a7 multiple threats deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62\6af140be-653e8f31 a variant of Java/TrojanDownloader.OpenStream.NBF trojan deleted - quarantined
C:\Users\Tim\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\77bb66c7-516254f5 multiple threats deleted - quarantined
C:\Users\Tim\Downloads\Setup_FreeConverter.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined
C:\Users\Tim\Downloads\winamp5572_full_emusic-7plus_en-us.exe Win32/OpenCandy application deleted - quarantined

#13 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 25 June 2011 - 08:07 AM

I guess I should clarify the ask.com thing - it's not like a typical toolbar; ask.com is one of the search engines in the "search" toolbar of firefox, but there's no way to remove it. When I go into manage search engines and delete it so all that's there is google, whenever i exit firefox and restart it, ask.com is there (and on top). bing, wikipedia, and another one (yahoo maybe) all were deleted and never came back. THAT's why I suspected ask.com was malware, but maybe it's a firefox issue? Or a whole other issue considering I had 15 things on the last scan I ran.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:01:28 PM

Posted 25 June 2011 - 01:35 PM

The two entries at the top and bottom are malware. All the others are either quarantined already or in Java cache (accidentally copied files)

Looks like you agreed to install Ask when you downloaded Firefox. The way to remove it is to delete the Ask folder and registry and browser entries. If you want to do that then let me know and we'll run a Combofix script to clear it away.
Posted Image
m0le is a proud member of UNITE

#15 tsquared56

tsquared56
  • Topic Starter

  • Members
  • 157 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Voluntown, CT
  • Local time:09:28 AM

Posted 25 June 2011 - 04:40 PM

So what do I need to do next to remove those two entries?

I'd like to get rid of the Ask thing altogether considering I never use it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users