Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help to remove Findgala search redirect


  • This topic is locked This topic is locked
49 replies to this topic

#1 ajtallin

ajtallin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 01 February 2012 - 10:29 PM

Hello all,

I know that there have been others who have had similar problems to this solve in this forum. I don't know if I need to get specific help cause settings may be different on my computer so I thought I would post a separate thread for my problem. If the correct proceedure is to simply follow instructions from another thread, please feel free to direct me to a thread/link that I should review. If I do need specific help, I would reall appreciate anyone who could help me eliminate this Findgala search problem from my computer.

To be specific, the problem I'm having is that in IE or Firefox, when I do a search from the browser search field (top right corner), I get redirected to a Findgala search results page.

In case it helps, in hopes of finding a solution, I also tried installing and running Spyware Doctor not knowing that it would require me to purchase a registration code to have the program remove this virus/spyware.

If you need any further information from me, please let me know and thank you in advance for any help this community can give me. Cheers

AJ

BC AdBot (Login to Remove)

 


#2 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 02 February 2012 - 12:04 AM

I'm sorry all, I just finished reading the Preparation Guide (I really should have done it before I posted :( ). In any case, the following is the DDS.txt file contents and also as instructed, attached is the Attach.txt file:


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_20
Run by HotLapEvents at 23:55:44 on 2012-02-01
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4093.2466 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Canon\DIAS\CnxDIAS.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\DigitalPersona\Bin\x64\DPAgent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\RAVCpl64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Logitech\SetPoint\LBTWiz.exe
C:\WINDOWS\vsnp2uvc.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\HP\QuickPlay\QPService.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SysWOW64\SupportAppXL\AutoDect.exe
C:\Program Files (x86)\iPod\bin\iPodService.exe
C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files (x86)\Internet Explorer\ieuser.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = https://www.hotlapevents.com/home.htm
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: vShare Plugin: {043c5167-00bb-4324-af7e-62013faedacf} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [ISUSPM] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
mRun: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
mRun: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
LSP: C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C1A30C78-808C-4ADF-B5EF-27F164626548} - file:///C:/Users/HotLapEvents/AppData/Local/Temp/VerintPlayback.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://intercalltrial.webex.com/client/T26L10NSP49EP30/webex/ieatgpc1.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{48026F57-BEA0-426B-86A9-8BFC71F22419} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B86340EA-10F2-4037-B3A5-0E319F8F6557} : DhcpNameServer = 4.2.2.2 205.152.37.23 204.117.214.10
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~2\Office12\GR99D3~1.DLL
Handler: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
LSA: Notification Packages = scecli DPPWDFLT
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO-X64: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO-X64: NCO 2.0 IE BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB-X64: vShare Plugin: {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll
EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File
mRun-x64: [QPService] "C:\Program Files (x86)\HP\QuickPlay\QPService.exe"
mRun-x64: [QlbCtrl] %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\YouCam" update "Software\CyberLink\YouCam\1.0"
mRun-x64: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\dpagent.exe
mRun-x64: [hpWirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [WAWifiMessage] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe"
mRun-x64: [autodetect] C:\Windows\SysWOW64\SupportAppXL\AutoDect.exe
IE-X64: {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE-X64: {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\HotLapEvents\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UltimateBet\UltimateBet.lnk
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office12\GRA8E1~1.DLL
Hosts: 188.119.151.113 www.google-analytics.com.
Hosts: 188.119.151.113 ad-emea.doubleclick.net.
Hosts: 188.119.151.113 www.statcounter.com.
Hosts: 69.72.252.254 www.google-analytics.com.
Hosts: 69.72.252.254 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\HotLapEvents\AppData\Roaming\Mozilla\Firefox\Profiles\5je6twf5.default\
FF - prefs.js: browser.search.selectedEngine - search
FF - prefs.js: browser.startup.homepage - hxxps://www.hotlapevents.com/home.htm
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;C:\Windows\system32\drivers\PCTCore64.sys --> C:\Windows\system32\drivers\PCTCore64.sys [?]
R0 pctDS;PC Tools Data Store;C:\Windows\system32\drivers\pctDS64.sys --> C:\Windows\system32\drivers\pctDS64.sys [?]
R0 pctEFA;PC Tools Extended File Attributes;C:\Windows\system32\drivers\pctEFA64.sys --> C:\Windows\system32\drivers\pctEFA64.sys [?]
R2 {22D78859-9CE9-4B77-BF18-AC83E81A9263};{22D78859-9CE9-4B77-BF18-AC83E81A9263};C:\Program Files (x86)\HP\QuickPlay\000.fcl [2008-3-20 32240]
R3 NETw4v64;Intel® Wireless WiFi Link Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw4v64.sys --> C:\Windows\system32\DRIVERS\NETw4v64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 LEqdUsb;Logitech SetPoint Unifying KMDF USB Filter;C:\Windows\system32\DRIVERS\LEqdUsb.Sys --> C:\Windows\system32\DRIVERS\LEqdUsb.Sys [?]
S3 LHidEqd;Logitech SetPoint Unifying KMDF HID Filter;C:\Windows\system32\DRIVERS\LHidEqd.Sys --> C:\Windows\system32\DRIVERS\LHidEqd.Sys [?]
S3 massfilter;ZTE Mass Storage Filter Driver;C:\Windows\system32\drivers\massfilter.sys --> C:\Windows\system32\drivers\massfilter.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\WINDOWS\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 sdAuxService;PC Tools Auxiliary Service;C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe [2012-2-1 366840]
S3 sdCoreService;PC Tools Security Service;C:\Program Files (x86)\PC Tools Security\pctsSvc.exe [2012-2-1 1150936]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\system32\DRIVERS\wdcsam64.sys --> C:\Windows\system32\DRIVERS\wdcsam64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\WINDOWS\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-8 93184]
.
=============== Created Last 30 ================
.
2012-02-02 02:42:39 816016 ----a-w- C:\Windows\System32\drivers\pctEFA64.sys
2012-02-02 02:42:39 452872 ----a-w- C:\Windows\System32\drivers\pctDS64.sys
2012-02-02 02:42:38 334976 ----a-w- C:\Windows\System32\drivers\pctgntdi64.sys
2012-02-02 02:42:38 137704 ----a-w- C:\Windows\System32\drivers\pctwfpfilter64.sys
2012-02-02 02:42:37 257232 ----a-w- C:\Windows\System32\drivers\PCTCore64.sys
2012-02-02 02:42:30 92896 ----a-w- C:\Windows\System32\drivers\pctplsg64.sys
2012-02-02 02:42:26 -------- d-----w- C:\Users\HotLapEvents\AppData\Roaming\PC Tools
2012-02-02 02:42:26 -------- d-----w- C:\Program Files (x86)\PC Tools Security
2012-02-02 02:42:26 -------- d-----w- C:\Program Files (x86)\Common Files\PC Tools
2012-02-02 02:41:03 -------- d-----w- C:\ProgramData\PC Tools
2012-02-02 01:51:58 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9E24016F-318A-4E47-8E1B-C780B487C676}\mpengine.dll
.
==================== Find3M ====================
.
2012-01-08 23:57:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-12-07 15:39:10 279096 ------w- C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 23:56:33.55 ===============




Thx in advance for your help, thx.

AJ

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 02 February 2012 - 10:44 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 02 February 2012 - 04:13 PM

Hello Gringo,

Thank you very much for your help with this and for the clear instructions. As requested, pls find the following Log from Combofix:


ComboFix 12-02-02.02 - HotLapEvents 02/02/2012 15:06:58.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.2.1033.18.4093.2045 [GMT -5:00]
Running from: c:\users\HotLapEvents\Desktop\ComboFix.exe
SP: Spyware Doctor *Disabled/Updated* {94076BB2-F3DA-227F-9A1E-F060FF73600F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\HOTLAP~1\AppData\Local\Temp\ppcrlui_4632_7
c:\users\HotLapEvents\AppData\Local\Temp\ppcrlui_4632_7
c:\windows\SysWow64\KBL.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-01-02 to 2012-02-02 )))))))))))))))))))))))))))))))
.
.
2012-02-02 02:42 . 2010-07-16 19:53 816016 ----a-w- c:\windows\system32\drivers\pctEFA64.sys
2012-02-02 02:42 . 2010-06-29 15:35 452872 ----a-w- c:\windows\system32\drivers\pctDS64.sys
2012-02-02 02:42 . 2011-01-17 14:09 334976 ----a-w- c:\windows\system32\drivers\pctgntdi64.sys
2012-02-02 02:42 . 2010-12-16 13:43 137704 ----a-w- c:\windows\system32\drivers\pctwfpfilter64.sys
2012-02-02 02:42 . 2010-12-10 18:24 257232 ----a-w- c:\windows\system32\drivers\PCTCore64.sys
2012-02-02 02:42 . 2010-12-16 13:46 92896 ----a-w- c:\windows\system32\drivers\pctplsg64.sys
2012-02-02 02:42 . 2012-02-02 03:01 -------- d-----w- c:\program files (x86)\PC Tools Security
2012-02-02 02:42 . 2012-02-02 02:47 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-02-02 02:42 . 2012-02-02 02:42 -------- d-----w- c:\users\HotLapEvents\AppData\Roaming\PC Tools
2012-02-02 02:41 . 2012-02-02 02:42 -------- d-----w- c:\programdata\PC Tools
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-08 23:57 . 2011-09-20 01:08 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-06 05:15 . 2012-02-02 01:51 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9E24016F-318A-4E47-8E1B-C780B487C676}\mpengine.dll
2011-12-07 15:39 . 2009-10-03 06:21 279096 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"ISUSPM"="c:\program files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2008-10-24 206112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2007-12-20 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-08-17 218408]
"DpAgent"="c:\program files (x86)\DigitalPersona\Bin\dpagent.exe" [2007-09-20 671744]
"hpWirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-09-13 480560]
"WAWifiMessage"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-08 311296]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2008-06-29 52168]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-11 624248]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 132496]
"autodetect"="c:\windows\SysWOW64\SupportAppXL\AutoDect.exe" [2008-12-02 91648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-5 989736]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-19 1207312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
Trusted 240b
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-02 c:\windows\Tasks\User_Feed_Synchronization-{A408442F-E644-43C1-9D5B-33F00A3D1E90}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Bluetooth Connection Assistant"="LBTWIZ.EXE -silent" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-01-18 1220392]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 833536]
"RtHDVCpl"="RAVCpl64.exe" [2007-10-09 5429760]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-10-24 178712]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2007-09-04 701440]
"snp2uvc"="c:\windows\vsnp2uvc.exe" [2008-08-02 675840]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"combofix"="c:\combofix\CF15972.3XE" [2008-01-21 363008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = https://www.hotlapevents.com/home.htm
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: DhcpNameServer = 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\HotLapEvents\AppData\Roaming\Mozilla\Firefox\Profiles\5je6twf5.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.hotlapevents.com/home.htm
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-QlbCtrl - %ProgramFiles(x86)%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
HKLM-Run-Windows Defender - c:\program files (x86)\Windows Defender\MSASCui.exe
HKLM-Run-HP Health Check Scheduler - [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
"ImagePath"="\"c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe\"\00\00\00\00É*
[wc:\program files (x86)\HP\QuickPlay\Kernel\TV\CapSetup"
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{22D78859-9CE9-4B77-BF18-AC83E81A9263}]
"ImagePath"="\??\c:\program files (x86)\HP\QuickPlay\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\DigitalPersona\Bin\DpHostW.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
c:\program files (x86)\CyberLink\Shared Files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
c:\program files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files (x86)\iPod\bin\iPodService.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Logitech\SetPoint\x86\SetPoint32.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2012-02-02 15:38:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-02 20:38
.
Pre-Run: 13,257,297,920 bytes free
Post-Run: 15,643,934,720 bytes free
.
- - End Of File - - B28D1553A8DBFEE8C9092880D9A05B44


To answer your second point, I did not have any problems following or executing any of the steps you specified in your previous email :)

Finally, my computer seems to be running well (isn't stalling or seem to be operating or processing anything slow). My problem or not being able to search Google from the browser search field in IE or Firefox because I get redirected to Findgala still exists though.

I look forward to hearing back from you. Take care and have a great day! :)

AJ

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 02 February 2012 - 11:57 PM

Hello

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 03 February 2012 - 12:07 AM

Hello Gringo,

As instructed, I ran TDSSKiller.exe. It did not require me to reboot and the contents of the Report log file are as follows:


00:03:25.0235 2904 TDSS rootkit removing tool 2.7.9.0 Feb 1 2012 09:28:49
00:03:25.0563 2904 ============================================================
00:03:25.0563 2904 Current date / time: 2012/02/03 00:03:25.0563
00:03:25.0563 2904 SystemInfo:
00:03:25.0563 2904
00:03:25.0563 2904 OS Version: 6.0.6001 ServicePack: 1.0
00:03:25.0563 2904 Product type: Workstation
00:03:25.0563 2904 ComputerName: HOTLAPEVENTPC
00:03:25.0563 2904 UserName: HotLapEvents
00:03:25.0563 2904 Windows directory: C:\Windows
00:03:25.0563 2904 System windows directory: C:\Windows
00:03:25.0563 2904 Running under WOW64
00:03:25.0563 2904 Processor architecture: Intel x64
00:03:25.0563 2904 Number of processors: 2
00:03:25.0563 2904 Page size: 0x1000
00:03:25.0563 2904 Boot type: Normal boot
00:03:25.0563 2904 ============================================================
00:03:26.0202 2904 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:03:26.0218 2904 \Device\Harddisk0\DR0:
00:03:26.0218 2904 MBR used
00:03:26.0218 2904 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2394E028
00:03:26.0218 2904 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2394E067, BlocksNum 0x1ADF65A
00:03:26.0311 2904 Initialize success
00:03:26.0311 2904 ============================================================
00:03:31.0647 1120 ============================================================
00:03:31.0647 1120 Scan started
00:03:31.0647 1120 Mode: Manual;
00:03:31.0647 1120 ============================================================
00:03:32.0785 1120 ACPI (8c99ed256a889d647935a97c543b7b85) C:\Windows\system32\drivers\acpi.sys
00:03:32.0801 1120 ACPI - ok
00:03:32.0973 1120 adp94xx (f14215e37cf124104575073f782111d2) C:\Windows\system32\drivers\adp94xx.sys
00:03:33.0004 1120 adp94xx - ok
00:03:33.0160 1120 adpahci (7d05a75e3066861a6610f7ee04ff085c) C:\Windows\system32\drivers\adpahci.sys
00:03:33.0175 1120 adpahci - ok
00:03:33.0285 1120 adpu160m (820a201fe08a0c345b3bedbc30e1a77c) C:\Windows\system32\drivers\adpu160m.sys
00:03:33.0285 1120 adpu160m - ok
00:03:33.0409 1120 adpu320 (9b4ab6854559dc168fbb4c24fc52e794) C:\Windows\system32\drivers\adpu320.sys
00:03:33.0425 1120 adpu320 - ok
00:03:33.0581 1120 AFD (db37041ab857abc7e179e856d8e1582c) C:\Windows\system32\drivers\afd.sys
00:03:33.0597 1120 AFD - ok
00:03:33.0737 1120 agp440 (f6f6793b7f17b550ecfdbd3b229173f7) C:\Windows\system32\drivers\agp440.sys
00:03:33.0737 1120 agp440 - ok
00:03:33.0877 1120 aic78xx (222cb641b4b8a1d1126f8033f9fd6a00) C:\Windows\system32\drivers\djsvs.sys
00:03:33.0877 1120 aic78xx - ok
00:03:34.0018 1120 aliide (157d0898d4b73f075ce9fa26b482df98) C:\Windows\system32\drivers\aliide.sys
00:03:34.0018 1120 aliide - ok
00:03:34.0111 1120 amdide (970fa5059e61e30d25307b99903e991e) C:\Windows\system32\drivers\amdide.sys
00:03:34.0111 1120 amdide - ok
00:03:34.0267 1120 AmdK8 (cdc3632a3a5ea4dbb83e46076a3165a1) C:\Windows\system32\DRIVERS\amdk8.sys
00:03:34.0267 1120 AmdK8 - ok
00:03:34.0517 1120 arc (ba8417d4765f3988ff921f30f630e303) C:\Windows\system32\drivers\arc.sys
00:03:34.0517 1120 arc - ok
00:03:34.0923 1120 arcsas (9d41c435619733b34cc16a511e644b11) C:\Windows\system32\drivers\arcsas.sys
00:03:34.0923 1120 arcsas - ok
00:03:35.0094 1120 AsyncMac (22d13ff3dafec2a80634752b1eaa2de6) C:\Windows\system32\DRIVERS\asyncmac.sys
00:03:35.0094 1120 AsyncMac - ok
00:03:35.0203 1120 atapi (1898fae8e07d97f2f6c2d5326c633fac) C:\Windows\system32\drivers\atapi.sys
00:03:35.0203 1120 atapi - ok
00:03:35.0375 1120 ATSWPDRV (a16da1048a7141d96a96aaafc483e68d) C:\Windows\system32\DRIVERS\ATSwpDrv.sys
00:03:35.0375 1120 ATSWPDRV - ok
00:03:35.0593 1120 BCM43XV (a2160c5d70f3517fc7356b689abd6fcd) C:\Windows\system32\DRIVERS\bcmwl664.sys
00:03:35.0609 1120 BCM43XV - ok
00:03:35.0796 1120 Beep - ok
00:03:35.0968 1120 blbdrive (79feeb40056683f8f61398d81dda65d2) C:\Windows\system32\drivers\blbdrive.sys
00:03:35.0968 1120 blbdrive - ok
00:03:36.0108 1120 bowser (8b2b19031d0aeade6e1b933df1acba7e) C:\Windows\system32\DRIVERS\bowser.sys
00:03:36.0108 1120 bowser - ok
00:03:36.0280 1120 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\brfiltlo.sys
00:03:36.0280 1120 BrFiltLo - ok
00:03:36.0405 1120 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\brfiltup.sys
00:03:36.0405 1120 BrFiltUp - ok
00:03:36.0607 1120 Brserid (f0f0ba4d815be446aa6a4583ca3bca9b) C:\Windows\system32\drivers\brserid.sys
00:03:36.0607 1120 Brserid - ok
00:03:36.0732 1120 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\system32\drivers\brserwdm.sys
00:03:36.0732 1120 BrSerWdm - ok
00:03:36.0857 1120 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\system32\drivers\brusbmdm.sys
00:03:36.0857 1120 BrUsbMdm - ok
00:03:36.0966 1120 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\system32\drivers\brusbser.sys
00:03:36.0966 1120 BrUsbSer - ok
00:03:37.0138 1120 BthEnum (86f46c41f773da5a4a1d221c9201e3b8) C:\Windows\system32\DRIVERS\BthEnum.sys
00:03:37.0138 1120 BthEnum - ok
00:03:37.0403 1120 BTHMODEM (752fc84a394ca712d51dd9bd53f58e73) C:\Windows\system32\DRIVERS\bthmodem.sys
00:03:37.0403 1120 BTHMODEM - ok
00:03:37.0590 1120 BthPan (befc5311736b475ac5b60c14ff7c775a) C:\Windows\system32\DRIVERS\bthpan.sys
00:03:37.0590 1120 BthPan - ok
00:03:37.0933 1120 BTHPORT (e76f40c8dffd33b6f142de90d3cabb73) C:\Windows\system32\Drivers\BTHport.sys
00:03:37.0933 1120 BTHPORT - ok
00:03:38.0074 1120 BTHUSB (cd52602d1884c6867269babcb67849c5) C:\Windows\system32\Drivers\BTHUSB.sys
00:03:38.0074 1120 BTHUSB - ok
00:03:38.0230 1120 btwaudio (5c73e29f176a0a258ef2d339c1bd9e3e) C:\Windows\system32\drivers\btwaudio.sys
00:03:38.0230 1120 btwaudio - ok
00:03:38.0479 1120 btwavdt (73b4341807e3398dac73102e4709ecb0) C:\Windows\system32\drivers\btwavdt.sys
00:03:38.0479 1120 btwavdt - ok
00:03:38.0635 1120 btwrchid (da0386aed062087147a4a9e09a23f6f1) C:\Windows\system32\DRIVERS\btwrchid.sys
00:03:38.0635 1120 btwrchid - ok
00:03:38.0698 1120 catchme - ok
00:03:38.0838 1120 cdfs (b4d787db8d30793a4d4df9feed18f136) C:\Windows\system32\DRIVERS\cdfs.sys
00:03:38.0854 1120 cdfs - ok
00:03:39.0103 1120 cdrom (3b2fb35363423ed60c8fbf15fc8680bd) C:\Windows\system32\DRIVERS\cdrom.sys
00:03:39.0103 1120 cdrom - ok
00:03:39.0259 1120 circlass (02ea568d498bbdd4ba55bf3fce34d456) C:\Windows\system32\drivers\circlass.sys
00:03:39.0259 1120 circlass - ok
00:03:39.0384 1120 CLFS (caeda2572b7042b11062f327f099251d) C:\Windows\system32\CLFS.sys
00:03:39.0400 1120 CLFS - ok
00:03:39.0618 1120 CmBatt (b52d9a14ce4101577900a364ba86f3df) C:\Windows\system32\DRIVERS\CmBatt.sys
00:03:39.0618 1120 CmBatt - ok
00:03:39.0727 1120 cmdide (e5d5499a1c50a54b5161296b6afe6192) C:\Windows\system32\drivers\cmdide.sys
00:03:39.0727 1120 cmdide - ok
00:03:40.0086 1120 Compbatt (7fb8ad01db0eabe60c8a861531a8f431) C:\Windows\system32\DRIVERS\compbatt.sys
00:03:40.0086 1120 Compbatt - ok
00:03:40.0242 1120 crcdisk (a8585b6412253803ce8efcbd6d6dc15c) C:\Windows\system32\drivers\crcdisk.sys
00:03:40.0242 1120 crcdisk - ok
00:03:40.0414 1120 DfsC (bd4acc56e477ad7419cbe90fceeb621b) C:\Windows\system32\Drivers\dfsc.sys
00:03:40.0414 1120 DfsC - ok
00:03:40.0617 1120 disk (2dc415fc05fb8a079f896cbbacb19324) C:\Windows\system32\drivers\disk.sys
00:03:40.0617 1120 disk - ok
00:03:40.0819 1120 drmkaud (f1a78a98cfc2ee02144c6bec945447e6) C:\Windows\system32\drivers\drmkaud.sys
00:03:40.0819 1120 drmkaud - ok
00:03:40.0944 1120 DXGKrnl (412964040ce920ff83aff6b5b551bf99) C:\Windows\System32\drivers\dxgkrnl.sys
00:03:40.0975 1120 DXGKrnl - ok
00:03:41.0147 1120 E1G60 (264cee7b031a9d6c827f3d0cb031f2fe) C:\Windows\system32\DRIVERS\E1G6032E.sys
00:03:41.0147 1120 E1G60 - ok
00:03:41.0490 1120 Ecache (7343d950a34a95dcb7441642e3e6beef) C:\Windows\system32\drivers\ecache.sys
00:03:41.0490 1120 Ecache - ok
00:03:41.0787 1120 ElbyCDIO (15814b675e9d08953f2c64e4e5ccb4f4) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:03:41.0787 1120 ElbyCDIO - ok
00:03:41.0896 1120 elxstor (c4636d6e10469404ab5308d9fd45ed07) C:\Windows\system32\drivers\elxstor.sys
00:03:41.0974 1120 elxstor - ok
00:03:42.0270 1120 ErrDev (bc3a58e938bb277e46bf4b3003b01abd) C:\Windows\system32\drivers\errdev.sys
00:03:42.0270 1120 ErrDev - ok
00:03:42.0520 1120 exfat (2a546b9a84658b0554b1ec35cd9adaf5) C:\Windows\system32\drivers\exfat.sys
00:03:42.0535 1120 exfat - ok
00:03:42.0645 1120 fastfat (fe731d345ed9eeabbc72a59b35941834) C:\Windows\system32\drivers\fastfat.sys
00:03:42.0660 1120 fastfat - ok
00:03:42.0769 1120 fdc (81b79b6df71fa1d2c6d688d830616e39) C:\Windows\system32\DRIVERS\fdc.sys
00:03:42.0769 1120 fdc - ok
00:03:42.0925 1120 FileInfo (457b7d1d533e4bd62a99aed9c7bb4c59) C:\Windows\system32\drivers\fileinfo.sys
00:03:42.0925 1120 FileInfo - ok
00:03:43.0035 1120 Filetrace (d421327fd6efccaf884a54c58e1b0d7f) C:\Windows\system32\drivers\filetrace.sys
00:03:43.0050 1120 Filetrace - ok
00:03:43.0222 1120 flpydisk (230923ea2b80f79b0f88d90f87b87ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
00:03:43.0222 1120 flpydisk - ok
00:03:43.0347 1120 FltMgr (7dacf1a3a4219575070c6dc7c957428a) C:\Windows\system32\drivers\fltmgr.sys
00:03:43.0362 1120 FltMgr - ok
00:03:43.0503 1120 Fs_Rec (29d99e860a1ca0a03c6a733fdd0da703) C:\Windows\system32\drivers\Fs_Rec.sys
00:03:43.0503 1120 Fs_Rec - ok
00:03:43.0627 1120 gagp30kx (c8e416668d3dc2be3d4fe4c79224997f) C:\Windows\system32\drivers\gagp30kx.sys
00:03:43.0627 1120 gagp30kx - ok
00:03:43.0783 1120 GEARAspiWDM (cb121f1009623e83ebcc2c4dcef6d3fe) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
00:03:43.0783 1120 GEARAspiWDM - ok
00:03:43.0986 1120 HdAudAddService (df45f8142dc6df9d18c39b3effbd0409) C:\Windows\system32\drivers\HdAudio.sys
00:03:43.0986 1120 HdAudAddService - ok
00:03:44.0142 1120 HDAudBus (0c0d0f8a3ff09ecc81963d09ec6a0a84) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:03:44.0142 1120 HDAudBus - ok
00:03:44.0392 1120 HidBth (824fd154b9371e42adb67590bded5f6c) C:\Windows\system32\DRIVERS\hidbth.sys
00:03:44.0392 1120 HidBth - ok
00:03:44.0501 1120 HidIr (4e77a77e2c986e8f88f996bb3e1ad829) C:\Windows\system32\drivers\hidir.sys
00:03:44.0501 1120 HidIr - ok
00:03:44.0719 1120 HidUsb (128e2da8483fdd4dd0c7b3f9abd6f323) C:\Windows\system32\DRIVERS\hidusb.sys
00:03:44.0735 1120 HidUsb - ok
00:03:44.0891 1120 HpCISSs (d7109a1e6bd2dfdbcba72a6bc626a13b) C:\Windows\system32\drivers\hpcisss.sys
00:03:44.0891 1120 HpCISSs - ok
00:03:44.0969 1120 HpqKbFiltr (0ecc54fd34d6a089c300846b011e81d6) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
00:03:44.0969 1120 HpqKbFiltr - ok
00:03:44.0985 1120 HpqRemHid (e53d53d66d61794af8160741946d0b43) C:\Windows\system32\DRIVERS\HpqRemHid.sys
00:03:44.0985 1120 HpqRemHid - ok
00:03:45.0094 1120 HSFHWAZL (57ba73b5b321291e5114cb21350e1ea0) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
00:03:45.0094 1120 HSFHWAZL - ok
00:03:45.0172 1120 HSF_DPV (e6cd7f641916484b0141d191a390d866) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
00:03:45.0219 1120 HSF_DPV - ok
00:03:45.0281 1120 HTTP (1d02eb5af9425f3596fe19d37c402535) C:\Windows\system32\drivers\HTTP.sys
00:03:45.0312 1120 HTTP - ok
00:03:45.0343 1120 i2omp (da94c854cea5fac549d4e1f6e88349e8) C:\Windows\system32\drivers\i2omp.sys
00:03:45.0343 1120 i2omp - ok
00:03:45.0421 1120 i8042prt (cbb597659a2713ce0c9cc20c88c7591f) C:\Windows\system32\DRIVERS\i8042prt.sys
00:03:45.0437 1120 i8042prt - ok
00:03:45.0499 1120 iaStor (16a4671255cfb842225f0fdb6dbdb414) C:\Windows\system32\DRIVERS\iaStor.sys
00:03:45.0499 1120 iaStor - ok
00:03:45.0546 1120 iaStorV (3e3bf3627d886736d0b4e90054f929f6) C:\Windows\system32\drivers\iastorv.sys
00:03:45.0562 1120 iaStorV - ok
00:03:45.0640 1120 iirsp (8c3951ad2fe886ef76c7b5027c3125d3) C:\Windows\system32\drivers\iirsp.sys
00:03:45.0640 1120 iirsp - ok
00:03:45.0796 1120 IntcAzAudAddService (296a2c63c4115a6e368f4c1c54e6d904) C:\Windows\system32\drivers\RTKVHD64.sys
00:03:45.0811 1120 IntcAzAudAddService - ok
00:03:45.0858 1120 intelide (df797a12176f11b2d301c5b234bb200e) C:\Windows\system32\drivers\intelide.sys
00:03:45.0858 1120 intelide - ok
00:03:45.0921 1120 intelppm (bfd84af32fa1bad6231c4585cb469630) C:\Windows\system32\DRIVERS\intelppm.sys
00:03:45.0921 1120 intelppm - ok
00:03:45.0999 1120 IpFilterDriver (99b821f5bebd6a3cc3fe564f802ae0fd) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:03:45.0999 1120 IpFilterDriver - ok
00:03:46.0014 1120 IpInIp - ok
00:03:46.0077 1120 IPMIDRV (9c2ee2e6e5a7203bfae15c299475ec67) C:\Windows\system32\drivers\ipmidrv.sys
00:03:46.0077 1120 IPMIDRV - ok
00:03:46.0139 1120 IPNAT (b7e6212f581ea5f6ab0c3a6ceeeb89be) C:\Windows\system32\DRIVERS\ipnat.sys
00:03:46.0139 1120 IPNAT - ok
00:03:46.0201 1120 IRENUM (8c42ca155343a2f11d29feca67faa88d) C:\Windows\system32\drivers\irenum.sys
00:03:46.0217 1120 IRENUM - ok
00:03:46.0279 1120 isapnp (0672bfcedc6fc468a2b0500d81437f4f) C:\Windows\system32\drivers\isapnp.sys
00:03:46.0279 1120 isapnp - ok
00:03:46.0342 1120 iScsiPrt (49e4ccbf74783fce5d2cc1ff6480e1f4) C:\Windows\system32\DRIVERS\msiscsi.sys
00:03:46.0342 1120 iScsiPrt - ok
00:03:46.0373 1120 iteatapi (63c766cdc609ff8206cb447a65abba4a) C:\Windows\system32\drivers\iteatapi.sys
00:03:46.0373 1120 iteatapi - ok
00:03:46.0435 1120 iteraid (1281fe73b17664631d12f643cbea3f59) C:\Windows\system32\drivers\iteraid.sys
00:03:46.0435 1120 iteraid - ok
00:03:46.0467 1120 kbdclass (423696f3ba6472dd17699209b933bc26) C:\Windows\system32\DRIVERS\kbdclass.sys
00:03:46.0467 1120 kbdclass - ok
00:03:46.0529 1120 kbdhid (bf8783a5066cfecf45095459e8010fa7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:03:46.0529 1120 kbdhid - ok
00:03:46.0623 1120 KSecDD (ccdcce6224e1e207e953af826b98a9d9) C:\Windows\system32\Drivers\ksecdd.sys
00:03:46.0654 1120 KSecDD - ok
00:03:46.0669 1120 ksthunk (1d419cf43db29396ecd7113d129d94eb) C:\Windows\system32\drivers\ksthunk.sys
00:03:46.0669 1120 ksthunk - ok
00:03:46.0794 1120 LEqdUsb (becbd7cd46776b8739ee18061f45a581) C:\Windows\system32\DRIVERS\LEqdUsb.Sys
00:03:46.0794 1120 LEqdUsb - ok
00:03:46.0872 1120 LHidEqd (21d6bd7d62c270059eb8e2b1d4095880) C:\Windows\system32\DRIVERS\LHidEqd.Sys
00:03:46.0872 1120 LHidEqd - ok
00:03:46.0966 1120 LHidFilt (b6552d382ff070b4ed34cbd6737277c0) C:\Windows\system32\DRIVERS\LHidFilt.Sys
00:03:46.0966 1120 LHidFilt - ok
00:03:46.0997 1120 lltdio (96ece2659b6654c10a0c310ae3a6d02c) C:\Windows\system32\DRIVERS\lltdio.sys
00:03:47.0013 1120 lltdio - ok
00:03:47.0137 1120 LMouFilt (73c1f563ab73d459dffe682d66476558) C:\Windows\system32\DRIVERS\LMouFilt.Sys
00:03:47.0137 1120 LMouFilt - ok
00:03:47.0169 1120 LSI_FC (acbe1af32d3123e330a07bfbc5ec4a9b) C:\Windows\system32\drivers\lsi_fc.sys
00:03:47.0184 1120 LSI_FC - ok
00:03:47.0200 1120 LSI_SAS (799ffb2fc4729fa46d2157c0065b3525) C:\Windows\system32\drivers\lsi_sas.sys
00:03:47.0200 1120 LSI_SAS - ok
00:03:47.0231 1120 LSI_SCSI (f445ff1daad8a226366bfaf42551226b) C:\Windows\system32\drivers\lsi_scsi.sys
00:03:47.0231 1120 LSI_SCSI - ok
00:03:47.0262 1120 luafv (52f87b9cc8932c2a7375c3b2a9be5e3e) C:\Windows\system32\drivers\luafv.sys
00:03:47.0278 1120 luafv - ok
00:03:47.0387 1120 LUsbFilt (9d9714e78eac9e5368208649489c920e) C:\Windows\system32\Drivers\LUsbFilt.Sys
00:03:47.0387 1120 LUsbFilt - ok
00:03:47.0481 1120 massfilter (23488767cb18fc3ff39e3af1db3fb02c) C:\Windows\system32\drivers\massfilter.sys
00:03:47.0481 1120 massfilter - ok
00:03:47.0543 1120 megasas (5c5cd6aaced32fb26c3fb34b3dcf972f) C:\Windows\system32\drivers\megasas.sys
00:03:47.0543 1120 megasas - ok
00:03:47.0590 1120 MegaSR (859bc2436b076c77c159ed694acfe8f8) C:\Windows\system32\drivers\megasr.sys
00:03:47.0605 1120 MegaSR - ok
00:03:47.0715 1120 Modem (59848d5cc74606f0ee7557983bb73c2e) C:\Windows\system32\drivers\modem.sys
00:03:47.0715 1120 Modem - ok
00:03:47.0793 1120 monitor (c247cc2a57e0a0c8c6dccf7807b3e9e5) C:\Windows\system32\DRIVERS\monitor.sys
00:03:47.0793 1120 monitor - ok
00:03:47.0808 1120 mouclass (9367304e5e412b120cf5f4ea14e4e4f1) C:\Windows\system32\DRIVERS\mouclass.sys
00:03:47.0808 1120 mouclass - ok
00:03:47.0855 1120 mouhid (c2c2bd5c5ce5aaf786ddd74b75d2ac69) C:\Windows\system32\DRIVERS\mouhid.sys
00:03:47.0855 1120 mouhid - ok
00:03:47.0886 1120 MountMgr (11bc9b1e8801b01f7f6adb9ead30019b) C:\Windows\system32\drivers\mountmgr.sys
00:03:47.0886 1120 MountMgr - ok
00:03:47.0949 1120 mpio (f8276eb8698142884498a528dfea8478) C:\Windows\system32\drivers\mpio.sys
00:03:47.0964 1120 mpio - ok
00:03:47.0995 1120 mpsdrv (c92b9abdb65a5991e00c28f13491dba2) C:\Windows\system32\drivers\mpsdrv.sys
00:03:47.0995 1120 mpsdrv - ok
00:03:48.0027 1120 Mraid35x (3c200630a89ef2c0864d515b7a75802e) C:\Windows\system32\drivers\mraid35x.sys
00:03:48.0027 1120 Mraid35x - ok
00:03:48.0042 1120 MRxDAV (fe2706c15f8345c342820e4e4583fea0) C:\Windows\system32\drivers\mrxdav.sys
00:03:48.0058 1120 MRxDAV - ok
00:03:48.0089 1120 mrxsmb (8e01ed1d845b0dac094a9be50d426187) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:03:48.0089 1120 mrxsmb - ok
00:03:48.0136 1120 mrxsmb10 (fbe643c568f40e6cc386e549013aec99) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:03:48.0136 1120 mrxsmb10 - ok
00:03:48.0151 1120 mrxsmb20 (168da84ebf8afbc6e8f8ee229cc6dc9f) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:03:48.0151 1120 mrxsmb20 - ok
00:03:48.0229 1120 msahci (1ac860612b85d8e85ee257d372e39f4d) C:\Windows\system32\drivers\msahci.sys
00:03:48.0229 1120 msahci - ok
00:03:48.0261 1120 msdsm (264bbb4aaf312a485f0e44b65a6b7202) C:\Windows\system32\drivers\msdsm.sys
00:03:48.0261 1120 msdsm - ok
00:03:48.0276 1120 Msfs (704f59bfc4512d2bb0146aec31b10a7c) C:\Windows\system32\drivers\Msfs.sys
00:03:48.0276 1120 Msfs - ok
00:03:48.0339 1120 msisadrv (00ebc952961664780d43dca157e79b27) C:\Windows\system32\drivers\msisadrv.sys
00:03:48.0339 1120 msisadrv - ok
00:03:48.0448 1120 MSKSSRV (0ea73e498f53b96d83dbfca074ad4cf8) C:\Windows\system32\drivers\MSKSSRV.sys
00:03:48.0448 1120 MSKSSRV - ok
00:03:48.0495 1120 MSPCLOCK (52e59b7e992a58e740aa63f57edbae8b) C:\Windows\system32\drivers\MSPCLOCK.sys
00:03:48.0495 1120 MSPCLOCK - ok
00:03:48.0526 1120 MSPQM (49084a75bae043ae02d5b44d02991bb2) C:\Windows\system32\drivers\MSPQM.sys
00:03:48.0541 1120 MSPQM - ok
00:03:48.0573 1120 MsRPC (b8e32e6103fbba9fbb1d0c11ff0d13b5) C:\Windows\system32\drivers\MsRPC.sys
00:03:48.0573 1120 MsRPC - ok
00:03:48.0604 1120 mssmbios (855796e59df77ea93af46f20155bf55b) C:\Windows\system32\DRIVERS\mssmbios.sys
00:03:48.0604 1120 mssmbios - ok
00:03:48.0619 1120 MSTEE (86d632d75d05d5b7c7c043fa3564ae86) C:\Windows\system32\drivers\MSTEE.sys
00:03:48.0619 1120 MSTEE - ok
00:03:48.0651 1120 Mup (ddf133501f68d6988a0f55dfa88637b4) C:\Windows\system32\Drivers\mup.sys
00:03:48.0666 1120 Mup - ok
00:03:48.0744 1120 NativeWifiP (73b99c98fa3a2ed1566e02d6fe1913a5) C:\Windows\system32\DRIVERS\nwifi.sys
00:03:48.0760 1120 NativeWifiP - ok
00:03:48.0869 1120 NDIS (2a2ee457af36c5c9a6808c768bd3a12b) C:\Windows\system32\drivers\ndis.sys
00:03:48.0885 1120 NDIS - ok
00:03:48.0900 1120 NdisTapi (64df698a425478e321981431ac171334) C:\Windows\system32\DRIVERS\ndistapi.sys
00:03:48.0900 1120 NdisTapi - ok
00:03:48.0931 1120 Ndisuio (8baa43196d7b5bb972c9a6b2bbf61a19) C:\Windows\system32\DRIVERS\ndisuio.sys
00:03:48.0931 1120 Ndisuio - ok
00:03:48.0947 1120 NdisWan (52e3e8e35101399be9b2938c992aa087) C:\Windows\system32\DRIVERS\ndiswan.sys
00:03:48.0947 1120 NdisWan - ok
00:03:48.0978 1120 NDProxy (9cb77ed7cb72850253e973a2d6afdf49) C:\Windows\system32\drivers\NDProxy.sys
00:03:48.0978 1120 NDProxy - ok
00:03:49.0041 1120 NetBIOS (a499294f5029a7862adc115bda7371ce) C:\Windows\system32\DRIVERS\netbios.sys
00:03:49.0056 1120 NetBIOS - ok
00:03:49.0072 1120 netbt (7a29ca243a629230799754162d80120f) C:\Windows\system32\DRIVERS\netbt.sys
00:03:49.0087 1120 netbt - ok
00:03:49.0275 1120 NETw4v64 (dae4178cf30cf07df3c53837ee5e96a7) C:\Windows\system32\DRIVERS\NETw4v64.sys
00:03:49.0368 1120 NETw4v64 - ok
00:03:49.0415 1120 nfrd960 (4ac08bd6af2df42e0c3196d826c8aea7) C:\Windows\system32\drivers\nfrd960.sys
00:03:49.0415 1120 nfrd960 - ok
00:03:49.0509 1120 Npfs (b06154e2a2c91e9be5599fca53bc4cd0) C:\Windows\system32\drivers\Npfs.sys
00:03:49.0509 1120 Npfs - ok
00:03:49.0524 1120 nsiproxy (1523af19ee8b030ba682f7a53537eaeb) C:\Windows\system32\drivers\nsiproxy.sys
00:03:49.0524 1120 nsiproxy - ok
00:03:49.0587 1120 Ntfs (fe86ba5ac3b50e2ca911e9c60c07b638) C:\Windows\system32\drivers\Ntfs.sys
00:03:49.0618 1120 Ntfs - ok
00:03:49.0633 1120 Null (dd5d684975352b85b52e3fd5347c20cb) C:\Windows\system32\drivers\Null.sys
00:03:49.0633 1120 Null - ok
00:03:49.0727 1120 NVENETFD (9733f305fa84aaf84e7fb09c0b345adb) C:\Windows\system32\DRIVERS\nvm60x64.sys
00:03:49.0758 1120 NVENETFD - ok
00:03:50.0148 1120 nvlddmkm (fd39b98ff1bb8ed3848781497e9d02e0) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:03:50.0211 1120 nvlddmkm - ok
00:03:50.0242 1120 nvraid (2c040b7ada5b06f6facadac8514aa034) C:\Windows\system32\drivers\nvraid.sys
00:03:50.0257 1120 nvraid - ok
00:03:50.0289 1120 nvstor (f7ea0fe82842d05eda3efdd376dbfdba) C:\Windows\system32\drivers\nvstor.sys
00:03:50.0289 1120 nvstor - ok
00:03:50.0335 1120 nv_agp (19067ca93075ef4823e3938a686f532f) C:\Windows\system32\drivers\nv_agp.sys
00:03:50.0351 1120 nv_agp - ok
00:03:50.0351 1120 NwlnkFlt - ok
00:03:50.0367 1120 NwlnkFwd - ok
00:03:50.0460 1120 ohci1394 (1b30103fde512915a9214b108b6e7a9c) C:\Windows\system32\DRIVERS\ohci1394.sys
00:03:50.0460 1120 ohci1394 - ok
00:03:50.0538 1120 Parport (aecd57f94c887f58919f307c35498ea0) C:\Windows\system32\drivers\parport.sys
00:03:50.0538 1120 Parport - ok
00:03:50.0585 1120 partmgr (5ab40c36894f4c06bdab0c9a2fba282d) C:\Windows\system32\drivers\partmgr.sys
00:03:50.0585 1120 partmgr - ok
00:03:50.0601 1120 pci (2a5b2a51559066ea84742909b5b2cd69) C:\Windows\system32\drivers\pci.sys
00:03:50.0601 1120 pci - ok
00:03:50.0663 1120 pciide (8d618c829034479985a9ed56106cc732) C:\Windows\system32\drivers\pciide.sys
00:03:50.0663 1120 pciide - ok
00:03:50.0694 1120 pcmcia (037661f3d7c507c9993b7010ceee6288) C:\Windows\system32\drivers\pcmcia.sys
00:03:50.0710 1120 pcmcia - ok
00:03:50.0803 1120 PCTCore (54e013b6d55b81c0aa1ebea80ff42383) C:\Windows\system32\drivers\PCTCore64.sys
00:03:50.0819 1120 PCTCore - ok
00:03:50.0897 1120 pctDS (ff43e3b1687e4e2140de6349ea5c7372) C:\Windows\system32\drivers\pctDS64.sys
00:03:50.0897 1120 pctDS - ok
00:03:50.0944 1120 pctEFA (60e9a05852af7e9cb11237c00aee4ccf) C:\Windows\system32\drivers\pctEFA64.sys
00:03:50.0975 1120 pctEFA - ok
00:03:51.0006 1120 PEAUTH (58865916f53592a61549b04941bfd80d) C:\Windows\system32\drivers\peauth.sys
00:03:51.0022 1120 PEAUTH - ok
00:03:51.0115 1120 PptpMiniport (f5739f2c6db2534c384ad5150808e8f5) C:\Windows\system32\DRIVERS\raspptp.sys
00:03:51.0115 1120 PptpMiniport - ok
00:03:51.0131 1120 Processor (5080e59ecee0bc923f14018803aa7a01) C:\Windows\system32\drivers\processr.sys
00:03:51.0147 1120 Processor - ok
00:03:51.0209 1120 PSched (0e0e205a296095fe4c631e6a4775ad6c) C:\Windows\system32\DRIVERS\pacer.sys
00:03:51.0209 1120 PSched - ok
00:03:51.0256 1120 ql2300 (0b83f4e681062f3839be2ec1d98fd94a) C:\Windows\system32\drivers\ql2300.sys
00:03:51.0303 1120 ql2300 - ok
00:03:51.0349 1120 ql40xx (e1c80f8d4d1e39ef9595809c1369bf2a) C:\Windows\system32\drivers\ql40xx.sys
00:03:51.0349 1120 ql40xx - ok
00:03:51.0412 1120 QWAVEdrv (e8d76edab77ec9c634c27b8eac33adc5) C:\Windows\system32\drivers\qwavedrv.sys
00:03:51.0412 1120 QWAVEdrv - ok
00:03:51.0443 1120 RasAcd (1013b3b663a56d3ddd784f581c1bd005) C:\Windows\system32\DRIVERS\rasacd.sys
00:03:51.0443 1120 RasAcd - ok
00:03:51.0521 1120 Rasl2tp (3b9085f91ef00abd15a6f36570e90e12) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:03:51.0521 1120 Rasl2tp - ok
00:03:51.0552 1120 RasPppoe (2ce1703c27196094fb6e4c6e439f2c21) C:\Windows\system32\DRIVERS\raspppoe.sys
00:03:51.0552 1120 RasPppoe - ok
00:03:51.0568 1120 RasSstp (fcd04fa67e8b40fa0ad361dd38593942) C:\Windows\system32\DRIVERS\rassstp.sys
00:03:51.0568 1120 RasSstp - ok
00:03:51.0599 1120 rdbss (33fa5b6136d92ee0f53f021c79091300) C:\Windows\system32\DRIVERS\rdbss.sys
00:03:51.0599 1120 rdbss - ok
00:03:51.0615 1120 RDPCDD (603900cc05f6be65ccbf373800af3716) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:03:51.0615 1120 RDPCDD - ok
00:03:51.0661 1120 rdpdr (c045d1fb111c28df0d1be8d4bda22c06) C:\Windows\system32\drivers\rdpdr.sys
00:03:51.0661 1120 rdpdr - ok
00:03:51.0677 1120 RDPENCDD (cab9421daf3d97b33d0d055858e2c3ab) C:\Windows\system32\drivers\rdpencdd.sys
00:03:51.0677 1120 RDPENCDD - ok
00:03:51.0708 1120 RDPWD (7747082f672aa2846235c9cea42e2e72) C:\Windows\system32\drivers\RDPWD.sys
00:03:51.0724 1120 RDPWD - ok
00:03:51.0802 1120 RFCOMM (f228ce2f778503cecb2b27097b5b3139) C:\Windows\system32\DRIVERS\rfcomm.sys
00:03:51.0802 1120 RFCOMM - ok
00:03:51.0895 1120 rimmptsk (e31960692cbb3a8bcdf300bc1d889e1f) C:\Windows\system32\DRIVERS\rimmpx64.sys
00:03:51.0895 1120 rimmptsk - ok
00:03:51.0927 1120 rimsptsk (82356915157ab59064a24993ae5be8aa) C:\Windows\system32\DRIVERS\rimspx64.sys
00:03:51.0927 1120 rimsptsk - ok
00:03:51.0958 1120 RimUsb - ok
00:03:52.0020 1120 RimVSerPort (c903d49655b4aae46673f0aaa6be0f58) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
00:03:52.0020 1120 RimVSerPort - ok
00:03:52.0051 1120 rismxdp (c01a92a546854a3e34103b642f0f94a1) C:\Windows\system32\DRIVERS\rixdpx64.sys
00:03:52.0051 1120 rismxdp - ok
00:03:52.0098 1120 ROOTMODEM (6a0cf73b019cbc9255e23c9192ec3702) C:\Windows\system32\Drivers\RootMdm.sys
00:03:52.0098 1120 ROOTMODEM - ok
00:03:52.0129 1120 rspndr (22a9cb08b1a6707c1550c6bf099aae73) C:\Windows\system32\DRIVERS\rspndr.sys
00:03:52.0129 1120 rspndr - ok
00:03:52.0223 1120 RTL8169 (d60882145ddf5c03f5357d1e3755e5f2) C:\Windows\system32\DRIVERS\Rtlh64.sys
00:03:52.0223 1120 RTL8169 - ok
00:03:52.0254 1120 sbp2port (cd9c693589c60ad59bbbcfb0e524e01b) C:\Windows\system32\drivers\sbp2port.sys
00:03:52.0254 1120 sbp2port - ok
00:03:52.0317 1120 sdbus (b42ee50f7d24f837f925332eb349eca5) C:\Windows\system32\DRIVERS\sdbus.sys
00:03:52.0317 1120 sdbus - ok
00:03:52.0332 1120 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
00:03:52.0332 1120 secdrv - ok
00:03:52.0379 1120 Serenum (f71bfe7ac6c52273b7c82cbf1bb2a222) C:\Windows\system32\drivers\serenum.sys
00:03:52.0379 1120 Serenum - ok
00:03:52.0395 1120 Serial (e62fac91ee288db29a9696a9d279929c) C:\Windows\system32\drivers\serial.sys
00:03:52.0410 1120 Serial - ok
00:03:52.0441 1120 sermouse (a842f04833684bceea7336211be478df) C:\Windows\system32\drivers\sermouse.sys
00:03:52.0441 1120 sermouse - ok
00:03:52.0488 1120 sffdisk (14d4b4465193a87c127933978e8c4106) C:\Windows\system32\DRIVERS\sffdisk.sys
00:03:52.0504 1120 sffdisk - ok
00:03:52.0519 1120 sffp_mmc (7073aee3f82f3d598e3825962aa98ab2) C:\Windows\system32\drivers\sffp_mmc.sys
00:03:52.0519 1120 sffp_mmc - ok
00:03:52.0551 1120 sffp_sd (35e59ebe4a01a0532ed67975161c7b82) C:\Windows\system32\DRIVERS\sffp_sd.sys
00:03:52.0551 1120 sffp_sd - ok
00:03:52.0566 1120 sfloppy (6b7838c94135768bd455cbdc23e39e5f) C:\Windows\system32\drivers\sfloppy.sys
00:03:52.0566 1120 sfloppy - ok
00:03:52.0613 1120 SiSRaid2 (7a5de502aeb719d4594c6471060a78b3) C:\Windows\system32\drivers\sisraid2.sys
00:03:52.0613 1120 SiSRaid2 - ok
00:03:52.0644 1120 SiSRaid4 (3a2f769fab9582bc720e11ea1dfb184d) C:\Windows\system32\drivers\sisraid4.sys
00:03:52.0644 1120 SiSRaid4 - ok
00:03:52.0691 1120 Smb (41eb2e8e005feedcafce301983eff932) C:\Windows\system32\DRIVERS\smb.sys
00:03:52.0707 1120 Smb - ok
00:03:52.0831 1120 smserial (5f1767b8281eeea159d8a37e33eb04ae) C:\Windows\system32\DRIVERS\smserial.sys
00:03:52.0878 1120 smserial - ok
00:03:53.0065 1120 SNP2UVC (03446998a7d6ca5266a5a952f8669ddf) C:\Windows\system32\DRIVERS\snp2uvc.sys
00:03:53.0175 1120 SNP2UVC - ok
00:03:53.0221 1120 spldr (f9cb0672162f7f04248e2b82c1ff4617) C:\Windows\system32\drivers\spldr.sys
00:03:53.0221 1120 spldr - ok
00:03:53.0299 1120 srv (fc9862dc5e67a6eb31e75feb43c64916) C:\Windows\system32\DRIVERS\srv.sys
00:03:53.0315 1120 srv - ok
00:03:53.0409 1120 srv2 (56e686e35fce7a1931eb05c226bbae81) C:\Windows\system32\DRIVERS\srv2.sys
00:03:53.0409 1120 srv2 - ok
00:03:53.0424 1120 srvnet (4d0858b640cdbcba671c5439a8ef45cb) C:\Windows\system32\DRIVERS\srvnet.sys
00:03:53.0440 1120 srvnet - ok
00:03:53.0487 1120 swenum (8a851ca908b8b974f89c50d2e18d4f0c) C:\Windows\system32\DRIVERS\swenum.sys
00:03:53.0487 1120 swenum - ok
00:03:53.0533 1120 Symc8xx (2f26a2c6fc96b29beff5d8ed74e6625b) C:\Windows\system32\drivers\symc8xx.sys
00:03:53.0549 1120 Symc8xx - ok
00:03:53.0580 1120 SymIM - ok
00:03:53.0596 1120 SymIMMP - ok
00:03:53.0643 1120 Sym_hi (a909667976d3bccd1df813fed517d837) C:\Windows\system32\drivers\sym_hi.sys
00:03:53.0643 1120 Sym_hi - ok
00:03:53.0674 1120 Sym_u3 (36887b56ec2d98b9c362f6ae4de5b7b0) C:\Windows\system32\drivers\sym_u3.sys
00:03:53.0674 1120 Sym_u3 - ok
00:03:53.0767 1120 SynTP (b432c6063d4c621241c2b6e05ca0c3e3) C:\Windows\system32\DRIVERS\SynTP.sys
00:03:53.0783 1120 SynTP - ok
00:03:53.0892 1120 Tcpip (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\drivers\tcpip.sys
00:03:53.0908 1120 Tcpip - ok
00:03:53.0970 1120 Tcpip6 (3bcd46be9988b09d3510a0ef54f0d65b) C:\Windows\system32\DRIVERS\tcpip.sys
00:03:53.0986 1120 Tcpip6 - ok
00:03:54.0001 1120 tcpipreg (c29d4b3b08ad0b7e8564814e4ff6a57b) C:\Windows\system32\drivers\tcpipreg.sys
00:03:54.0001 1120 tcpipreg - ok
00:03:54.0033 1120 TDPIPE (1d8bf4aaa5fb7a2761475781dc1195bc) C:\Windows\system32\drivers\tdpipe.sys
00:03:54.0033 1120 TDPIPE - ok
00:03:54.0064 1120 TDTCP (7f7e00cdf609df657f4cda02dd1c9bb1) C:\Windows\system32\drivers\tdtcp.sys
00:03:54.0064 1120 TDTCP - ok
00:03:54.0095 1120 tdx (8c39c72e0e853de04748c0337d9b9216) C:\Windows\system32\DRIVERS\tdx.sys
00:03:54.0095 1120 tdx - ok
00:03:54.0111 1120 TermDD (3f0ebf6ee609f2a276c0d5faf244ec90) C:\Windows\system32\DRIVERS\termdd.sys
00:03:54.0111 1120 TermDD - ok
00:03:54.0157 1120 tssecsrv (9e5409cd17c8bef193aad498f3bc2cb8) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:03:54.0157 1120 tssecsrv - ok
00:03:54.0220 1120 tunmp (89ec74a9e602d16a75a4170511029b3c) C:\Windows\system32\DRIVERS\tunmp.sys
00:03:54.0220 1120 tunmp - ok
00:03:54.0267 1120 tunnel (f6a4fba7c03ac2efd00f3301c0c1e067) C:\Windows\system32\DRIVERS\tunnel.sys
00:03:54.0267 1120 tunnel - ok
00:03:54.0282 1120 uagp35 (fec266ef401966311744bd0f359f7f56) C:\Windows\system32\drivers\uagp35.sys
00:03:54.0298 1120 uagp35 - ok
00:03:54.0329 1120 udfs (eca6629e33f122afff18a2ab7c3eb033) C:\Windows\system32\DRIVERS\udfs.sys
00:03:54.0329 1120 udfs - ok
00:03:54.0360 1120 uliagpkx (4ec9447ac3ab462647f60e547208ca00) C:\Windows\system32\drivers\uliagpkx.sys
00:03:54.0360 1120 uliagpkx - ok
00:03:54.0391 1120 uliahci (697f0446134cdc8f99e69306184fbbb4) C:\Windows\system32\drivers\uliahci.sys
00:03:54.0391 1120 uliahci - ok
00:03:54.0423 1120 UlSata (31707f09846056651ea2c37858f5ddb0) C:\Windows\system32\drivers\ulsata.sys
00:03:54.0423 1120 UlSata - ok
00:03:54.0469 1120 ulsata2 (85e5e43ed5b48c8376281bab519271b7) C:\Windows\system32\drivers\ulsata2.sys
00:03:54.0469 1120 ulsata2 - ok
00:03:54.0516 1120 umbus (46e9a994c4fed537dd951f60b86ad3f4) C:\Windows\system32\DRIVERS\umbus.sys
00:03:54.0516 1120 umbus - ok
00:03:54.0563 1120 USBAAPL64 (e1da5e7233ca28371506f112b6dc16e2) C:\Windows\system32\Drivers\usbaapl64.sys
00:03:54.0563 1120 USBAAPL64 - ok
00:03:54.0641 1120 usbccgp (07e3498fc60834219d2356293da0fecc) C:\Windows\system32\DRIVERS\usbccgp.sys
00:03:54.0641 1120 usbccgp - ok
00:03:54.0672 1120 usbcir (9247f7e0b65852c1f6631480984d6ed2) C:\Windows\system32\drivers\usbcir.sys
00:03:54.0672 1120 usbcir - ok
00:03:54.0703 1120 usbehci (da6d8d8ed0a53c63ac6f4bd40fe83fbe) C:\Windows\system32\DRIVERS\usbehci.sys
00:03:54.0703 1120 usbehci - ok
00:03:54.0719 1120 usbhub (99045369ae3216216573d0775fd7ed56) C:\Windows\system32\DRIVERS\usbhub.sys
00:03:54.0735 1120 usbhub - ok
00:03:54.0750 1120 usbohci (540b622da0949695c40cdc9d5d497a8b) C:\Windows\system32\DRIVERS\usbohci.sys
00:03:54.0766 1120 usbohci - ok
00:03:54.0813 1120 usbprint (28b693b6d31e7b9332c1bdcefef228c1) C:\Windows\system32\DRIVERS\usbprint.sys
00:03:54.0813 1120 usbprint - ok
00:03:54.0891 1120 usbscan (ea0bf666868964fbe8cb10e50c97b9f1) C:\Windows\system32\DRIVERS\usbscan.sys
00:03:54.0891 1120 usbscan - ok
00:03:54.0969 1120 USBSTOR (586d9876a4945779c8eea926c0d16889) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:03:54.0969 1120 USBSTOR - ok
00:03:55.0000 1120 usbuhci (b2872cbf9f47316abd0e0c74a1aba507) C:\Windows\system32\DRIVERS\usbuhci.sys
00:03:55.0000 1120 usbuhci - ok
00:03:55.0062 1120 usbvideo (fc33099877790d51b0927b7039059855) C:\Windows\system32\Drivers\usbvideo.sys
00:03:55.0078 1120 usbvideo - ok
00:03:55.0140 1120 VClone (8fc6e3d302550a06c7c5db9f1ab54193) C:\Windows\system32\DRIVERS\VClone.sys
00:03:55.0140 1120 VClone - ok
00:03:55.0187 1120 vga (916b94bcf1e09873fff2d5fb11767bbc) C:\Windows\system32\DRIVERS\vgapnp.sys
00:03:55.0187 1120 vga - ok
00:03:55.0218 1120 VgaSave (b83ab16b51feda65dd81b8c59d114d63) C:\Windows\System32\drivers\vga.sys
00:03:55.0218 1120 VgaSave - ok
00:03:55.0249 1120 viaide (8294b6c3fdb6c33f24e150de647ecdaa) C:\Windows\system32\drivers\viaide.sys
00:03:55.0249 1120 viaide - ok
00:03:55.0281 1120 volmgr (793d9b32a1c462c91f6f70358283ac97) C:\Windows\system32\drivers\volmgr.sys
00:03:55.0281 1120 volmgr - ok
00:03:55.0312 1120 volmgrx (5aa217da5dc4ff5b9ac9ab86563b3223) C:\Windows\system32\drivers\volmgrx.sys
00:03:55.0327 1120 volmgrx - ok
00:03:55.0343 1120 volsnap (de4307412d98050239026e56a7dff3c0) C:\Windows\system32\drivers\volsnap.sys
00:03:55.0359 1120 volsnap - ok
00:03:55.0390 1120 vsmraid (a68f455ed2673835209318dd61bfbb0e) C:\Windows\system32\drivers\vsmraid.sys
00:03:55.0390 1120 vsmraid - ok
00:03:55.0452 1120 WacomPen (fef8fe5923fead2cee4dfabfce3393a7) C:\Windows\system32\drivers\wacompen.sys
00:03:55.0452 1120 WacomPen - ok
00:03:55.0530 1120 Wanarp (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
00:03:55.0530 1120 Wanarp - ok
00:03:55.0530 1120 Wanarpv6 (aea75207e443c8623c36b8d03596f84f) C:\Windows\system32\DRIVERS\wanarp.sys
00:03:55.0530 1120 Wanarpv6 - ok
00:03:55.0577 1120 Wd (0c17a0816f65b89e362e682ad5e7266e) C:\Windows\system32\drivers\wd.sys
00:03:55.0577 1120 Wd - ok
00:03:55.0655 1120 WDC_SAM (a3d04ebf5227886029b4532f20d026f7) C:\Windows\system32\DRIVERS\wdcsam64.sys
00:03:55.0655 1120 WDC_SAM - ok
00:03:55.0702 1120 Wdf01000 (d02e7e4567da1e7582fbf6a91144b0df) C:\Windows\system32\drivers\Wdf01000.sys
00:03:55.0749 1120 Wdf01000 - ok
00:03:55.0827 1120 winachsf (b5c348b265178fb9ee55addb3929485d) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
00:03:55.0842 1120 winachsf - ok
00:03:55.0905 1120 WmiAcpi (e18aebaaa5a773fe11aa2c70f65320f5) C:\Windows\system32\DRIVERS\wmiacpi.sys
00:03:55.0905 1120 WmiAcpi - ok
00:03:55.0967 1120 WpdUsb (6329d1990db931073b86ab5946d8e317) C:\Windows\system32\DRIVERS\wpdusb.sys
00:03:55.0967 1120 WpdUsb - ok
00:03:55.0998 1120 ws2ifsl (8a900348370e359b6bff6a550e4649e1) C:\Windows\system32\drivers\ws2ifsl.sys
00:03:55.0998 1120 ws2ifsl - ok
00:03:56.0076 1120 WUDFRd (501a65252617b495c0f1832f908d54d8) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:03:56.0076 1120 WUDFRd - ok
00:03:56.0170 1120 ZTEusbmdm6k (f98415e5b83742c901d0a336972509a0) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
00:03:56.0170 1120 ZTEusbmdm6k - ok
00:03:56.0232 1120 ZTEusbnmea (f98415e5b83742c901d0a336972509a0) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
00:03:56.0232 1120 ZTEusbnmea - ok
00:03:56.0295 1120 ZTEusbser6k (f98415e5b83742c901d0a336972509a0) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
00:03:56.0310 1120 ZTEusbser6k - ok
00:03:56.0419 1120 {22D78859-9CE9-4B77-BF18-AC83E81A9263} (6839fa0c104dbbdd989e2eac27acb761) C:\Program Files (x86)\HP\QuickPlay\000.fcl
00:03:56.0419 1120 {22D78859-9CE9-4B77-BF18-AC83E81A9263} - ok
00:03:56.0435 1120 MBR (0x1B8) (1a1a06f62e891045814007163c1c76c3) \Device\Harddisk0\DR0
00:03:56.0529 1120 \Device\Harddisk0\DR0 - ok
00:03:56.0529 1120 Boot (0x1200) (5677464115c84c5a53450624e28d414c) \Device\Harddisk0\DR0\Partition0
00:03:56.0529 1120 \Device\Harddisk0\DR0\Partition0 - ok
00:03:56.0529 1120 Boot (0x1200) (a45bf8a283d082db271f840a2c795d88) \Device\Harddisk0\DR0\Partition1
00:03:56.0544 1120 \Device\Harddisk0\DR0\Partition1 - ok
00:03:56.0544 1120 ============================================================
00:03:56.0544 1120 Scan finished
00:03:56.0544 1120 ============================================================
00:03:56.0560 4432 Detected object count: 0
00:03:56.0560 4432 Actual detected object count: 0


I'll stand by for next steps. Thx :)

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 03 February 2012 - 12:29 AM

Hello

This is the tool I would like you to try and run next.

Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 03 February 2012 - 08:11 AM

Hi Gringo,

As instructed, below is the aswMBR log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 01:20:50
-----------------------------
01:20:50.209 OS Version: Windows x64 6.0.6001 Service Pack 1
01:20:50.209 Number of processors: 2 586 0xF0D
01:20:50.224 ComputerName: HOTLAPEVENTPC UserName: HotLapEvents
01:20:52.720 Initialize success
01:21:40.243 AVAST engine defs: 12020202
01:21:55.375 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
01:21:55.375 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
01:21:55.422 Disk 0 MBR read successfully
01:21:55.438 Disk 0 MBR scan
01:21:55.438 Disk 0 unknown MBR code
01:21:55.453 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291484 MB offset 63
01:21:55.484 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13758 MB offset 596959335
01:21:55.500 Service scanning
01:21:57.154 Modules scanning
01:21:57.154 Disk 0 trace - called modules:
01:21:57.154 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys iaStor.sys hal.dll
01:21:57.154 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006714790]
01:21:57.169 3 CLASSPNP.SYS[fffffa600140db3a] -> nt!IofCallDriver -> [0xfffffa800660f7c0]
01:21:57.169 5 PCTCore64.sys[fffffa6000b6b094] -> nt!IofCallDriver -> [0xfffffa8004a652a0]
01:21:57.169 7 acpi.sys[fffffa6000938ff6] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bfa050]
01:21:59.790 AVAST engine scan C:\Windows
01:22:06.061 AVAST engine scan C:\Windows\system32
01:25:41.778 AVAST engine scan C:\Windows\system32\drivers
01:26:04.024 AVAST engine scan C:\Users\HotLapEvents
02:19:55.158 AVAST engine scan C:\ProgramData
02:44:34.506 Scan finished successfully
08:06:44.638 Disk 0 MBR has been saved successfully to "C:\Users\HotLapEvents\Desktop\MBR.dat"
08:06:44.653 The log file has been saved successfully to "C:\Users\HotLapEvents\Desktop\log-aswMBR.txt"


I look forward to hearing back from you on the next steps. Cheers

AJ

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 03 February 2012 - 08:15 AM

Re-Run aswMBR

  • Click Scan
  • On completion of the scan, click the FIXMBR button
  • There is a slight pause after clicking the 'Fix' button.
  • Wait for the tool to report 'Infection fixed successfully', now reboot the machine.
  • Rebooting the machine prematurely, before seeing this line will result in an incomplete fix.

    Note:After the 'Infection fixed successfully' message appears, the machine may became unresponsive. You may have to do a hard boot of your machine. That may be a side effect from the fix. All will be well after the reboot.
  • Save the log as before and post in your next reply.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 04 February 2012 - 01:22 AM

Hi Gringo,

As instructed I ran the aswMBR scan again. When it was successfully complete I then clicked the FixMBR button. I should mention that I felt that the process went quite quick. I don't know if it was done correctly, but I'm sure you'll see if I did not do anything right you'll see it in the log. The "Scan" button was still greyed out when I clicked the FixMBR button but I clicked it because the message "Scan finished successfully" was posted for over a couple of hours and there did not seem like there were any further processes going on. Anyways, I don't know if that info is helpful, but I'd like to provide you with anything that would make it easier to diagnose and fix my problem. In any case, the following is the log:


aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-03 21:21:12
-----------------------------
21:21:12.394 OS Version: Windows x64 6.0.6001 Service Pack 1
21:21:12.394 Number of processors: 2 586 0xF0D
21:21:12.394 ComputerName: HOTLAPEVENTPC UserName: HotLapEvents
21:21:14.407 Initialize success
21:21:25.046 AVAST engine defs: 12020202
21:27:58.369 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:27:58.384 Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:27:58.400 Disk 0 MBR read successfully
21:27:58.400 Disk 0 MBR scan
21:27:58.415 Disk 0 unknown MBR code
21:27:58.415 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 291484 MB offset 63
21:27:58.478 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 13758 MB offset 596959335
21:27:58.493 Service scanning
21:28:00.147 Modules scanning
21:28:00.147 Disk 0 trace - called modules:
21:28:00.147 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore64.sys acpi.sys iaStor.sys hal.dll
21:28:00.163 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80058d2790]
21:28:00.163 3 CLASSPNP.SYS[fffffa6001408b3a] -> nt!IofCallDriver -> [0xfffffa8006729cf0]
21:28:00.163 5 PCTCore64.sys[fffffa6000b66094] -> nt!IofCallDriver -> [0xfffffa8004bbd270]
21:28:00.178 7 acpi.sys[fffffa6000944ff6] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004bff050]
21:28:01.348 AVAST engine scan C:\Windows
21:28:06.231 AVAST engine scan C:\Windows\system32
21:31:32.401 AVAST engine scan C:\Windows\system32\drivers
21:31:58.265 AVAST engine scan C:\Users\HotLapEvents
22:21:49.628 AVAST engine scan C:\ProgramData
22:35:18.457 Scan finished successfully
00:55:51.538 Verifying
00:56:01.632 Disk 0 Windows 600 MBR fixed successfully
01:00:34.522 Disk 0 MBR has been saved successfully to "C:\Users\HotLapEvents\Desktop\MBR.dat"
01:00:34.538 The log file has been saved successfully to "C:\Users\HotLapEvents\Desktop\log2-aswMBR.txt"


I look forward to hearing back from you. Thx.

AJ

#11 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 04 February 2012 - 01:25 AM

Hi Gringo,

I just wanted to add that after I sent my last msg I went ahead and tested the search from my browser and it still redirected me to the Findgala results page. Thx.

AJ

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 04 February 2012 - 10:57 AM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 06 February 2012 - 01:35 AM

Hi Gringo,

As instructed, below is the contents of the OTL.txt doc that was produced when I ran OTL:

OTL logfile created on: 06/02/2012 1:21:17 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\HotLapEvents\Desktop
64bit-Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6001.18000)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

4.00 Gb Total Physical Memory | 2.12 Gb Available Physical Memory | 53.08% Memory free
8.17 Gb Paging File | 6.35 Gb Available in Paging File | 77.71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.65 Gb Total Space | 16.17 Gb Free Space | 5.68% Space Free | Partition Type: NTFS
Drive D: | 13.44 Gb Total Space | 2.65 Gb Free Space | 19.72% Space Free | Partition Type: NTFS

Computer Name: HOTLAPEVENTPC | User Name: HotLapEvents | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\HotLapEvents\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
PRC - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
PRC - C:\WINDOWS\SysWOW64\SupportAppXL\AutoDect.exe ()
PRC - C:\WINDOWS\vsnp2uvc.exe (Sonix)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
PRC - C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe ()
MOD - C:\WINDOWS\SysWOW64\SupportAppXL\AutoDect.exe ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLTinyDB.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapEngine.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLSchMgr.dll ()
MOD - C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\CLCapSvcps.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (Canon Driver Information Assist Service) -- C:\Program Files\Canon\DIAS\CnxDIAS.exe (CANON INC.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (sdCoreService) -- C:\Program Files (x86)\PC Tools Security\pctsSvc.exe (PC Tools)
SRV - (clr_optimization_v4.0.30319_32) -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (sdAuxService) -- C:\Program Files (x86)\PC Tools Security\pctsAuxs.exe (PC Tools)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) Intel® -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (DpHost) -- C:\Program Files (x86)\DigitalPersona\Bin\DpHostW.exe (DigitalPersona, Inc.)
SRV - (Adobe Version Cue CS3) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe (Adobe Systems Incorporated)
SRV - (Com4Qlb) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe (Hewlett-Packard Development Company, L.P.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (PCTCore) -- C:\Windows\SysNative\drivers\PCTCore64.sys ()
DRV:64bit: - (pctEFA) -- C:\Windows\SysNative\drivers\pctEFA64.sys ()
DRV:64bit: - (pctDS) -- C:\Windows\SysNative\drivers\pctDS64.sys ()
DRV:64bit: - (ZTEusbnmea) -- C:\Windows\SysNative\DRIVERS\ZTEusbnmea.sys ()
DRV:64bit: - (massfilter) -- C:\Windows\SysNative\drivers\massfilter.sys ()
DRV:64bit: - (ZTEusbmdm6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbmdm6k.sys ()
DRV:64bit: - (ZTEusbser6k) -- C:\Windows\SysNative\DRIVERS\ZTEusbser6k.sys ()
DRV:64bit: - (LUsbFilt) -- C:\Windows\SysNative\Drivers\LUsbFilt.Sys ()
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\DRIVERS\LMouFilt.Sys ()
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\DRIVERS\LHidFilt.Sys ()
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\DRIVERS\LHidEqd.Sys ()
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\DRIVERS\LEqdUsb.Sys ()
DRV:64bit: - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\Windows\SysNative\DRIVERS\snp2uvc.sys ()
DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\DRIVERS\RimSerial_AMD64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys ()
DRV:64bit: - (VClone) -- C:\Windows\SysNative\DRIVERS\VClone.sys ()
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\Drivers\ElbyCDIO.sys ()
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\DRIVERS\wdcsam64.sys ()
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys ()
DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\RootMdm.sys ()
DRV:64bit: - (WpdUsb) -- C:\Windows\SysNative\DRIVERS\wpdusb.sys ()
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\DRIVERS\VSTDPV6.SYS ()
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\DRIVERS\VSTCNXT6.SYS ()
DRV:64bit: - (HSFHWAZL) -- C:\Windows\SysNative\DRIVERS\VSTAZL6.SYS ()
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\DRIVERS\sdbus.sys ()
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\DRIVERS\SynTP.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\DRIVERS\iaStor.sys ()
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys ()
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys ()
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\DRIVERS\btwrchid.sys ()
DRV:64bit: - (RTL8169) -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys ()
DRV:64bit: - (ATSWPDRV) AuthenTec TruePrint USB Driver (SwipeSensor) -- C:\Windows\SysNative\DRIVERS\ATSwpDrv.sys ()
DRV:64bit: - (HpqRemHid) -- C:\Windows\SysNative\DRIVERS\HpqRemHid.sys ()
DRV:64bit: - (NETw4v64) Intel® -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys ()
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\DRIVERS\HpqKbFiltr.sys ()
DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys ()
DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys ()
DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\DRIVERS\rimspx64.sys ()
DRV:64bit: - (smserial) -- C:\Windows\SysNative\DRIVERS\smserial.sys ()
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\DRIVERS\nvm60x64.sys ()
DRV:64bit: - (BCM43XV) -- C:\Windows\SysNative\DRIVERS\bcmwl664.sys ()
DRV - ({22D78859-9CE9-4B77-BF18-AC83E81A9263}) -- C:\Program Files (x86)\HP\QuickPlay\000.fcl (Cyberlink Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_ca&c=81&bd=Pavilion&pf=laptop


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.hotlapevents.com/home.htm
IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "https://www.hotlapevents.com/home.htm"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..network.proxy.no_proxies_on: "*.local"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files (x86)\VistaCodecPack\rm\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@veetle.com/vbp;version=0.9.17: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2010/09/16 15:12:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.10\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/04/13 20:56:42 | 000,000,000 | ---D | M]

[2008/12/20 02:52:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HotLapEvents\AppData\Roaming\Mozilla\Extensions
[2012/01/29 21:51:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\HotLapEvents\AppData\Roaming\Mozilla\Firefox\Profiles\5je6twf5.default\extensions
[2010/04/30 01:28:21 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\HotLapEvents\AppData\Roaming\Mozilla\Firefox\Profiles\5je6twf5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/01/22 20:52:57 | 000,001,207 | ---- | M] () -- C:\Users\HotLapEvents\AppData\Roaming\Mozilla\Firefox\Profiles\5je6twf5.default\searchplugins\search.xml
[2010/05/27 11:27:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2010/05/27 11:27:45 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/05/27 11:27:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2012/01/22 20:53:09 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O1 - Hosts: 188.119.151.113 www.google-analytics.com.
O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
O1 - Hosts: 188.119.151.113 www.statcounter.com.
O1 - Hosts: 69.72.252.254 www.google-analytics.com.
O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
O1 - Hosts: 69.72.252.254 www.statcounter.com.
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (ContributeBHO Class) - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS3/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4:64bit: - HKLM..\Run: [snp2uvc] C:\WINDOWS\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe_ID0EYTHM] C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [autodetect] C:\WINDOWS\SysWOW64\SupportAppXL\AutoDect.exe ()
O4 - HKLM..\Run: [DpAgent] C:\Program Files (x86)\DigitalPersona\Bin\DpAgent.exe (DigitalPersona, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Java\jre1.6.0_02\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C1A30C78-808C-4ADF-B5EF-27F164626548} file:///C:/Users/HotLapEvents/AppData/Local/Temp/VerintPlayback.cab (SamuraiCtrl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://intercalltrial.webex.com/client/T26L10NSP49EP30/webex/ieatgpc1.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48026F57-BEA0-426B-86A9-8BFC71F22419}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B86340EA-10F2-4037-B3A5-0E319F8F6557}: DhcpNameServer = 4.2.2.2 205.152.37.23 204.117.214.10
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18 - Protocol\Handler\vsharechrome - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\WINDOWS\SysWOW64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\HotLapEvents\Pictures\screenBg.jpg
O24 - Desktop BackupWallPaper: C:\Users\HotLapEvents\Pictures\screenBg.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/09/11 10:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/06 01:19:45 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\HotLapEvents\Desktop\OTL.exe
[2012/02/03 01:20:34 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\HotLapEvents\Desktop\aswMBR.exe
[2012/02/03 00:02:30 | 002,059,312 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\HotLapEvents\Desktop\tdsskiller.exe
[2012/02/02 15:29:10 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/02/02 15:24:55 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/02/02 15:04:48 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/02/02 15:04:48 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/02/02 15:04:48 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/02/02 15:04:42 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/02/02 15:04:37 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/02/02 15:04:11 | 004,395,020 | R--- | C] (Swearware) -- C:\Users\HotLapEvents\Desktop\ComboFix.exe
[2012/02/01 23:54:15 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\HotLapEvents\Desktop\dds.scr
[2012/02/01 21:42:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Tools Security
[2012/02/01 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Tools Security
[2012/02/01 21:42:26 | 000,000,000 | ---D | C] -- C:\Users\HotLapEvents\AppData\Roaming\PC Tools
[2012/02/01 21:42:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2012/02/01 21:41:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012/01/08 18:40:56 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

========== Files - Modified Within 30 Days ==========

[2012/02/06 01:19:46 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\HotLapEvents\Desktop\OTL.exe
[2012/02/06 01:16:13 | 000,532,070 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012/02/06 01:16:13 | 000,532,070 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012/02/06 01:16:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/06 01:05:30 | 000,000,432 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{A408442F-E644-43C1-9D5B-33F00A3D1E90}.job
[2012/02/06 01:00:15 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/06 01:00:14 | 000,003,216 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/05 00:12:43 | 000,001,414 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2012/02/05 00:10:12 | 4293,320,704 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/04 12:42:58 | 000,002,484 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012/02/04 01:00:34 | 000,000,512 | ---- | M] () -- C:\Users\HotLapEvents\Desktop\MBR.dat
[2012/02/03 01:20:37 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\HotLapEvents\Desktop\aswMBR.exe
[2012/02/03 00:02:48 | 002,059,312 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\HotLapEvents\Desktop\tdsskiller.exe
[2012/02/02 15:04:16 | 004,395,020 | R--- | M] (Swearware) -- C:\Users\HotLapEvents\Desktop\ComboFix.exe
[2012/02/01 23:54:20 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\HotLapEvents\Desktop\dds.scr
[2012/02/01 23:37:27 | 000,000,000 | ---- | M] () -- C:\Users\HotLapEvents\defogger_reenable
[2012/02/01 22:10:26 | 000,000,370 | ---- | M] () -- C:\Users\HotLapEvents\Desktop\regfix.reg
[2012/02/01 21:43:24 | 002,514,506 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/01 21:42:33 | 000,001,840 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/01 21:41:03 | 000,512,992 | ---- | M] () -- C:\Users\HotLapEvents\Desktop\sdsetup_revwire207[1].exe
[2012/01/22 20:53:09 | 000,001,401 | RHS- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/01/08 18:57:13 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/01/08 18:49:31 | 001,495,948 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/08 18:49:31 | 000,681,856 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2012/01/08 18:49:31 | 000,609,196 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/08 18:49:31 | 000,130,648 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2012/01/08 18:49:31 | 000,108,672 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/08 18:40:56 | 569,707,613 | ---- | M] () -- C:\Windows\MEMORY.DMP

========== Files Created - No Company Name ==========

[2012/02/03 08:06:44 | 000,000,512 | ---- | C] () -- C:\Users\HotLapEvents\Desktop\MBR.dat
[2012/02/02 15:04:48 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/02/02 15:04:48 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/02/02 15:04:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/02/02 15:04:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/02/02 15:04:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/02/01 23:37:27 | 000,000,000 | ---- | C] () -- C:\Users\HotLapEvents\defogger_reenable
[2012/02/01 22:08:32 | 000,000,370 | ---- | C] () -- C:\Users\HotLapEvents\Desktop\regfix.reg
[2012/02/01 21:42:40 | 002,514,506 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2012/02/01 21:42:39 | 000,816,016 | ---- | C] () -- C:\Windows\SysNative\drivers\pctEFA64.sys
[2012/02/01 21:42:39 | 000,452,872 | ---- | C] () -- C:\Windows\SysNative\drivers\pctDS64.sys
[2012/02/01 21:42:38 | 000,334,976 | ---- | C] () -- C:\Windows\SysNative\drivers\pctgntdi64.sys
[2012/02/01 21:42:38 | 000,137,704 | ---- | C] () -- C:\Windows\SysNative\drivers\pctwfpfilter64.sys
[2012/02/01 21:42:37 | 000,257,232 | ---- | C] () -- C:\Windows\SysNative\drivers\PCTCore64.sys
[2012/02/01 21:42:33 | 000,001,840 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Doctor.lnk
[2012/02/01 21:42:30 | 000,092,896 | ---- | C] () -- C:\Windows\SysNative\drivers\pctplsg64.sys
[2012/02/01 21:41:03 | 000,512,992 | ---- | C] () -- C:\Users\HotLapEvents\Desktop\sdsetup_revwire207[1].exe
[2012/01/08 18:40:13 | 569,707,613 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2009/12/04 10:48:42 | 000,532,070 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009/12/04 10:48:42 | 000,532,070 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009/04/23 01:22:27 | 000,000,680 | ---- | C] () -- C:\Users\HotLapEvents\AppData\Local\d3d9caps.dat
[2009/04/06 02:18:46 | 000,084,480 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009/04/05 19:37:12 | 000,000,395 | ---- | C] () -- C:\Users\HotLapEvents\AppData\Roaming\settings.ini
[2009/01/15 17:24:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008/12/21 23:41:38 | 000,046,388 | ---- | C] () -- C:\Windows\php.ini
[2008/12/19 13:31:32 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2008/12/19 11:50:43 | 000,181,412 | ---- | C] () -- C:\Users\HotLapEvents\AppData\Roaming\nvModes.001
[2008/12/19 11:50:38 | 000,181,412 | ---- | C] () -- C:\Users\HotLapEvents\AppData\Roaming\nvModes.dat
[2008/12/19 02:13:09 | 000,172,544 | ---- | C] () -- C:\Users\HotLapEvents\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/18 23:51:56 | 000,106,605 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/12/18 23:51:56 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/12/18 21:25:26 | 001,102,146 | ---- | C] () -- C:\ProgramData\LuUninstall.LiveUpdate
[2008/12/18 17:43:22 | 000,101,632 | ---- | C] () -- C:\Windows\hpqins13.dat
[2008/12/07 13:08:06 | 000,795,648 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2008/12/07 13:08:04 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2008/03/20 22:49:13 | 000,002,484 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2008/01/20 21:50:05 | 000,060,124 | ---- | C] () -- C:\Windows\SysWow64\tcpmon.ini
[2008/01/20 21:49:49 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2007/09/04 11:56:10 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2007/02/05 20:05:26 | 000,000,038 | ---- | C] () -- C:\Windows\AviSplitter.INI
[2006/11/02 10:37:05 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:37:14 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2006/11/02 07:24:17 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2006/11/02 07:18:17 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006/11/02 04:47:54 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/05/19 14:39:58 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini

========== Alternate Data Streams ==========

@Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >


I look forward to hearing back from you. Thx.

AJ

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:09:52 PM

Posted 07 February 2012 - 08:07 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    :otl
    IE - HKU\S-1-5-21-2605554684-3630929933-3143514118-1000\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant] LBTWIZ.EXE -silent File not found
    O4:64bit: - HKLM..\Run: [HP Health Check Scheduler] [ProgramFilesFolder]Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe File not found
    O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
    O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
    O18 - Protocol\Handler\vsharechrome - No CLSID value found
    @Alternate Data Stream - 171 bytes -> C:\ProgramData\TEMP:DFC5A2B2   
    O1 - Hosts: 188.119.151.113 www.google-analytics.com.
    O1 - Hosts: 188.119.151.113 ad-emea.doubleclick.net.
    O1 - Hosts: 188.119.151.113 www.statcounter.com.
    O1 - Hosts: 69.72.252.254 www.google-analytics.com.
    O1 - Hosts: 69.72.252.254 ad-emea.doubleclick.net.
    O1 - Hosts: 69.72.252.254 www.statcounter.com.
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 ajtallin

ajtallin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:52 PM

Posted 08 February 2012 - 01:14 AM

Hi Gringo,

I ran the OTL program (both regularly by double clicking it's icon on my desktop and as administrator) and tried to "Run Fix" after pasting the code you provided and each time I tried (tried 3 times, as administrator the last time), as soon as I clicked the "Run Fix" button I got an error popup window saying, "Cannot create file C:\Windows\System32\drivers\etc\Hosts.".

After I clicked ok to remove that error window, the program was unresponsive and didn't seem to be processing anything. I left it alone the first time for approx 3hrs just to see if it would complete any processes and nothing. Have you heard of this problem before? What should I do next?

Thx
AJ




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users