Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

General Vista Slowdown - HIJACKTHREAD log included


  • This topic is locked This topic is locked
21 replies to this topic

#1 RMTPhotography

RMTPhotography

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 12 October 2011 - 09:38 AM

Hey guys... so I am tired of this BLEEPING computer! lol

I am a photographer, and run Photoshop CS5 daily. lately I have noticed that the longer it stays open the slower and slower it gets, along with my entire computer.

Also, I have noticed that my Windows Mail (which admittedly has thousands of messages) is very slow to load and do anything in. It gets to the point where I'd rather read mail on my iPhone. IS there anyway to archive OLD messages (without deleting them in case I need them) to speed up it's loading? I eventually need to weed through all of the garbage emails and save the rest.

Lastly, I am having a general slowdown. The computer I am on has 4 cores and 4GB of RAM, when I first got it I could have have my dual monitors set up, running an itunes movie on one side and Phosotop on the other, no issue. Now I cannot without lag.

Here is my HijackThis log:


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:58:12 AM, on 10/12/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19120)
Boot mode: Normal

Running processes:
C:\Users\RMThompson\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Adobe Photoshop CS5\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?pc=Z039&form=ZGAPHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5643
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
O3 - Toolbar: vShare Plugin - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O3 - Toolbar: Search Toolbar - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\RMThompson\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 12492 bytes

BC AdBot (Login to Remove)

 


#2 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 16 October 2011 - 06:30 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#3 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 23 October 2011 - 03:22 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 08 November 2011 - 08:05 AM

This topic has been re-opened at the request of the person who originally posted.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 November 2011 - 09:20 AM

Thank you.

To answer the questions:

1. The issues are general slowdown, especially when using a program (like Photoshop) for more than a few hours at a time. The longer I have a program open, the more the computer slows down. After a few days of general usage I have to restart the computer (a longer process that it used to be) and let it all reset. I even have the startup programs set to only a few.

2. DDS file:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/20/2009 2:45:03 PM
System Uptime: 11/6/2011 6:28:18 PM (37 hours ago)
.
Motherboard: ECS | | Nettle3
Processor: AMD Phenom™ 9150e Quad-Core Processor | Socket AM2 | 1800/201mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 453 GiB total, 99.217 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.762 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is FIXED (NTFS) - 932 GiB total, 15.825 GiB free.
H: is Removable
I: is Removable
K: is Removable
L: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1701: 11/2/2011 12:03:02 AM - Scheduled Checkpoint
RP1702: 11/2/2011 3:00:21 AM - Windows Update
RP1703: 11/3/2011 12:01:23 AM - Scheduled Checkpoint
RP1704: 11/3/2011 3:00:21 AM - Windows Update
RP1705: 11/4/2011 12:35:01 AM - Scheduled Checkpoint
RP1706: 11/4/2011 2:23:23 AM - Windows Update
RP1707: 11/4/2011 3:00:22 AM - Windows Update
RP1708: 11/5/2011 12:00:04 AM - Scheduled Checkpoint
RP1709: 11/5/2011 3:00:21 AM - Windows Update
RP1710: 11/6/2011 12:00:46 AM - Scheduled Checkpoint
RP1711: 11/6/2011 2:00:20 AM - Windows Update
RP1712: 11/6/2011 3:00:17 AM - Windows Update
RP1713: 11/6/2011 7:21:33 PM - Scheduled Checkpoint
RP1714: 11/7/2011 3:00:20 AM - Windows Update
RP1715: 11/8/2011 3:00:25 AM - Windows Update
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
µTorrent
2007 Microsoft Office Suite Service Pack 2 (SP2)
7-Zip 9.20
Acrobat.com
ActiveCheck component for HP Active Support Library
Ad-Aware
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Download Assistant
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Reader X (10.1.1)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11.6
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AIM 7
AIM Toolbar
aioscnnr
Amazon MP3 Downloader 1.0.12
Apple Application Support
Apple Software Update
ArcSoft MediaImpression for Kodak
Audacity 1.2.6
Auslogics Disk Defrag
Auslogics Registry Defrag
AviSynth 2.5
AVS Update Manager 1.0
BlackBerry Desktop Software 4.7
BlackBerry Device Software Updater
BlackBerry® Media Sync
BufferChm
C4USelfUpdater
CameraHelperMsi
CDisplay 1.8
center
Compatibility Pack for the 2007 Office system
Connect
Copy
Coupon Printer for Windows
CustomerResearchQFolder
D3DX10
DebugMode Wax 2.0
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Dexter Screen Saver
Digital Photo Navigator 1.5
DING!
DivX Setup
DJ_AIO_03_F4200_ProductContext
DJ_AIO_03_F4200_Software
DJ_AIO_03_F4200_Software_Min
Download Updater (AOL LLC)
Dropbox
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.2.3.2
eFax Messenger
Enhanced Multimedia Keyboard Solution
erLT
essentials
eSupportQFolder
Everio MediaBrowser
Facebook Plug-In
Facebook Video Calling 1.0.0.8714
FileZilla Client 3.2.4.1
Flickr Uploadr 3.1.3
Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
Free RAR Extract Frog 1.00
Free Screen Video Capture by Topviewsoft 1.1.7
Google Chrome
Google Chrome Frame
Google Earth Plug-in
Google Gears
Google Update Helper
GPBaseService
HandBrake 0.9.5
HijackThis 2.0.2
History_ScreenSaver
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Demo
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Total Care Advisor
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
IM-Screensaver
InterActual Player
Jalbum 8.1
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JGoodies JDiskReport 1.3.2
Junk Mail filter update
KODAK AiO Software
kuler
LG USB Modem driver
LightScribe System Software 1.14.25.1
LightScribe Template Labeler
Logitech Touch Mouse Server 1.0
Logitech Vid HD
Logitech Webcam Software
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Malwarebytes' Anti-Malware
MarketResearch
McAfee Security Scan Plus
Meebo Notifier
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft Live Search Toolbar
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.3
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Office XP Professional with FrontPage
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual C++ Run Time Lib Setup
Microsoft WSE 3.0 Runtime
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox (3.6.23)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MySpaceIM
NCH Toolbox
Netflix in Windows Media Center
NetZero Preloader
NVIDIA PhysX
ocr
Octoshape add-in for Adobe Flash Player
Opera 11.51
PageFix 2.0
PC Inspector File Recovery
PDF Settings CS4
PDF Settings CS5
Photo Viewer s2.5
Photoshop Camera Raw
Picasa 3
Portal
PowerMenu 1.51
PreReq
Python 2.5.2
QuickTime
Realtek High Definition Audio Driver
RelevantKnowledge
Roxio Media Manager
Safari
Scan
Search Toolbar
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office Groove 2007 (KB2552997)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
Sibelius Scorch (ActiveX Only)
Sims2Pack Clean Installer
Skype Click to Call
Skype™ 5.5
SmartFTP Client Setup Files 3.0 (x64) (remove only)
SolutionCenter
Splashtop Streamer
Status
Stay On Top
Steam
StuffIt Expander 2010
Suite Shared Configuration CS4
System Requirements Lab
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
Toolbox
TrayApp
Turbine Download Manager - Live
Undeleter
Unity Web Player
UnloadSupport
Update for 2007 Microsoft Office System (KB2284654)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
VC80CRTRedist - 8.0.50727.4053
Videora iPod Converter 6
Viewpoint Media Player
VirtualCloneDrive
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual C++ 8.0 Runtime Setup Package (x64)
vShare Plugin
Watson
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live OneCare safety scanner
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinSCP 4.3.2
Wise-FTP
Xvid Video Codec
Yahoo! Messenger
Yahoo! Software Update
YouSendIt Express
.
==== Event Viewer Messages From Past Week ========
.
11/8/2011 3:21:16 AM, Error: nvstor64 [5] - A parity error was detected on \Device\RaidPort0.
11/8/2011 3:09:19 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Excel 2002 (KB2541003).
11/8/2011 3:07:10 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2288608).
11/8/2011 3:06:41 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Server 2003, Vista, and Server 2008 for x64 (KB2572067).
11/8/2011 3:05:58 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Publisher 2002 (KB2284692).
11/8/2011 3:05:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Outlook 2002 (KB2293422).
11/8/2011 3:05:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Word 2002 (KB2328360).
11/8/2011 3:04:29 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2289162).
11/8/2011 3:04:00 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft PowerPoint 2002 (KB2535802).
11/8/2011 3:03:30 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Office XP (KB2509461).
11/6/2011 6:34:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
11/6/2011 6:32:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt SRTSP SRTSPX
11/6/2011 6:32:46 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
11/6/2011 6:31:35 PM, Error: Service Control Manager [7000] - The Norton Internet Security service failed to start due to the following error: The system cannot find the path specified.
11/6/2011 6:14:11 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.
11/6/2011 6:10:00 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A4E21433-30FF-433A-A2CA-C9295CDF5DB1}. The master browser is stopping or an election is being forced.
.
==== End Of File ===========================

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 08 November 2011 - 09:31 AM

It looks like you have a RAID setup which may have some problems.

Can you post me also DDS.txt (you now only posted attach.txt)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 November 2011 - 09:34 AM

Oh oops.

No I don't have a RAID setup - The C: HD is my main, the D: is a partition that is used by the computer for backup and the G: is a portable HD that is attached right now.

DDS file:



DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.6001.19154 BrowserJavaVersion: 1.6.0_26
Run by RMThompson at 7:37:07 on 2011-11-08
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.908 [GMT -5:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Logitech\Vid HD\Vid.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\ehome\ehtray.exe
C:\Users\RMThompson\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Users\RMThompson\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.EXE
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
C:\Program Files\Adobe\Adobe Photoshop CS5 (64 Bit)\Photoshop.exe
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome Frame\Application\chrome.exe
C:\Program Files (x86)\Safari\Safari.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Users\RMThompson\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
mSearchAssistant = hxxp://start.facemoods.com/?a=wbst&s={searchTerms}&f=4
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: H - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [AdobeBridge]
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Vid HD\Vid.exe" -bootmode
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Google Update] "C:\Users\RMThompson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Facebook Update] "C:\Users\RMThompson\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
mRun: [Wise-FTP Scheduler]
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Conime] %windir%\system32\conime.exe
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
dRun: [MySpaceIM] C:\Program Files (x86)\MySpace\IM\MySpaceIM.exe
StartupFolder: C:\Users\RMTHOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\RMThompson\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\RMTHOM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files (x86)\Logitech\Ereg\eReg.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
DPF: {62789780-B744-11D0-986B-00609731A21D} - hxxp://pubgis.co.pinellas.fl.us/ActiveX/ver6.3/mgaxctrl.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{A4E21433-30FF-433A-A2CA-C9295CDF5DB1} : DhcpNameServer = 65.32.5.111 65.32.5.112
TCP: Interfaces\{BD058D1D-35C6-4120-9E14-5186FC6DDAFC} : DhcpNameServer = 65.32.5.111 65.32.5.112
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO-X64: AIM Toolbar Loader - No File
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
BHO-X64: Google Gears Helper - No File
BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\9.0.597.98\npchrome_frame.dll
BHO-X64: ChromeFrame BHO - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
TB-X64: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Wise-FTP Scheduler]
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [Conime] %windir%\system32\conime.exe
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\RMThompson\AppData\Roaming\Mozilla\Firefox\Profiles\rhbfwwsd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\NOS\bin\np_gp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\RMThompson\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\RMThompson\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\RMThompson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Users\RMThompson\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
FF - plugin: C:\Users\RMThompson\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - C:\Program Files (x86)\Google\Google Gears\Firefox
FF - Ext: RelevantKnowledge: {6E19037A-12E3-4295-8915-ED48BC341614} - C:\Program Files (x86)\RelevantKnowledge
FF - Ext: XULRunner: {C5239B91-E5EC-4D77-931B-7AABDEDEBCBA} - C:\Users\RMThompson\AppData\Local\{C5239B91-E5EC-4D77-931B-7AABDEDEBCBA}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-9-26 27632]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648]
R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-9-9 518472]
R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-9-21 366408]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2011-8-19 450848]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 LVUVC64;Logitech HD Webcam C310(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\system32\DRIVERS\netr7364.sys --> C:\Windows\system32\DRIVERS\netr7364.sys [?]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\Windows\system32\DRIVERS\point64k.sys --> C:\Windows\system32\DRIVERS\point64k.sys [?]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2010-12-3 17152]
S3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 motccgp;Motorola USB Composite Device Driver;C:\Windows\system32\DRIVERS\motccgp.sys --> C:\Windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;C:\Windows\system32\DRIVERS\motccgpfl.sys --> C:\Windows\system32\DRIVERS\motccgpfl.sys [?]
S3 motport;Motorola USB Diagnostic Port;C:\Windows\system32\DRIVERS\motport.sys --> C:\Windows\system32\DRIVERS\motport.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-10 89920]
S4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-4 1038088]
S4 gupdate1c9e91c74462ebf;Google Update Service (gupdate1c9e91c74462ebf);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-6-9 133104]
S4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2010-12-3 1405384]
S4 LiveTurbineMessageService;Turbine Message Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-10-6 271856]
S4 LiveTurbineNetworkService;Turbine Network Service - Live;C:\Program Files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-10-6 218608]
S4 TomTomHOMEService;TomTomHOMEService;C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
S4 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-2-6 24652]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2011-11-06 23:35:48 -------- d-----w- C:\Users\RMThompson\AppData\Local\{76EBF807-987E-4D36-B53F-C3C5983B2F71}
2011-11-06 23:35:25 -------- d-----w- C:\Users\RMThompson\AppData\Local\{E88FCC4C-DDED-4CDE-9C69-81AA3CE2FFAB}
2011-11-06 23:30:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B554FE71-7E50-4163-A9DA-FCCC8D19FD50}\offreg.dll
2011-11-06 23:25:14 -------- d-sh--w- C:\found.000
2011-11-04 06:24:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B554FE71-7E50-4163-A9DA-FCCC8D19FD50}\mpengine.dll
2011-11-01 19:00:06 -------- d-----w- C:\Users\RMThompson\AppData\Local\Facebook
2011-10-26 07:32:10 6144 ----a-w- C:\Program Files\Internet Explorer\iecompat.dll
2011-10-26 07:32:10 6144 ----a-w- C:\Program Files (x86)\Internet Explorer\iecompat.dll
2011-10-25 03:32:16 -------- d-----w- C:\Users\RMThompson\AppData\Local\{25005013-1B66-41A8-AD58-BDC461757BCA}
2011-10-25 03:31:55 -------- d-----w- C:\Users\RMThompson\AppData\Local\{D2B7ED73-7EFE-41E5-B21A-59C543D0268A}
2011-10-22 04:55:32 -------- d-----w- C:\Users\RMThompson\AppData\Local\{7A0BBD21-1A2D-4009-8933-5A1890FFAF2C}
2011-10-22 04:55:04 -------- d-----w- C:\Users\RMThompson\AppData\Local\{BE338249-665F-45F0-826B-75D2CE44C7A4}
2011-10-13 03:44:55 -------- d-----w- C:\Users\RMThompson\AppData\Local\Logitech® Webcam Software
2011-10-13 03:34:00 53248 ----a-r- C:\Users\RMThompson\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-13 03:31:59 -------- d-----w- C:\Program Files (x86)\Common Files\LWS
2011-10-12 21:56:56 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2011-10-12 21:56:56 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 21:56:54 69632 ----a-w- C:\Windows\SysWow64\Mpeg2Data.ax
2011-10-12 21:56:54 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-12 21:56:54 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-12 21:56:54 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-12 21:56:54 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-12 21:56:54 100352 ----a-w- C:\Windows\System32\Mpeg2Data.ax
2011-10-12 21:56:53 73216 ----a-w- C:\Windows\System32\MSDvbNP.ax
2011-10-12 21:56:53 57856 ----a-w- C:\Windows\SysWow64\MSDvbNP.ax
2011-10-12 12:09:02 -------- d-----w- C:\Program Files\iPod
2011-10-12 12:08:59 -------- d-----w- C:\Program Files\iTunes
2011-10-12 12:08:59 -------- d-----w- C:\Program Files (x86)\iTunes
2011-10-12 12:04:10 -------- d-----w- C:\Program Files\Bonjour
2011-10-12 12:04:10 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-10-11 01:12:20 -------- d-----w- C:\ProgramData\McAfee Security Scan
2011-10-11 01:11:57 -------- d-----w- C:\Program Files (x86)\McAfee Security Scan
2011-10-10 15:09:40 4550304 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
.
==================== Find3M ====================
.
2011-09-30 23:25:35 1147904 ----a-w- C:\Windows\System32\wininet.dll
2011-09-30 23:21:20 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2011-09-30 23:21:00 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-09-30 23:20:40 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2011-09-30 23:20:39 77312 ----a-w- C:\Windows\System32\iesetup.dll
2011-09-30 23:06:24 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-30 23:02:06 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-09-30 23:01:51 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-09-30 23:01:34 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2011-09-30 23:01:34 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2011-09-30 22:29:23 479232 ----a-w- C:\Windows\System32\html.iec
2011-09-30 22:07:25 385024 ----a-w- C:\Windows\SysWow64\html.iec
2011-09-30 21:48:19 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2011-09-30 21:47:04 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-30 21:29:54 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2011-09-30 21:28:36 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-09-06 13:56:50 2764288 ----a-w- C:\Windows\System32\win32k.sys
2011-09-02 16:29:06 160256 ----a-w- C:\Windows\System32\EKAiO2COI05.dll
2011-09-02 16:29:04 1020416 ----a-w- C:\Windows\System32\EKAiO2MON.dll
2011-08-31 03:05:32 96104 ----a-w- C:\Windows\System32\dns-sd.exe
2011-08-31 03:05:32 85864 ----a-w- C:\Windows\System32\dnssd.dll
2011-08-31 03:05:04 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-08-31 03:05:04 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-08-25 16:20:38 735744 ----a-w- C:\Windows\System32\UIAutomationCore.dll
2011-08-25 16:19:32 847360 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-25 16:19:32 332288 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-25 16:15:04 555520 ----a-w- C:\Windows\SysWow64\UIAutomationCore.dll
2011-08-25 16:14:01 563712 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-25 16:14:01 238080 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-25 13:54:14 4096 ----a-w- C:\Windows\System32\oleaccrc.dll
2011-08-25 13:31:01 4096 ----a-w- C:\Windows\SysWow64\oleaccrc.dll
2011-08-19 09:27:30 769312 ----a-w- C:\Windows\System32\LVUI64.dll
2011-08-19 09:27:30 561440 ----a-w- C:\Windows\System32\LVUIRC64.dll
2011-08-19 09:27:30 4869024 ----a-w- C:\Windows\System32\drivers\lvuvc64.sys
2011-08-19 09:27:30 351136 ----a-w- C:\Windows\System32\drivers\lvrs64.sys
2011-08-19 09:27:22 263456 ----a-w- C:\Windows\System32\lvco13301394.dll
2011-08-19 09:27:22 176416 ----a-w- C:\Windows\System32\lvcod64.dll
2011-08-19 09:26:50 545056 ----a-w- C:\Windows\SysWow64\LVUI2.dll
2011-08-19 09:26:50 540960 ----a-w- C:\Windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26:46 307488 ----a-w- C:\Windows\SysWow64\lvcodec2.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26:20 336408 ----a-w- C:\Windows\System32\DevManagerCore.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\SysWow64\LogiDPP.dll
2011-08-19 09:26:20 10898456 ----a-w- C:\Windows\System32\LogiDPP.dll
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26:20 104472 ----a-w- C:\Windows\System32\LogiDPPApp.exe
2011-08-13 00:49:07 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 16:19:40 16920 ----a-w- C:\Windows\System32\drivers\iKeyLFT264.dll
2011-08-12 15:55:42 10240 ----a-w- C:\Windows\System32\EKaio2WiaCoInstRes.dll
2011-08-12 15:55:40 122368 ----a-w- C:\Windows\System32\EKaio2WiaCoInst.dll
.
============= FINISH: 7:39:02.93 ===============

#8 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 08 November 2011 - 10:21 AM

To be sure, lets also do a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#9 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 November 2011 - 10:39 AM

10:38:44.0810 4272 TDSS rootkit removing tool 2.6.16.0 Nov 7 2011 16:26:51
10:38:44.0955 4272 ============================================================
10:38:44.0955 4272 Current date / time: 2011/11/08 10:38:44.0955
10:38:44.0955 4272 SystemInfo:
10:38:44.0955 4272
10:38:44.0955 4272 OS Version: 6.0.6002 ServicePack: 2.0
10:38:44.0955 4272 Product type: Workstation
10:38:44.0955 4272 ComputerName: RMTHOMPSON-PC
10:38:44.0955 4272 UserName: RMThompson
10:38:44.0955 4272 Windows directory: C:\Windows
10:38:44.0955 4272 System windows directory: C:\Windows
10:38:44.0955 4272 Running under WOW64
10:38:44.0955 4272 Processor architecture: Intel x64
10:38:44.0955 4272 Number of processors: 4
10:38:44.0955 4272 Page size: 0x1000
10:38:44.0955 4272 Boot type: Normal boot
10:38:44.0956 4272 ============================================================
10:38:46.0061 4272 Initialize success
10:38:48.0363 7108 ============================================================
10:38:48.0363 7108 Scan started
10:38:48.0363 7108 Mode: Manual;
10:38:48.0363 7108 ============================================================
10:38:49.0106 7108 ACPI (1965aaffab07e3fb03c77f81beba3547) C:\Windows\system32\drivers\acpi.sys
10:38:49.0109 7108 ACPI - ok
10:38:49.0208 7108 adfs (2f0683fd2df1d92e891caca14b45a8c1) C:\Windows\system32\drivers\adfs.sys
10:38:49.0209 7108 adfs - ok
10:38:49.0651 7108 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
10:38:49.0655 7108 adp94xx - ok
10:38:49.0731 7108 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
10:38:49.0734 7108 adpahci - ok
10:38:49.0760 7108 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
10:38:49.0761 7108 adpu160m - ok
10:38:49.0789 7108 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
10:38:49.0790 7108 adpu320 - ok
10:38:49.0827 7108 Afc - ok
10:38:49.0972 7108 AFD (0cc146c4addea45791b18b1e2659f4a9) C:\Windows\system32\drivers\afd.sys
10:38:49.0975 7108 AFD - ok
10:38:50.0031 7108 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
10:38:50.0031 7108 agp440 - ok
10:38:50.0048 7108 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
10:38:50.0049 7108 aic78xx - ok
10:38:50.0076 7108 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
10:38:50.0077 7108 aliide - ok
10:38:50.0103 7108 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
10:38:50.0104 7108 amdide - ok
10:38:50.0137 7108 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\drivers\amdk8.sys
10:38:50.0138 7108 AmdK8 - ok
10:38:50.0200 7108 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
10:38:50.0201 7108 arc - ok
10:38:50.0247 7108 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
10:38:50.0248 7108 arcsas - ok
10:38:50.0338 7108 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
10:38:50.0338 7108 AsyncMac - ok
10:38:50.0409 7108 atapi (e68d9b3a3905619732f7fe039466a623) C:\Windows\system32\drivers\atapi.sys
10:38:50.0409 7108 atapi - ok
10:38:50.0470 7108 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
10:38:50.0471 7108 blbdrive - ok
10:38:50.0689 7108 bowser (2348447a80920b2493a9b582a23e81e1) C:\Windows\system32\DRIVERS\bowser.sys
10:38:50.0690 7108 bowser - ok
10:38:50.0711 7108 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
10:38:50.0711 7108 BrFiltLo - ok
10:38:50.0727 7108 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
10:38:50.0727 7108 BrFiltUp - ok
10:38:50.0764 7108 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
10:38:50.0765 7108 Brserid - ok
10:38:50.0792 7108 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
10:38:50.0793 7108 BrSerWdm - ok
10:38:50.0809 7108 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
10:38:50.0810 7108 BrUsbMdm - ok
10:38:50.0820 7108 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
10:38:50.0820 7108 BrUsbSer - ok
10:38:50.0863 7108 BTHMODEM (e0777b34e05f8a82a21856efc900c29f) C:\Windows\system32\drivers\bthmodem.sys
10:38:50.0863 7108 BTHMODEM - ok
10:38:50.0907 7108 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
10:38:50.0908 7108 cdfs - ok
10:38:50.0968 7108 cdrom (c025aa69be3d0d25c7a2e746ef6f94fc) C:\Windows\system32\DRIVERS\cdrom.sys
10:38:50.0969 7108 cdrom - ok
10:38:51.0002 7108 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
10:38:51.0003 7108 circlass - ok
10:38:51.0051 7108 CLFS (3dca9a18b204939cfb24bea53e31eb48) C:\Windows\system32\CLFS.sys
10:38:51.0054 7108 CLFS - ok
10:38:51.0120 7108 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
10:38:51.0120 7108 cmdide - ok
10:38:51.0147 7108 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\drivers\compbatt.sys
10:38:51.0147 7108 Compbatt - ok
10:38:51.0178 7108 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
10:38:51.0178 7108 crcdisk - ok
10:38:51.0255 7108 DfsC (8b722ba35205c71e7951cdc4cdbade19) C:\Windows\system32\Drivers\dfsc.sys
10:38:51.0257 7108 DfsC - ok
10:38:51.0305 7108 disk (b0107e40ecdb5fa692ebf832f295d905) C:\Windows\system32\drivers\disk.sys
10:38:51.0306 7108 disk - ok
10:38:51.0328 7108 Dns_dpkxcsmp - ok
10:38:51.0377 7108 Dot4 (74c02b1717740c3b8039539e23e4b53f) C:\Windows\system32\DRIVERS\Dot4.sys
10:38:51.0378 7108 Dot4 - ok
10:38:51.0395 7108 Dot4Print (08321d1860235bf42cf2854234337aea) C:\Windows\system32\DRIVERS\Dot4Prt.sys
10:38:51.0396 7108 Dot4Print - ok
10:38:51.0428 7108 dot4usb (4adccf0124f2b6911d3786a5d0e779e5) C:\Windows\system32\DRIVERS\dot4usb.sys
10:38:51.0429 7108 dot4usb - ok
10:38:51.0521 7108 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
10:38:51.0522 7108 drmkaud - ok
10:38:51.0712 7108 DXGKrnl (b8e554e502d5123bc111f99d6a2181b4) C:\Windows\System32\drivers\dxgkrnl.sys
10:38:51.0718 7108 DXGKrnl - ok
10:38:51.0760 7108 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
10:38:51.0761 7108 E1G60 - ok
10:38:51.0825 7108 Ecache (5f94962be5a62db6e447ff6470c4f48a) C:\Windows\system32\drivers\ecache.sys
10:38:51.0827 7108 Ecache - ok
10:38:51.0868 7108 ElbyCDIO (a05fc7eca0966ebb70e4d17b855a853b) C:\Windows\system32\Drivers\ElbyCDIO.sys
10:38:51.0869 7108 ElbyCDIO - ok
10:38:51.0899 7108 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
10:38:51.0902 7108 elxstor - ok
10:38:51.0929 7108 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
10:38:51.0930 7108 ErrDev - ok
10:38:51.0979 7108 exfat (486844f47b6636044a42454614ed4523) C:\Windows\system32\drivers\exfat.sys
10:38:51.0980 7108 exfat - ok
10:38:52.0021 7108 fastfat (1a4bee34277784619ddaf0422c0c6e23) C:\Windows\system32\drivers\fastfat.sys
10:38:52.0023 7108 fastfat - ok
10:38:52.0065 7108 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
10:38:52.0065 7108 fdc - ok
10:38:52.0094 7108 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
10:38:52.0095 7108 FileInfo - ok
10:38:52.0113 7108 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
10:38:52.0114 7108 Filetrace - ok
10:38:52.0154 7108 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
10:38:52.0155 7108 flpydisk - ok
10:38:52.0189 7108 FltMgr (e3041bc26d6930d61f42aedb79c91720) C:\Windows\system32\drivers\fltmgr.sys
10:38:52.0191 7108 FltMgr - ok
10:38:52.0251 7108 fssfltr (6c06701bf1db05405804d7eb610991ce) C:\Windows\system32\DRIVERS\fssfltr.sys
10:38:52.0251 7108 fssfltr - ok
10:38:52.0263 7108 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
10:38:52.0264 7108 Fs_Rec - ok
10:38:52.0282 7108 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
10:38:52.0283 7108 gagp30kx - ok
10:38:52.0324 7108 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:38:52.0324 7108 GEARAspiWDM - ok
10:38:52.0410 7108 HDAudBus (f942c5820205f2fb453243edfec82a3d) C:\Windows\system32\DRIVERS\HDAudBus.sys
10:38:52.0417 7108 HDAudBus - ok
10:38:52.0514 7108 HidBth (b4881c84a180e75b8c25dc1d726c375f) C:\Windows\system32\drivers\hidbth.sys
10:38:52.0515 7108 HidBth - ok
10:38:52.0581 7108 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
10:38:52.0581 7108 HidIr - ok
10:38:52.0723 7108 HidUsb (443bdd2d30bb4f00795c797e2cf99edf) C:\Windows\system32\DRIVERS\hidusb.sys
10:38:52.0723 7108 HidUsb - ok
10:38:52.0778 7108 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
10:38:52.0778 7108 HpCISSs - ok
10:38:52.0831 7108 HTTP (098f1e4e5c9cb5b0063a959063631610) C:\Windows\system32\drivers\HTTP.sys
10:38:52.0836 7108 HTTP - ok
10:38:52.0866 7108 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
10:38:52.0866 7108 i2omp - ok
10:38:52.0911 7108 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
10:38:52.0912 7108 i8042prt - ok
10:38:52.0937 7108 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
10:38:52.0939 7108 iaStorV - ok
10:38:52.0982 7108 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
10:38:52.0983 7108 iirsp - ok
10:38:53.0052 7108 IntcAzAudAddService (5f885046a7f420989c8366324fd2ef60) C:\Windows\system32\drivers\RTKVHD64.sys
10:38:53.0063 7108 IntcAzAudAddService - ok
10:38:53.0089 7108 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
10:38:53.0091 7108 intelide - ok
10:38:53.0114 7108 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
10:38:53.0116 7108 intelppm - ok
10:38:53.0179 7108 IpFilterDriver (d8aabc341311e4780d6fce8c73c0ad81) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:38:53.0182 7108 IpFilterDriver - ok
10:38:53.0193 7108 IpInIp - ok
10:38:53.0210 7108 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
10:38:53.0213 7108 IPMIDRV - ok
10:38:53.0237 7108 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
10:38:53.0240 7108 IPNAT - ok
10:38:53.0267 7108 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
10:38:53.0268 7108 IRENUM - ok
10:38:53.0294 7108 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
10:38:53.0296 7108 isapnp - ok
10:38:53.0343 7108 iScsiPrt (e4fdf99599f27ec25d2cf6d754243520) C:\Windows\system32\DRIVERS\msiscsi.sys
10:38:53.0348 7108 iScsiPrt - ok
10:38:53.0375 7108 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
10:38:53.0377 7108 iteatapi - ok
10:38:53.0412 7108 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
10:38:53.0415 7108 iteraid - ok
10:38:53.0432 7108 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
10:38:53.0437 7108 kbdclass - ok
10:38:53.0472 7108 kbdhid (dbdf75d51464fbc47d0104ec3d572c05) C:\Windows\system32\DRIVERS\kbdhid.sys
10:38:53.0473 7108 kbdhid - ok
10:38:53.0664 7108 KSecDD (476e2c1dcea45895994bef11c2a98715) C:\Windows\system32\Drivers\ksecdd.sys
10:38:53.0787 7108 KSecDD - ok
10:38:53.0799 7108 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
10:38:53.0821 7108 ksthunk - ok
10:38:53.0907 7108 Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
10:38:53.0909 7108 Lavasoft Kernexplorer - ok
10:38:53.0955 7108 Lbd (3c46290f7a5d45ba6ef32c248e22aa69) C:\Windows\system32\DRIVERS\Lbd.sys
10:38:53.0958 7108 Lbd - ok
10:38:53.0983 7108 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
10:38:54.0008 7108 lltdio - ok
10:38:54.0050 7108 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
10:38:54.0054 7108 LSI_FC - ok
10:38:54.0073 7108 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
10:38:54.0077 7108 LSI_SAS - ok
10:38:54.0092 7108 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
10:38:54.0096 7108 LSI_SCSI - ok
10:38:54.0119 7108 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
10:38:54.0122 7108 luafv - ok
10:38:54.0137 7108 LVPr2M64 - ok
10:38:54.0211 7108 LVRS64 (ef2be2f45d4f06410a3bd2a3467325b0) C:\Windows\system32\DRIVERS\lvrs64.sys
10:38:54.0245 7108 LVRS64 - ok
10:38:54.0297 7108 LVUSBS64 (6562fcee704f14c05f5338b147d67a16) C:\Windows\system32\drivers\LVUSBS64.sys
10:38:54.0299 7108 LVUSBS64 - ok
10:38:54.0406 7108 LVUVC64 (ac22f92c6078640fe8a70d662a2f3ad5) C:\Windows\system32\DRIVERS\lvuvc64.sys
10:38:54.0489 7108 LVUVC64 - ok
10:38:54.0550 7108 ManyCam (d33e2b74cf8b3a652bf0a9fbd068e87a) C:\Windows\system32\DRIVERS\ManyCam_x64.sys
10:38:54.0555 7108 ManyCam - ok
10:38:54.0694 7108 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
10:38:54.0696 7108 megasas - ok
10:38:54.0720 7108 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
10:38:54.0728 7108 MegaSR - ok
10:38:54.0780 7108 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
10:38:54.0782 7108 Modem - ok
10:38:54.0836 7108 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
10:38:54.0869 7108 monitor - ok
10:38:54.0945 7108 motccgp (7bd101253058db30c52c6ea8d3911754) C:\Windows\system32\DRIVERS\motccgp.sys
10:38:54.0947 7108 motccgp - ok
10:38:54.0976 7108 motccgpfl (1a700e7063ca7f2b29a4e761da604dfb) C:\Windows\system32\DRIVERS\motccgpfl.sys
10:38:54.0978 7108 motccgpfl - ok
10:38:55.0032 7108 motmodem (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motmodem.sys
10:38:55.0034 7108 motmodem - ok
10:38:55.0085 7108 motport (940f4da752e28e6c4b1090d21aeb7b80) C:\Windows\system32\DRIVERS\motport.sys
10:38:55.0087 7108 motport - ok
10:38:55.0097 7108 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
10:38:55.0098 7108 mouclass - ok
10:38:55.0117 7108 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
10:38:55.0118 7108 mouhid - ok
10:38:55.0135 7108 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
10:38:55.0139 7108 MountMgr - ok
10:38:55.0171 7108 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
10:38:55.0174 7108 mpio - ok
10:38:55.0195 7108 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
10:38:55.0199 7108 mpsdrv - ok
10:38:55.0229 7108 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
10:38:55.0232 7108 Mraid35x - ok
10:38:55.0275 7108 MRxDAV (7c1de4aa96dc0c071611f9e7de02a68d) C:\Windows\system32\drivers\mrxdav.sys
10:38:55.0279 7108 MRxDAV - ok
10:38:55.0344 7108 mrxsmb (1485811b320ff8c7edad1caebb1c6c2b) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:38:55.0347 7108 mrxsmb - ok
10:38:55.0420 7108 mrxsmb10 (3b929a60c833fc615fd97fba82bc7632) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:38:55.0451 7108 mrxsmb10 - ok
10:38:55.0477 7108 mrxsmb20 (c64ab3e1f53b4f5b5bb6d796b2d7bec3) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:38:55.0480 7108 mrxsmb20 - ok
10:38:55.0499 7108 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
10:38:55.0503 7108 msahci - ok
10:38:55.0526 7108 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
10:38:55.0530 7108 msdsm - ok
10:38:55.0546 7108 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
10:38:55.0548 7108 Msfs - ok
10:38:55.0557 7108 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
10:38:55.0559 7108 msisadrv - ok
10:38:55.0600 7108 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
10:38:55.0602 7108 MSKSSRV - ok
10:38:55.0638 7108 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
10:38:55.0640 7108 MSPCLOCK - ok
10:38:55.0657 7108 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
10:38:55.0659 7108 MSPQM - ok
10:38:55.0696 7108 MsRPC (dc6ccf440cdede4293db41c37a5060a5) C:\Windows\system32\drivers\MsRPC.sys
10:38:55.0702 7108 MsRPC - ok
10:38:55.0719 7108 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
10:38:55.0721 7108 mssmbios - ok
10:38:55.0738 7108 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
10:38:55.0740 7108 MSTEE - ok
10:38:55.0760 7108 Mup (0cc49f78d8aca0877d885f149084e543) C:\Windows\system32\Drivers\mup.sys
10:38:55.0761 7108 Mup - ok
10:38:56.0006 7108 NativeWifiP (2007b826c4acd94ae32232b41f0842b9) C:\Windows\system32\DRIVERS\nwifi.sys
10:38:56.0011 7108 NativeWifiP - ok
10:38:56.0038 7108 NAVENG - ok
10:38:56.0044 7108 NAVEX15 - ok
10:38:56.0102 7108 NDIS (65950e07329fcee8e6516b17c8d0abb6) C:\Windows\system32\drivers\ndis.sys
10:38:56.0120 7108 NDIS - ok
10:38:56.0141 7108 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
10:38:56.0143 7108 NdisTapi - ok
10:38:56.0154 7108 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
10:38:56.0156 7108 Ndisuio - ok
10:38:56.0201 7108 NdisWan (f8158771905260982ce724076419ef19) C:\Windows\system32\DRIVERS\ndiswan.sys
10:38:56.0205 7108 NdisWan - ok
10:38:56.0217 7108 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
10:38:56.0220 7108 NDProxy - ok
10:38:56.0242 7108 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
10:38:56.0244 7108 NetBIOS - ok
10:38:56.0280 7108 netbt (fc2c792ebddc8e28df939d6a92c83d61) C:\Windows\system32\DRIVERS\netbt.sys
10:38:56.0286 7108 netbt - ok
10:38:56.0355 7108 netr7364 (38d2e0c457df8814336b42e90723384b) C:\Windows\system32\DRIVERS\netr7364.sys
10:38:56.0367 7108 netr7364 - ok
10:38:56.0401 7108 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
10:38:56.0403 7108 nfrd960 - ok
10:38:56.0545 7108 Npfs (b298874f8e0ea93f06ec40aa8d146478) C:\Windows\system32\drivers\Npfs.sys
10:38:56.0554 7108 Npfs - ok
10:38:56.0579 7108 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
10:38:56.0581 7108 nsiproxy - ok
10:38:56.0650 7108 Ntfs (bac869dfb98e499ba4d9bb1fb43270e1) C:\Windows\system32\drivers\Ntfs.sys
10:38:56.0683 7108 Ntfs - ok
10:38:56.0738 7108 NuidFltr (d4012918d3a3847b44b888d56bc095d6) C:\Windows\system32\DRIVERS\NuidFltr.sys
10:38:56.0740 7108 NuidFltr - ok
10:38:56.0754 7108 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
10:38:56.0755 7108 Null - ok
10:38:56.0818 7108 NVENETFD (98350606682594521d56eccb5d01ecf7) C:\Windows\system32\DRIVERS\nvmfdx64.sys
10:38:56.0852 7108 NVENETFD - ok
10:38:57.0161 7108 nvlddmkm (e55cab397f77d5208db18a78b1b7c0d5) C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:38:57.0378 7108 nvlddmkm - ok
10:38:57.0397 7108 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
10:38:57.0400 7108 nvraid - ok
10:38:57.0437 7108 nvrd64 (011db85affd2368348181c552e025d98) C:\Windows\system32\drivers\nvrd64.sys
10:38:57.0443 7108 nvrd64 - ok
10:38:57.0485 7108 nvsmu (16d36074b84da72d160233c8d132dc89) C:\Windows\system32\drivers\nvsmu.sys
10:38:57.0487 7108 nvsmu - ok
10:38:57.0505 7108 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
10:38:57.0508 7108 nvstor - ok
10:38:57.0534 7108 nvstor64 (fa6d13aa972967eb46862d0f0372a65a) C:\Windows\system32\drivers\nvstor64.sys
10:38:57.0539 7108 nvstor64 - ok
10:38:57.0580 7108 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
10:38:57.0583 7108 nv_agp - ok
10:38:57.0591 7108 NwlnkFlt - ok
10:38:57.0601 7108 NwlnkFwd - ok
10:38:57.0644 7108 ohci1394 (b5b1ce65ac15bbd11c0619e3ef7cfc28) C:\Windows\system32\DRIVERS\ohci1394.sys
10:38:57.0647 7108 ohci1394 - ok
10:38:57.0680 7108 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
10:38:57.0683 7108 Parport - ok
10:38:57.0718 7108 partmgr (f9b5eda4c17a2be7663f064dbf0fe254) C:\Windows\system32\drivers\partmgr.sys
10:38:57.0722 7108 partmgr - ok
10:38:57.0789 7108 pci (47ab1e0fc9d0e12bb53ba246e3a0906d) C:\Windows\system32\drivers\pci.sys
10:38:57.0794 7108 pci - ok
10:38:57.0856 7108 pciide (2657f6c0b78c36d95034be109336e382) C:\Windows\system32\drivers\pciide.sys
10:38:57.0875 7108 pciide - ok
10:38:58.0202 7108 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
10:38:58.0206 7108 pcmcia - ok
10:38:58.0286 7108 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
10:38:58.0289 7108 pcouffin - ok
10:38:58.0321 7108 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
10:38:58.0338 7108 PEAUTH - ok
10:38:58.0487 7108 PID_0928 (db5c32a4130e6b36cd6ed7a5a6c7751e) C:\Windows\system32\DRIVERS\LV561V64.SYS
10:38:58.0538 7108 PID_0928 - ok
10:38:58.0590 7108 Point64 (e27b59c24404f671802f209bd580f818) C:\Windows\system32\DRIVERS\point64k.sys
10:38:58.0602 7108 Point64 - ok
10:38:58.0654 7108 PptpMiniport (23386e9952025f5f21c368971e2e7301) C:\Windows\system32\DRIVERS\raspptp.sys
10:38:58.0657 7108 PptpMiniport - ok
10:38:58.0672 7108 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\DRIVERS\processr.sys
10:38:58.0674 7108 Processor - ok
10:38:58.0710 7108 Ps2 (1d0a3f565397d08707f3d75b88586645) C:\Windows\system32\DRIVERS\PS2.sys
10:38:58.0725 7108 Ps2 - ok
10:38:58.0757 7108 PSched (c5ab7f0809392d0da027f4a2a81bfa31) C:\Windows\system32\DRIVERS\pacer.sys
10:38:58.0760 7108 PSched - ok
10:38:58.0796 7108 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
10:38:58.0798 7108 PxHlpa64 - ok
10:38:58.0838 7108 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
10:38:58.0864 7108 ql2300 - ok
10:38:58.0891 7108 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
10:38:58.0958 7108 ql40xx - ok
10:38:59.0142 7108 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
10:38:59.0148 7108 QWAVEdrv - ok
10:38:59.0158 7108 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
10:38:59.0160 7108 RasAcd - ok
10:38:59.0223 7108 Rasl2tp (ac7bc4d42a7e558718dfdec599bbfc2c) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:59.0226 7108 Rasl2tp - ok
10:38:59.0268 7108 RasPppoe (4517fbf8b42524afe4ede1de102aae3e) C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:59.0270 7108 RasPppoe - ok
10:38:59.0311 7108 RasSstp (c6a593b51f34c33e5474539544072527) C:\Windows\system32\DRIVERS\rassstp.sys
10:38:59.0325 7108 RasSstp - ok
10:38:59.0378 7108 rdbss (322db5c6b55e8d8ee8d6f358b2aaabb1) C:\Windows\system32\DRIVERS\rdbss.sys
10:38:59.0384 7108 rdbss - ok
10:38:59.0403 7108 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:59.0405 7108 RDPCDD - ok
10:38:59.0437 7108 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
10:38:59.0478 7108 rdpdr - ok
10:38:59.0496 7108 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
10:38:59.0498 7108 RDPENCDD - ok
10:38:59.0549 7108 RDPWD (b1d741c87cea8d7282146366cc9c3f81) C:\Windows\system32\drivers\RDPWD.sys
10:38:59.0553 7108 RDPWD - ok
10:38:59.0610 7108 RimUsb (5790bca445cc40df8b38c2c48608aac2) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
10:38:59.0612 7108 RimUsb - ok
10:38:59.0664 7108 RimVSerPort (0de22421179d5a8440b68517ddf2b051) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
10:38:59.0666 7108 RimVSerPort - ok
10:38:59.0679 7108 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
10:38:59.0681 7108 ROOTMODEM - ok
10:38:59.0712 7108 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
10:38:59.0715 7108 rspndr - ok
10:38:59.0742 7108 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
10:38:59.0745 7108 sbp2port - ok
10:38:59.0776 7108 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
10:38:59.0782 7108 secdrv - ok
10:38:59.0807 7108 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
10:38:59.0809 7108 Serenum - ok
10:38:59.0831 7108 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
10:38:59.0834 7108 Serial - ok
10:38:59.0859 7108 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
10:38:59.0861 7108 sermouse - ok
10:38:59.0898 7108 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\drivers\sffdisk.sys
10:38:59.0900 7108 sffdisk - ok
10:38:59.0912 7108 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
10:38:59.0914 7108 sffp_mmc - ok
10:38:59.0930 7108 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\drivers\sffp_sd.sys
10:38:59.0952 7108 sffp_sd - ok
10:39:00.0070 7108 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
10:39:00.0074 7108 sfloppy - ok
10:39:00.0120 7108 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
10:39:00.0124 7108 SiSRaid2 - ok
10:39:00.0155 7108 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
10:39:00.0159 7108 SiSRaid4 - ok
10:39:00.0212 7108 Smb (290b6f6a0ec4fcdfc90f5cb6d7020473) C:\Windows\system32\DRIVERS\smb.sys
10:39:00.0237 7108 Smb - ok
10:39:00.0323 7108 spldr (386c3c63f00a7040c7ec5e384217e89d) C:\Windows\system32\drivers\spldr.sys
10:39:00.0325 7108 spldr - ok
10:39:00.0337 7108 SRTSP - ok
10:39:00.0347 7108 SRTSPX - ok
10:39:00.0446 7108 srv (880a57fccb571ebd063d4dd50e93e46d) C:\Windows\system32\DRIVERS\srv.sys
10:39:00.0471 7108 srv - ok
10:39:00.0535 7108 srv2 (a1ad14a6d7a37891fffeca35ebbb0730) C:\Windows\system32\DRIVERS\srv2.sys
10:39:00.0540 7108 srv2 - ok
10:39:00.0552 7108 srvnet (4bed62f4fa4d8300973f1151f4c4d8a7) C:\Windows\system32\DRIVERS\srvnet.sys
10:39:00.0555 7108 srvnet - ok
10:39:00.0621 7108 StillCam (14b4db4381e4a55f570d8bb699b791d6) C:\Windows\system32\DRIVERS\serscan.sys
10:39:00.0624 7108 StillCam - ok
10:39:00.0636 7108 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
10:39:00.0637 7108 swenum - ok
10:39:00.0667 7108 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
10:39:00.0669 7108 Symc8xx - ok
10:39:00.0693 7108 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
10:39:00.0696 7108 Sym_hi - ok
10:39:00.0713 7108 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
10:39:00.0715 7108 Sym_u3 - ok
10:39:00.0950 7108 Tcpip (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\drivers\tcpip.sys
10:39:01.0198 7108 Tcpip - ok
10:39:01.0256 7108 Tcpip6 (4dad14118fbcf7c609f2a4ce21fbcc5f) C:\Windows\system32\DRIVERS\tcpip.sys
10:39:01.0267 7108 Tcpip6 - ok
10:39:01.0340 7108 tcpipreg (c7e72a4071ee0200e3c075dacfb2b334) C:\Windows\system32\drivers\tcpipreg.sys
10:39:01.0366 7108 tcpipreg - ok
10:39:01.0415 7108 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
10:39:01.0417 7108 TDPIPE - ok
10:39:01.0438 7108 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
10:39:01.0441 7108 TDTCP - ok
10:39:01.0485 7108 tdx (458919c8c42e398dc4802178d5ffee27) C:\Windows\system32\DRIVERS\tdx.sys
10:39:01.0488 7108 tdx - ok
10:39:01.0529 7108 TermDD (8c19678d22649ec002ef2282eae92f98) C:\Windows\system32\DRIVERS\termdd.sys
10:39:01.0557 7108 TermDD - ok
10:39:01.0635 7108 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:39:01.0638 7108 tssecsrv - ok
10:39:01.0662 7108 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
10:39:01.0665 7108 tunmp - ok
10:39:01.0708 7108 tunnel (30a9b3f45ad081bffc3bcaa9c812b609) C:\Windows\system32\DRIVERS\tunnel.sys
10:39:01.0710 7108 tunnel - ok
10:39:01.0733 7108 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
10:39:01.0736 7108 uagp35 - ok
10:39:01.0816 7108 udfs (faf2640a2a76ed03d449e443194c4c34) C:\Windows\system32\DRIVERS\udfs.sys
10:39:01.0823 7108 udfs - ok
10:39:01.0861 7108 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
10:39:01.0865 7108 uliagpkx - ok
10:39:01.0891 7108 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
10:39:01.0897 7108 uliahci - ok
10:39:01.0927 7108 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
10:39:01.0931 7108 UlSata - ok
10:39:01.0961 7108 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
10:39:01.0966 7108 ulsata2 - ok
10:39:01.0990 7108 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
10:39:01.0992 7108 umbus - ok
10:39:02.0047 7108 UMPass (01abe05c401e70795b43a8933b44831e) C:\Windows\system32\DRIVERS\umpass.sys
10:39:02.0049 7108 UMPass - ok
10:39:02.0270 7108 USBAAPL64 (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
10:39:02.0273 7108 USBAAPL64 - ok
10:39:02.0315 7108 usbaudio (c6ba890de6e41857fbe84175519cae7d) C:\Windows\system32\drivers\usbaudio.sys
10:39:02.0319 7108 usbaudio - ok
10:39:02.0357 7108 usbbus (5fcc71487888589a9244af54cfefab29) C:\Windows\system32\DRIVERS\lgx64bus.sys
10:39:02.0359 7108 usbbus - ok
10:39:02.0389 7108 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
10:39:02.0393 7108 usbccgp - ok
10:39:02.0422 7108 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
10:39:02.0465 7108 usbcir - ok
10:39:02.0558 7108 UsbDiag (3fb6e423f7567c92c32ea786f5fd0c69) C:\Windows\system32\DRIVERS\lgx64diag.sys
10:39:02.0561 7108 UsbDiag - ok
10:39:02.0655 7108 usbehci (827e44de934a736ea31e91d353eb126f) C:\Windows\system32\DRIVERS\usbehci.sys
10:39:02.0684 7108 usbehci - ok
10:39:02.0694 7108 UsbGps - ok
10:39:02.0737 7108 usbhub (bb35cd80a2ececfadc73569b3d70c7d1) C:\Windows\system32\DRIVERS\usbhub.sys
10:39:02.0743 7108 usbhub - ok
10:39:02.0779 7108 USBModem (78d551f5b93488b4666f5fc8dd4815f3) C:\Windows\system32\DRIVERS\lgx64modem.sys
10:39:02.0781 7108 USBModem - ok
10:39:02.0849 7108 usbohci (e406b003a354776d317762694956b0fc) C:\Windows\system32\DRIVERS\usbohci.sys
10:39:02.0850 7108 usbohci - ok
10:39:02.0871 7108 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
10:39:02.0873 7108 usbprint - ok
10:39:02.0904 7108 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
10:39:02.0907 7108 usbscan - ok
10:39:02.0937 7108 USBSTOR (b854c1558fca0c269a38663e8b59b581) C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:39:02.0973 7108 USBSTOR - ok
10:39:03.0013 7108 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
10:39:03.0017 7108 usbuhci - ok
10:39:03.0061 7108 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
10:39:03.0065 7108 usbvideo - ok
10:39:03.0297 7108 VClone (fd911873c0bb6945fa38c16e9a2b58f9) C:\Windows\system32\DRIVERS\VClone.sys
10:39:03.0299 7108 VClone - ok
10:39:03.0333 7108 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
10:39:03.0335 7108 vga - ok
10:39:03.0370 7108 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
10:39:03.0372 7108 VgaSave - ok
10:39:03.0393 7108 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
10:39:03.0395 7108 viaide - ok
10:39:03.0427 7108 volmgr (2b7e885ed951519a12c450d24535dfca) C:\Windows\system32\drivers\volmgr.sys
10:39:03.0470 7108 volmgr - ok
10:39:03.0538 7108 volmgrx (cec5ac15277d75d9e5dec2e1c6eaf877) C:\Windows\system32\drivers\volmgrx.sys
10:39:03.0555 7108 volmgrx - ok
10:39:03.0597 7108 volsnap (5280aada24ab36b01a84a6424c475c8d) C:\Windows\system32\drivers\volsnap.sys
10:39:03.0603 7108 volsnap - ok
10:39:03.0626 7108 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
10:39:03.0631 7108 vsmraid - ok
10:39:03.0658 7108 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
10:39:03.0660 7108 WacomPen - ok
10:39:03.0715 7108 Wanarp (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:03.0718 7108 Wanarp - ok
10:39:03.0722 7108 Wanarpv6 (b8e7049622300d20ba6d8be0c47c0cfd) C:\Windows\system32\DRIVERS\wanarp.sys
10:39:03.0724 7108 Wanarpv6 - ok
10:39:03.0774 7108 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
10:39:03.0777 7108 Wd - ok
10:39:03.0814 7108 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
10:39:03.0831 7108 Wdf01000 - ok
10:39:03.0925 7108 WinUSB (2215b7b794b3b7e5cc9fc423e985e2aa) C:\Windows\system32\DRIVERS\WinUSB.sys
10:39:03.0942 7108 WinUSB - ok
10:39:03.0977 7108 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\drivers\wmiacpi.sys
10:39:03.0978 7108 WmiAcpi - ok
10:39:04.0019 7108 WpdUsb (5e2401b3fc1089c90e081291357371a9) C:\Windows\system32\DRIVERS\wpdusb.sys
10:39:04.0032 7108 WpdUsb - ok
10:39:04.0063 7108 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
10:39:04.0065 7108 ws2ifsl - ok
10:39:04.0123 7108 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:39:04.0236 7108 WUDFRd - ok
10:39:04.0391 7108 xnacc (da1c23f65ef1894ab5b6ff79d81f544a) C:\Windows\system32\DRIVERS\xnacc.sys
10:39:04.0423 7108 xnacc - ok
10:39:04.0492 7108 {55662437-DA8C-40c0-AADA-2C816A897A49} (15cc7077d2dc28776cd430ecabbffd66) c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl
10:39:04.0493 7108 {55662437-DA8C-40c0-AADA-2C816A897A49} - ok
10:39:04.0522 7108 MBR (0x1B8) (81cd5ec01db0ce57edd853f82462ef27) \Device\Harddisk0\DR0
10:39:05.0701 7108 \Device\Harddisk0\DR0 - ok
10:39:05.0707 7108 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR6
10:39:05.0713 7108 \Device\Harddisk1\DR6 - ok
10:39:05.0719 7108 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk2\DR2
10:39:05.0727 7108 \Device\Harddisk2\DR2 - ok
10:39:05.0738 7108 Boot (0x1200) (be7863dd5504d9c95b3a69dc0353f976) \Device\Harddisk0\DR0\Partition0
10:39:05.0740 7108 \Device\Harddisk0\DR0\Partition0 - ok
10:39:05.0766 7108 Boot (0x1200) (144eadad46a48df93733d26d53ed44ef) \Device\Harddisk0\DR0\Partition1
10:39:05.0768 7108 \Device\Harddisk0\DR0\Partition1 - ok
10:39:05.0772 7108 Boot (0x1200) (f55078df5ffb4d1cc2922c6214e153e6) \Device\Harddisk1\DR6\Partition0
10:39:05.0774 7108 \Device\Harddisk1\DR6\Partition0 - ok
10:39:05.0779 7108 Boot (0x1200) (311ef796f2bde240951a83e2f0eef311) \Device\Harddisk2\DR2\Partition0
10:39:05.0781 7108 \Device\Harddisk2\DR2\Partition0 - ok
10:39:05.0781 7108 ============================================================
10:39:05.0781 7108 Scan finished
10:39:05.0781 7108 ============================================================
10:39:05.0792 7060 Detected object count: 0
10:39:05.0792 7060 Actual detected object count: 0

#10 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 08 November 2011 - 10:59 AM

Hi, that looks good, lets see what else is hiding there.

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#11 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 November 2011 - 08:09 PM

I think something went screwy. This is all I got:

ComboFix 11-11-08.02 - RMThompson 11/08/2011 11:36:54.1.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.1415 [GMT -5:00]
Running from: C:\Users\RMThompson\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

#12 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 08 November 2011 - 10:49 PM

Wow what a mess. After I posted that, I noticed something strange. If I had ANYTHING selected (any program) all of my icons would disappear from my desktop. The only way to return them was to actually use the minimize all or show desktop button.

Then I reset the computer. Upon reboot a new instance of COMBOFIX.EXE appeared and the rest of the desktop was black. The prompt said to wait a minute... for twenty minutes. I had to cancel the ComboFix (which was running a C: prompt window) in order to restore usage of the computer.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 09 November 2011 - 10:08 AM

This can take a bit indeed. Please see if anything was added at c:\combofix.txt
If not, rerun Combofix and post me the new log.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 RMTPhotography

RMTPhotography
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:08:35 PM

Posted 09 November 2011 - 11:39 AM

OK got through it all, but had a blue screen of death a few minutes before I could run the scan, had to reset. Anyway here it is:


ComboFix 11-11-08.02 - RMThompson 11/09/2011 10:55:23.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.4093.2299 [GMT -5:00]
Running from: c:\users\RMThompson\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\RelevantKnowledge\chrome.manifest
c:\program files (x86)\RelevantKnowledge\install.rdf
c:\program files (x86)\RelevantKnowledge\nscf.dat
c:\program files (x86)\RelevantKnowledge\rloci.bin
c:\program files (x86)\RelevantKnowledge\shfscp.dat
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\About RelevantKnowledge.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Privacy Policy and User License Agreement.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Support.lnk
c:\programdata\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge\Uninstall Instructions.lnk
c:\users\RMThompson\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6D37B36-0FE4-4592-A727-A4B55B085A21}.xps
c:\users\RMThompson\AppData\Roaming\Start\temp_BB40E0B5\flash.10.0.32.18.ocx
c:\users\RMThompson\Documents\MultiProcessor Support.8BX
c:\windows\SysWow64\BSTIEPrintCtl1.dll
G:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-10-09 to 2011-11-09 )))))))))))))))))))))))))))))))
.
.
2011-11-09 16:14 . 2011-11-09 16:20 -------- d-----w- c:\users\RMThompson\AppData\Local\temp
2011-11-09 16:14 . 2011-11-09 16:14 -------- d-----w- c:\users\Mcx1\AppData\Local\temp
2011-11-09 16:14 . 2011-11-09 16:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-08 15:27 . 2011-11-08 15:27 -------- d-----w- c:\users\RMThompson\AppData\Roaming\SystemRequirementsLab
2011-11-06 23:25 . 2011-11-06 23:25 -------- d-----w- C:\found.000
2011-11-01 19:00 . 2011-11-01 19:00 -------- d-----w- c:\users\RMThompson\AppData\Local\Facebook
2011-10-26 07:32 . 2011-08-13 05:11 6144 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-10-26 07:32 . 2011-08-13 04:43 6144 ----a-w- c:\program files (x86)\Internet Explorer\iecompat.dll
2011-10-13 03:44 . 2011-10-13 03:44 -------- d-----w- c:\users\RMThompson\AppData\Local\Logitech® Webcam Software
2011-10-13 03:34 . 2011-10-13 03:34 53248 ----a-r- c:\users\RMThompson\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-10-13 03:32 . 2011-10-13 03:32 -------- d-----w- c:\programdata\Logitech
2011-10-13 03:31 . 2011-10-13 03:31 -------- d-----w- c:\program files (x86)\Common Files\LWS
2011-10-13 03:31 . 2011-10-13 03:37 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-10-12 21:56 . 2011-09-14 10:52 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-10-12 21:56 . 2011-09-14 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2011-10-12 21:56 . 2011-07-29 16:08 375808 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-12 21:56 . 2011-07-29 16:08 289792 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-12 21:56 . 2011-07-29 16:06 100352 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-12 21:56 . 2011-07-29 16:01 293376 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-12 21:56 . 2011-07-29 16:01 217088 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-12 21:56 . 2011-07-29 16:00 69632 ----a-w- c:\windows\SysWow64\Mpeg2Data.ax
2011-10-12 21:56 . 2011-07-29 16:06 73216 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-12 21:56 . 2011-07-29 16:00 57856 ----a-w- c:\windows\SysWow64\MSDvbNP.ax
2011-10-12 12:09 . 2011-10-12 12:09 -------- d-----w- c:\program files\iPod
2011-10-12 12:08 . 2011-10-12 12:09 -------- d-----w- c:\program files\iTunes
2011-10-12 12:08 . 2011-10-12 12:09 -------- d-----w- c:\program files (x86)\iTunes
2011-10-12 12:04 . 2011-10-12 12:04 -------- d-----w- c:\program files\Bonjour
2011-10-12 12:04 . 2011-10-12 12:04 -------- d-----w- c:\program files (x86)\Bonjour
2011-10-11 01:12 . 2011-10-11 01:12 -------- d-----w- c:\programdata\McAfee Security Scan
2011-10-11 01:11 . 2011-10-11 01:11 -------- d-----w- c:\program files (x86)\McAfee Security Scan
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-09 16:17 . 2011-11-09 16:17 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DDA8C6E-B877-4A74-A86C-56D46801FADA}\offreg.dll
2011-10-07 04:16 . 2011-11-09 07:20 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1DDA8C6E-B877-4A74-A86C-56D46801FADA}\mpengine.dll
2011-09-02 16:29 . 2011-09-02 16:29 160256 ----a-w- c:\windows\system32\EKAiO2COI05.dll
2011-09-02 16:29 . 2011-09-02 16:29 1020416 ----a-w- c:\windows\system32\EKAiO2MON.dll
2011-08-31 03:05 . 2011-08-31 03:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 03:05 . 2011-08-31 03:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 03:05 . 2011-08-31 03:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-24 03:58 . 2010-06-24 16:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-19 09:27 . 2011-08-19 09:27 769312 ----a-w- c:\windows\system32\LVUI64.dll
2011-08-19 09:27 . 2011-08-19 09:27 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2011-08-19 09:27 . 2011-08-19 09:27 4869024 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2011-08-19 09:27 . 2011-08-19 09:27 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2011-08-19 09:27 . 2011-08-19 09:27 263456 ----a-w- c:\windows\system32\lvco13301394.dll
2011-08-19 09:27 . 2011-08-19 09:27 176416 ----a-w- c:\windows\system32\lvcod64.dll
2011-08-19 09:26 . 2011-08-19 09:26 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2011-08-19 09:26 . 2011-08-19 09:26 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2011-08-19 09:26 . 2011-08-19 09:26 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2011-08-19 09:26 . 2011-08-19 09:26 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2011-08-19 09:26 . 2011-08-19 09:26 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2011-08-19 09:26 . 2011-08-19 09:26 10898456 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2011-08-19 09:26 . 2011-08-19 09:26 10898456 ----a-w- c:\windows\system32\LogiDPP.dll
2011-08-19 09:26 . 2011-08-19 09:26 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2011-08-19 09:26 . 2011-08-19 09:26 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2011-08-13 00:49 . 2011-07-05 13:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-12 16:19 . 2011-08-12 16:19 16920 ----a-w- c:\windows\system32\drivers\iKeyLFT264.dll
2011-08-12 15:55 . 2011-08-12 15:55 10240 ----a-w- c:\windows\system32\EKaio2WiaCoInstRes.dll
2011-08-12 15:55 . 2011-08-12 15:55 122368 ----a-w- c:\windows\system32\EKaio2WiaCoInst.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Vid"="c:\program files (x86)\Logitech\Vid HD\Vid.exe" [2010-10-29 5915480]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2011-05-13 4283256]
"Facebook Update"="c:\users\RMThompson\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-01 137536]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
"Conime"="c:\windows\system32\conime.exe" [2009-04-11 69120]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files (x86)\MySpace\IM\MySpaceIM.exe" [2008-12-12 9555968]
.
c:\users\RMThompson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\RMThompson\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-8-22 24182896]
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Norton Internet Security;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [x]
R3 Dns_dpkxcsmp;Dns_dpkxcsmp; [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys [2011-02-04 17152]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\DRIVERS\ManyCam_x64.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [x]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys [x]
R3 motport;Motorola USB Diagnostic Port;c:\windows\system32\DRIVERS\motport.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 UsbGps;LGE CDMA USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgx64gps.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-09-05 1038088]
R4 gupdate1c9e91c74462ebf;Google Update Service (gupdate1c9e91c74462ebf);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-09 133104]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-02-08 1405384]
R4 LiveTurbineMessageService;Turbine Message Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineMessageService.exe [2009-11-23 271856]
R4 LiveTurbineNetworkService;Turbine Network Service - Live;c:\program files (x86)\Turbine\Turbine Download Manager\TurbineNetworkService.exe [2009-11-23 218608]
R4 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [2009-11-13 92008]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files (x86)\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};{55662437-DA8C-40c0-AADA-2C816A897A49};c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-09-26 27632]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 SplashtopRemoteService;Splashtop® Remote Service;c:\program files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2011-09-09 518472]
S2 SSUService;Splashtop Software Updater Service;c:\program files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2011-09-21 366408]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2011-08-19 450848]
S3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3621009249-2194119003-1240770901-1000Core.job
- c:\users\RMThompson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-01 19:00]
.
2011-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3621009249-2194119003-1240770901-1000UA.job
- c:\users\RMThompson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-01 19:00]
.
2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-09 16:07]
.
2011-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-06-09 16:07]
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3621009249-2194119003-1240770901-1000Core.job
- c:\users\RMThompson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 17:40]
.
2011-11-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3621009249-2194119003-1240770901-1000UA.job
- c:\users\RMThompson\AppData\Local\Google\Update\GoogleUpdate.exe [2009-02-17 17:40]
.
2011-11-06 c:\windows\Tasks\ParetoLogic Registration.job
- c:\windows\system32\rundll32.exe [2006-11-02 09:45]
.
2011-11-09 c:\windows\Tasks\User_Feed_Synchronization-{E521D2DA-1E43-4360-A5FF-504FC3693BCD}.job
- c:\windows\system32\msfeedssync.exe [2011-10-12 21:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\RMThompson\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EKAIO2StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKAiO2MUI.exe" [2011-09-02 3198464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
uInternet Settings,ProxyServer = http=127.0.0.1:5643
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 65.32.5.111 65.32.5.112
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\RMThompson\AppData\Roaming\Mozilla\Firefox\Profiles\rhbfwwsd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z039&form=ZGAADF&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Skype Click to Call: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: vShare: vshare@toolbar - %profile%\extensions\vshare@toolbar
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Search Toolbar: searchtoolbar@zugo.com - %profile%\extensions\searchtoolbar@zugo.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files (x86)\Google\Google Gears\Firefox
FF - Ext: XULRunner: {C5239B91-E5EC-4D77-931B-7AABDEDEBCBA} - c:\users\RMThompson\AppData\Local\{C5239B91-E5EC-4D77-931B-7AABDEDEBCBA}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(network.protocol-handler.warn-external.dnupdate, false
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{02696AD5-FF96-454b-9E00-81DA8B79B678} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-Wise-FTP Scheduler - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Dexter Screen Saver - c:\windows\system32\Dexter Screen Saver.scr
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files (x86)\RelevantKnowledge\rlvknlg.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3621009249-2194119003-1240770901-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{6EF568F4-D437-4466-AA63-A3645136D93E}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Completion time: 2011-11-09 11:30:08 - machine was rebooted
ComboFix-quarantined-files.txt 2011-11-09 16:30
.
Pre-Run: 120,513,093,632 bytes free
Post-Run: 120,212,676,608 bytes free
.
- - End Of File - - AF5B8223E52936D9CC016954EB67EDB0

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,257 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:04:35 AM

Posted 09 November 2011 - 12:10 PM

Hi again, please let me know how everything is running after the following fix.

CF-SCRIPT
-------------
We need to execute a CF-script.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Click Start > Run and in the box that opens type notepad and press enter. Copy/paste the text in the codebox below into it:
DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5643

Firefox::
FF - ProfilePath - c:\users\RMThompson\AppData\Roaming\Mozilla\Firefox\Profiles\rhbfwwsd.default\
FF - Ext: XULRunner: {C5239B91-E5EC-4D77-931B-7AABDEDEBCBA} - c:\users\RMThompson\AppData\Local\{C5239B91-E5EC-4D77-931B-7AABDEDEBCBA}
Save this as CFScript.txt, in the same location as ComboFix.exe

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users