Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Irritating Virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 godcixelsyd

godcixelsyd

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 28 February 2012 - 07:24 PM

If I'm not posting in the right area please redirect me to where I need to be :) well, my co-worker brought me her laptop to do virus removal because I commonly help out my friends with this kind of thing. This one has put me in a corner and I have no clue where to go from here. I have been researching and tried almost every solution I have been able to find. I finally got the firewall back up, can now ping in and out, but am unable to fully load a webpage. I have removed all antivirus software I can find, but it just refuses to work. Here is a RSIT log file.


Logfile of random's system information tool 1.09 (written by random/random)
Run by usert at 2012-02-28 19:14:58
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 238 GB (81%) free of 293 GB
Total RAM: 3003 MB (59% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:15:22 PM, on 2/28/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
G:\RSIT.exe
C:\Program Files (x86)\trend micro\usert.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: HelloWorldBHO - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (file missing)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {BEA7310D-06C4-4339-A784-DC3804819809} (Photo Upload Plugin Class) - http://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} (WRC Class) - http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
O16 - DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} (CPlayFirstDinerDashControl Object) - http://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Application Layer Gateway Service (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Unknown owner - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - Unknown owner - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Office Source Engine (ose) - Unknown owner - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebClient (WebClient32) - Unknown owner - c:\windows\system32\wpc32.exe (file missing)
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9205 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\HPCeeScheduleForusert.job
C:\Windows\tasks\User_Feed_Synchronization-{2CA1C780-0297-462F-AB9A-78E77EED61BE}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
hpBHO Class - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"(default)"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2008-12-08 54576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Java\jre6\bin\jusched.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdatePRCShortCut]
C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\SysWow64\webcheck.dll [2011-06-29 203776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDesktopCleanupWizard"=1
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.siren"=sirenacm.dll
"msacm.l3codecp"=l3codecp.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.inf - open - %SystemRoot%\SysWow64\NOTEPAD.EXE %1
.inf - install - %SystemRoot%\SysWow64\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*
.vbs - open - %SystemRoot%\SysWow64\WScript.exe "%1" %*

======List of files/folders created in the last 3 months======

2012-02-28 17:35:10 ----SD---- C:\ComboFix
2012-02-28 17:31:08 ----SHD---- C:\$RECYCLE.BIN
2012-02-28 17:00:03 ----A---- C:\Windows\zip.exe
2012-02-28 17:00:03 ----A---- C:\Windows\SWSC.exe
2012-02-28 17:00:03 ----A---- C:\Windows\SWREG.exe
2012-02-28 17:00:03 ----A---- C:\Windows\sed.exe
2012-02-28 17:00:03 ----A---- C:\Windows\PEV.exe
2012-02-28 17:00:03 ----A---- C:\Windows\NIRCMD.exe
2012-02-28 17:00:03 ----A---- C:\Windows\MBR.exe
2012-02-28 17:00:03 ----A---- C:\Windows\grep.exe
2012-02-28 16:59:47 ----D---- C:\Windows\ERDNT
2012-02-28 16:54:40 ----D---- C:\Qoobox
2012-02-28 16:29:45 ----D---- C:\rsit
2012-02-28 16:29:45 ----D---- C:\Program Files (x86)\trend micro
2012-02-28 03:57:31 ----D---- C:\Symbols
2012-02-28 03:16:06 ----A---- C:\Windows\SysWOW64\webio.dll
2012-02-28 03:16:06 ----A---- C:\Windows\SysWOW64\sspicli.dll
2012-02-28 03:16:06 ----A---- C:\Windows\SysWOW64\secur32.dll
2012-02-28 03:16:06 ----A---- C:\Windows\SysWOW64\schannel.dll
2012-02-28 02:56:54 ----D---- C:\Windows\Options
2012-02-28 02:56:54 ----D---- C:\Program Files (x86)\Atheros
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\wgapi.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\wcapiU.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\wcapi.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\athcfg20U.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\athcfg20resU.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\athcfg20res.dll
2012-02-28 02:56:54 ----A---- C:\Windows\SysWOW64\athcfg20.dll
2012-02-28 02:52:09 ----D---- C:\Program Files (x86)\Common Files\DESIGNER
2012-02-26 21:07:05 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-26 20:05:22 ----D---- C:\ProgramData\Webroot
2012-02-24 09:43:58 ----D---- C:\Users\usert\AppData\Roaming\Malwarebytes
2012-02-24 09:43:25 ----D---- C:\ProgramData\Malwarebytes
2012-02-23 12:27:33 ----A---- C:\Windows\ntbtlog.txt
2012-02-23 08:12:46 ----D---- C:\found.000
2012-01-16 21:31:54 ----A---- C:\Windows\SysWOW64\quartz.dll
2012-01-16 21:31:53 ----A---- C:\Windows\SysWOW64\qdvd.dll
2012-01-16 21:31:47 ----A---- C:\Windows\SysWOW64\ntdll.dll
2012-01-16 21:31:38 ----A---- C:\Windows\SysWOW64\packager.dll
2011-12-25 15:18:54 ----A---- C:\Windows\SysWOW64\EncDec.dll
2011-12-25 15:18:34 ----A---- C:\Windows\SysWOW64\tzres.dll

======List of files/folders modified in the last 3 months======

2012-02-28 19:15:22 ----D---- C:\Windows\Prefetch
2012-02-28 19:15:20 ----D---- C:\Windows\Temp
2012-02-28 19:14:36 ----SHD---- C:\System Volume Information
2012-02-28 19:06:46 ----SHD---- C:\Windows\Installer
2012-02-28 19:06:46 ----D---- C:\Config.Msi
2012-02-28 18:43:05 ----D---- C:\Windows\Tasks
2012-02-28 17:46:05 ----A---- C:\ProgramData\hpqp.ini
2012-02-28 17:46:01 ----D---- C:\ProgramData
2012-02-28 17:46:01 ----A---- C:\ProgramData\HPWALog.txt
2012-02-28 17:21:19 ----D---- C:\Windows
2012-02-28 17:21:19 ----A---- C:\Windows\system.ini
2012-02-28 17:20:31 ----D---- C:\Program Files (x86)\Yahoo!
2012-02-28 17:20:30 ----D---- C:\Program Files (x86)\Google
2012-02-28 17:18:44 ----RD---- C:\Program Files (x86)
2012-02-28 17:18:43 ----D---- C:\Windows\SysWOW64
2012-02-28 17:07:45 ----D---- C:\Windows\SysWOW64\drivers
2012-02-28 17:07:45 ----D---- C:\Windows\System32
2012-02-28 17:07:45 ----D---- C:\Windows\AppPatch
2012-02-28 17:07:43 ----D---- C:\Program Files (x86)\Common Files
2012-02-28 16:57:42 ----D---- C:\Program Files (x86)\Webroot
2012-02-28 16:47:21 ----SD---- C:\ProgramData\Microsoft
2012-02-28 16:47:21 ----D---- C:\Program Files (x86)\Microsoft
2012-02-28 16:43:57 ----D---- C:\Program Files (x86)\Unity
2012-02-28 16:43:39 ----D---- C:\ProgramData\Yahoo!
2012-02-28 16:41:48 ----D---- C:\Program Files (x86)\RealArcade
2012-02-28 16:38:56 ----D---- C:\ProgramData\Google
2012-02-28 13:31:25 ----D---- C:\Windows\inf
2012-02-28 03:23:45 ----D---- C:\Windows\winsxs
2012-02-28 02:56:22 ----D---- C:\SwSetup
2012-02-28 02:54:08 ----D---- C:\Program Files (x86)\Common Files\microsoft shared
2012-02-28 02:53:50 ----D---- C:\ProgramData\Microsoft Help
2012-02-28 02:53:43 ----RSD---- C:\Windows\assembly
2012-02-28 02:50:45 ----A---- C:\Windows\win.ini
2012-02-27 10:37:57 ----D---- C:\Windows\debug
2012-02-27 02:42:41 ----SD---- C:\Users\usert\AppData\Roaming\Microsoft
2012-02-26 17:09:40 ----RD---- C:\Program Files
2012-02-26 17:08:59 ----RD---- C:\Users
2012-02-23 16:15:14 ----D---- C:\ProgramData\Recovery
2012-02-23 15:59:44 ----D---- C:\Windows\AppCompat
2012-02-23 15:59:38 ----D---- C:\Windows\ehome
2012-02-23 13:24:50 ----D---- C:\Windows\Minidump
2012-02-23 07:35:01 ----D---- C:\boot
2012-02-23 07:35:01 ----D---- C:\915ab942e4add4711c04
2012-02-23 07:34:51 ----D---- C:\Netgear
2012-02-23 07:34:50 ----D---- C:\Program Files (x86) (x86)
2012-02-23 07:34:43 ----D---- C:\Program Files (x86)\Common Files\Adobe
2012-02-23 07:34:42 ----D---- C:\Program Files (x86)\Common Files\LightScribe
2012-02-23 07:34:42 ----D---- C:\Program Files (x86)\Common Files\Homepage Protection
2012-02-23 07:34:40 ----D---- C:\Program Files (x86)\Common Files\MSSoap
2012-02-23 07:34:38 ----D---- C:\Program Files (x86)\Common Files\System
2012-02-23 07:34:36 ----D---- C:\Program Files (x86)\CyberLink
2012-02-23 07:33:47 ----D---- C:\Program Files (x86)\Hewlett-Packard
2012-02-23 07:33:45 ----D---- C:\Program Files (x86)\HP Games
2012-02-23 07:33:42 ----D---- C:\Program Files (x86)\HP
2012-02-23 07:33:31 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-02-23 07:33:30 ----D---- C:\Program Files (x86)\JunoPreloader
2012-02-23 07:33:29 ----D---- C:\Program Files (x86)\Microsoft Office Suite Activation Assistant
2012-02-23 07:33:29 ----D---- C:\Program Files (x86)\Lexmark 2600 Series
2012-02-23 07:33:25 ----D---- C:\Program Files (x86)\Microsoft Office
2012-02-23 07:33:23 ----D---- C:\Program Files (x86)\Microsoft Works
2012-02-23 07:33:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio 8
2012-02-23 07:33:23 ----D---- C:\Program Files (x86)\Microsoft Visual Studio
2012-02-23 07:33:23 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-23 07:33:22 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-02-23 07:33:09 ----D---- C:\Program Files (x86)\MSSOAP
2012-02-23 07:33:09 ----D---- C:\Program Files (x86)\MSN
2012-02-23 07:33:09 ----D---- C:\Program Files (x86)\MSBuild
2012-02-23 07:33:08 ----RD---- C:\Program Files (x86)\Online Services
2012-02-23 07:33:08 ----D---- C:\Program Files (x86)\Oberon Media
2012-02-23 07:33:08 ----D---- C:\Program Files (x86)\NetZeroPreloader
2012-02-23 07:33:06 ----D---- C:\Program Files (x86)\Windows Live SkyDrive
2012-02-23 07:33:06 ----D---- C:\Program Files (x86)\Windows Live
2012-02-23 07:33:05 ----D---- C:\Program Files (x86)\Windows Sidebar
2012-02-23 07:33:05 ----D---- C:\Program Files (x86)\Windows Media Player
2012-02-23 07:32:52 ----D---- C:\ProgramData\Hewlett-Packard
2012-02-23 07:32:52 ----D---- C:\ProgramData\FLEXnet
2012-02-23 07:32:52 ----D---- C:\ProgramData\Ezprint
2012-02-23 07:32:52 ----D---- C:\ProgramData\EPSON
2012-02-23 07:32:52 ----D---- C:\ProgramData\CyberLink
2012-02-23 07:32:49 ----D---- C:\ProgramData\WildTangent
2012-02-23 07:32:49 ----D---- C:\ProgramData\Oberon Media
2012-02-23 07:32:49 ----AD---- C:\ProgramData\Temp
2012-02-23 07:32:37 ----D---- C:\SYSTEM.SAV
2012-02-23 07:30:10 ----D---- C:\Users\usert\AppData\Roaming\GetRightToGo
2012-02-23 07:29:57 ----D---- C:\Windows\CheckSur
2012-02-23 07:29:56 ----RSD---- C:\Windows\Fonts
2012-02-23 07:29:56 ----D---- C:\Windows\Downloaded Program Files
2012-02-23 07:29:56 ----D---- C:\Windows\Downloaded Installations
2012-02-23 07:29:55 ----D---- C:\Windows\Help
2012-02-23 07:29:27 ----D---- C:\Windows\LMI7737.tmp
2012-02-23 07:29:19 ----D---- C:\Windows\security
2012-02-23 07:29:19 ----D---- C:\Windows\Resources
2012-02-23 07:29:19 ----D---- C:\Windows\rescache
2012-02-23 07:29:17 ----D---- C:\Windows\SHELLNEW
2012-02-23 07:29:17 ----D---- C:\Windows\Setup
2012-02-23 07:29:04 ----D---- C:\Windows\SysWOW64\Adobe
2012-02-23 07:25:47 ----D---- C:\Windows\SysWOW64\Lang
2012-02-23 07:25:47 ----D---- C:\Windows\SysWOW64\en-US
2012-02-23 07:25:46 ----D---- C:\Windows\SysWOW64\Macromed
2012-02-23 07:25:45 ----D---- C:\Windows\TAPI
2012-02-23 07:25:45 ----D---- C:\Windows\SysWOW64\x64
2012-02-23 07:25:45 ----D---- C:\Windows\SysWOW64\wbem
2012-02-23 07:25:45 ----D---- C:\Windows\SysWOW64\Recovery
2012-02-23 07:25:43 ----D---- C:\Windows\twain_32
2012-02-23 05:27:54 ----D---- C:\Windows\Microsoft.NET
2012-01-15 13:19:09 ----D---- C:\Users\usert\AppData\Roaming\HpUpdate
2012-01-15 13:19:09 ----D---- C:\Users\usert\AppData\Roaming\HP Support Assistant

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 ssfs0bbc;ssfs0bbc; C:\Windows\system32\DRIVERS\ssfs0bbc.sys []
R0 ssidrv;Ssidrv; C:\Windows\system32\DRIVERS\ssidrv.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys []
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\XAudio64.sys []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys []
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT64.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys []
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys []
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys []
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys []
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver; \??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUStor.sys []
S3 RtsUIR;Realtek IR Driver; C:\Windows\system32\DRIVERS\Rts516xIR.sys []
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS []
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS []
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 USBCCID;Realtek Smartcard Reader Driver; C:\Windows\system32\DRIVERS\RtsUCcid.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2009-07-09 124928]
R2 HsfXAudioService;HsfXAudioService; C:\Windows\system32\svchost.exe [2009-07-13 20992]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-01-21 247152]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe []
S2 WebClient32;WebClient ; c:\windows\system32\wpc32.exe []
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine; C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe []
S3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe []
S3 GameConsoleService;GameConsoleService; C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe [2009-05-22 250616]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-02-12 135664]
S3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe []
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE []
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------



Any and all help will be GREATLY appreciated.

EDIT: Topics merged ~Budapest

Edited by Budapest, 29 February 2012 - 04:28 PM.
Moved from Win7


BC AdBot (Login to Remove)

 


#2 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 28 February 2012 - 08:27 PM

So I've been looking at this laptop off and on for a few days and really thought I was getting somewhere. Finally got everything removed I could find, got the firewall back up and running, and now after all that no browser will load webpages. All iExplorer really says it that it cannont display and I can try diagnosing (like that ever works). Of course I have tried it to be safe. I have redone the host file, flushed dns, reset winsock, reset ip logs... Ran both the Norton and Webroot removal tools to get the remnants I found earlier, and still zilch. I can ping it from my laptop on the same network, can ping from it to webpages by both name and ip, but no matter what I do in the browser nothing loads. I have tried to reset iExplorer, but a red x appears besides restore defaults every time. I have checked the adapter settings, DHCP is enabled, I have tried with Automatically detect settings both checked and unchecked... HELP??? Here are the logs requested minus the GMER as it found nothing??


DDS.TXT


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by usert at 19:47:08 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1827 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
-netsvcs
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: hpBHO Class: {abd3b5e1-b268-407b-a150-2641dab8d898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
mRun: [(default)]
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
dPolicies-explorer: HideSCAHealth = 1 (0x1)
dPolicies-system: WallpaperStyle = 2
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {DC75FEF6-165D-4D25-A518-C8C4BDA7BAA6} - hxxp://aolsvc.aol.com/onlinegames/dinerdash/DinerDash.1.0.0.93.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9D28AE80-EC7E-446A-A759-6D7475016EA8} : DhcpNameServer = 75.75.75.75 75.75.76.76
TCP: Interfaces\{F08ECF78-73D3-4939-A9D0-7171413EF655} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: hpBHO Class: {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
BHO-X64: HelloWorldBHO - No File
BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO-X64: SmartSelect - No File
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [(default)]
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
============= SERVICES / DRIVERS ===============
.
R0 ssfs0bbc;ssfs0bbc;C:\Windows\system32\DRIVERS\ssfs0bbc.sys --> C:\Windows\system32\DRIVERS\ssfs0bbc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S2 WebClient32;WebClient ;c:\windows\system32\wpc32.exe --> c:\windows\system32\wpc32.exe [?]
S2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;"C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe" --> C:\Program Files (x86)\Webroot\WebrootSecurity\SpySweeper.exe [?]
S3 BVRPMPR5a64;BVRPMPR5a64 NDIS Protocol Driver;\??\C:\Windows\system32\drivers\BVRPMPR5a64.SYS --> C:\Windows\system32\drivers\BVRPMPR5a64.SYS [?]
S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-8-17 228408]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-12 135664]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe" --> C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
.
=============== File Associations ===============
.
inffile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1
VBEFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
VBSFile=%SystemRoot%\SysWow64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-02-28 22:59:10 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4A8E2F24-6EFC-4AB8-B61B-A136EEF980D6}\offreg.dll
2012-02-28 22:35:10 -------- d-s---w- C:\ComboFix
2012-02-28 22:31:08 -------- d-sh--w- C:\$RECYCLE.BIN
2012-02-28 22:00:03 98816 ----a-w- C:\Windows\sed.exe
2012-02-28 22:00:03 518144 ----a-w- C:\Windows\SWREG.exe
2012-02-28 22:00:03 256000 ----a-w- C:\Windows\PEV.exe
2012-02-28 22:00:03 208896 ----a-w- C:\Windows\MBR.exe
2012-02-28 21:29:45 -------- d-----w- C:\Program Files (x86)\trend micro
2012-02-28 08:57:31 -------- d-----w- C:\Symbols
2012-02-28 07:56:54 60416 ----a-w- C:\Windows\System32\athihvui.dll
2012-02-27 02:07:05 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-02-27 02:07:05 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-02-27 01:05:22 -------- d-----w- C:\ProgramData\Webroot
2012-02-24 14:43:58 -------- d-----w- C:\Users\usert\AppData\Roaming\Malwarebytes
2012-02-24 14:43:25 -------- d-----w- C:\ProgramData\Malwarebytes
2012-02-23 13:12:46 -------- d-----w- C:\found.000
.
==================== Find3M ====================
.
.
============= FINISH: 19:47:56.23 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 02:18 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.
  • Do not run any other tool untill instructed to do so!


Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 01:32 PM

ComboFix ran with no issues, but my problem remains the same. While connected to wireless I'm unable to browse besides the initial Google page, able to ping out and in, and if I connect to a wired connection it lets me browse just fine. Any information you need I'm glad to give.





ComboFix 12-02-27.02 - usert 03/03/2012 13:11:43.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3003.2170 [GMT -5:00]
Running from: G:\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
.
.
2012-03-03 18:12 . 2012-03-03 18:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-03 17:32 . 2012-03-03 17:44 -------- d-----w- c:\users\Big South
2012-03-03 12:44 . 2006-11-29 21:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2012-03-03 12:44 . 2006-11-29 21:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2012-03-03 12:44 . 2012-03-03 12:44 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-03-03 12:43 . 2008-06-18 00:13 74520 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48cac5691ccf93b\DSETUP.dll
2012-03-03 12:43 . 2008-06-18 00:13 484632 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48cac5691ccf93b\DXSETUP.exe
2012-03-03 12:43 . 2008-06-18 00:13 1670936 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\48cac5691ccf93b\dsetup32.dll
2012-03-03 12:43 . 2012-03-03 12:43 140066664 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\wlcC0EE.tmp
2012-03-03 12:42 . 2012-03-03 12:42 -------- d-----w- c:\program files (x86)\muvee Technologies
2012-03-03 12:42 . 2012-03-03 12:42 -------- d-----w- c:\program files (x86)\Common Files\muvee Technologies
2012-03-03 12:38 . 2009-06-24 06:34 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2012-03-03 12:38 . 2009-06-24 06:34 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2012-03-03 12:38 . 2009-06-24 06:34 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-03-03 12:38 . 2009-06-24 06:34 499712 ------w- c:\windows\SysWow64\msvcp71.dll
2012-03-03 12:38 . 2009-06-24 06:34 348160 ------w- c:\windows\SysWow64\msvcr71.dll
2012-03-03 12:38 . 2009-06-24 06:34 1060864 ------w- c:\windows\SysWow64\MFC71.dll
2012-03-03 12:38 . 2009-06-24 06:34 1047552 ------w- c:\windows\SysWow64\MFC71u.dll
2012-03-03 12:38 . 2009-06-24 06:34 89088 ------w- c:\windows\SysWow64\atl71.dll
2012-03-03 12:33 . 2001-09-05 12:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-03-03 12:33 . 2001-09-05 12:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2012-03-03 12:33 . 2001-09-05 12:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-03-03 12:33 . 2001-09-05 12:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-03-03 12:33 . 2007-03-14 04:54 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2012-03-03 12:32 . 2012-03-03 12:32 -------- d-----w- c:\program files (x86)\Common Files\LightScribe
2012-03-03 12:11 . 2012-03-03 12:11 -------- d-----w- c:\programdata\Recovery
2012-03-03 12:09 . 2012-03-03 12:09 -------- d-----w- c:\windows\SysWow64\x64
2012-03-03 12:09 . 2012-03-03 12:09 -------- d-----w- c:\windows\SysWow64\Lang
2012-03-03 12:09 . 2009-06-09 23:06 997912 ----a-w- c:\windows\SysWow64\igxpun.exe
2012-03-03 12:09 . 2012-03-03 12:09 -------- d-----w- C:\Intel
2012-03-03 12:09 . 2012-03-03 12:11 -------- d-----w- c:\program files\CONEXANT
2012-03-03 12:08 . 2009-05-23 06:52 215040 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-03-03 12:08 . 2009-03-05 22:54 67584 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-03-03 12:08 . 2012-03-03 12:08 -------- d-----w- c:\program files\Synaptics
2012-03-03 12:08 . 2012-03-03 12:08 -------- d-----w- c:\program files (x86)\Intel
2012-03-03 12:08 . 2009-07-09 00:34 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-03-03 12:07 . 2012-03-03 12:07 -------- d-----w- c:\program files (x86)\Atheros
2012-03-03 12:07 . 2010-09-27 01:15 2374656 ----a-w- c:\windows\system32\drivers\athrx.sys
2012-03-03 12:07 . 2012-03-03 12:07 -------- d-----w- c:\programdata\Atheros
2012-03-03 12:00 . 2012-03-03 14:24 -------- d-----w- c:\users\usert
2012-03-03 11:08 . 2012-03-03 11:08 2868736 ----a-w- c:\windows\explorer.exe
2012-03-03 11:08 . 2012-03-03 11:08 2613248 ----a-w- c:\windows\SysWow64\explorer.exe
2012-03-03 11:06 . 2012-03-03 11:06 -------- d-----w- c:\windows\ehome
2012-03-03 11:06 . 2012-03-03 11:06 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2012-03-03 11:06 . 2012-03-03 11:06 -------- d-----r- c:\users\Public\Recorded TV
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{ABD3B5E1-B268-407B-A150-2641DAB8D898}]
2009-06-08 21:41 120104 ----a-w- c:\program files (x86)\Common Files\Homepage Protection\HomepageProtection.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-16 1668664]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2009-06-24 468264]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-18 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-24 320056]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-13 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2009-08-17 148888]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 20:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-09 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-09 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-09 365080]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2009-07-14 495104]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
.
**************************************************************************
.
Completion time: 2012-03-03 13:16:17 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-03 18:16
.
Pre-Run: 279,859,564,544 bytes free
Post-Run: 279,433,691,136 bytes free
.
- - End Of File - - 316836C158D85FA35FA59F02C55A9669

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 01:36 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 01:48 PM

aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-03 13:44:11
-----------------------------
13:44:11.291 OS Version: Windows x64 6.1.7600
13:44:11.291 Number of processors: 2 586 0x170A
13:44:11.291 ComputerName: USERT-PC UserName: usert
13:44:12.414 Initialize success
13:44:15.001 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:44:15.001 Disk 0 Vendor: WDC_WD3200BEVT-60ZCT1 13.01A13 Size: 305245MB BusType: 11
13:44:15.063 Disk 0 MBR read successfully
13:44:15.063 Disk 0 MBR scan
13:44:15.063 Disk 0 unknown MBR code
13:44:15.079 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 199 MB offset 2048
13:44:15.079 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 292848 MB offset 409600
13:44:15.110 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 12196 MB offset 600162304
13:44:15.157 Disk 0 scanning C:\Windows\system32\drivers
13:44:18.511 Service scanning
13:44:28.557 Modules scanning
13:44:28.557 Disk 0 trace - called modules:
13:44:28.619 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:44:28.635 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003159060]
13:44:28.635 3 CLASSPNP.SYS[fffff880010b043f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8002e43680]
13:44:28.651 Scan finished successfully
13:45:06.461 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
13:45:06.477 The log file has been saved successfully to "G:\aswMBR.txt"








13:38:27.0519 3960 TDSS rootkit removing tool 2.7.18.0 Mar 2 2012 09:40:07
13:38:29.0531 3960 ============================================================
13:38:29.0531 3960 Current date / time: 2012/03/03 13:38:29.0531
13:38:29.0531 3960 SystemInfo:
13:38:29.0531 3960
13:38:29.0531 3960 OS Version: 6.1.7600 ServicePack: 0.0
13:38:29.0531 3960 Product type: Workstation
13:38:29.0531 3960 ComputerName: USERT-PC
13:38:29.0531 3960 UserName: usert
13:38:29.0531 3960 Windows directory: C:\Windows
13:38:29.0531 3960 System windows directory: C:\Windows
13:38:29.0531 3960 Running under WOW64
13:38:29.0531 3960 Processor architecture: Intel x64
13:38:29.0531 3960 Number of processors: 2
13:38:29.0531 3960 Page size: 0x1000
13:38:29.0531 3960 Boot type: Normal boot
13:38:29.0531 3960 ============================================================
13:38:30.0467 3960 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x1E4843, SectorsPerTrack: 0x3F, TracksPerCylinder: 0x5, Type 'K0', Flags 0x00000040
13:38:30.0467 3960 Drive \Device\Harddisk1\DR2 - Size: 0xEEB00000 (3.73 Gb), SectorSize: 0x200, Cylinders: 0x1E6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:38:30.0467 3960 \Device\Harddisk0\DR0:
13:38:30.0483 3960 MBR used
13:38:30.0483 3960 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
13:38:30.0483 3960 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x23BF8000
13:38:30.0483 3960 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23C5C000, BlocksNum 0x17D2000
13:38:30.0483 3960 \Device\Harddisk1\DR2:
13:38:30.0483 3960 MBR used
13:38:30.0483 3960 \Device\Harddisk1\DR2\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0x7757E0
13:38:30.0592 3960 Initialize success
13:38:30.0592 3960 ============================================================
13:38:39.0562 2664 ============================================================
13:38:39.0562 2664 Scan started
13:38:39.0562 2664 Mode: Manual;
13:38:39.0562 2664 ============================================================
13:38:40.0202 2664 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
13:38:40.0202 2664 1394ohci - ok
13:38:40.0248 2664 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
13:38:40.0264 2664 ACPI - ok
13:38:40.0280 2664 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
13:38:40.0295 2664 AcpiPmi - ok
13:38:40.0342 2664 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
13:38:40.0342 2664 adp94xx - ok
13:38:40.0373 2664 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
13:38:40.0389 2664 adpahci - ok
13:38:40.0404 2664 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
13:38:40.0404 2664 adpu320 - ok
13:38:40.0467 2664 AFD (b9384e03479d2506bc924c16a3db87bc) C:\Windows\system32\drivers\afd.sys
13:38:40.0482 2664 AFD - ok
13:38:40.0498 2664 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
13:38:40.0498 2664 agp440 - ok
13:38:40.0529 2664 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
13:38:40.0529 2664 aliide - ok
13:38:40.0545 2664 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
13:38:40.0545 2664 amdide - ok
13:38:40.0576 2664 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
13:38:40.0592 2664 AmdK8 - ok
13:38:40.0592 2664 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
13:38:40.0592 2664 AmdPPM - ok
13:38:40.0623 2664 amdsata (7a4b413614c055935567cf88a9734d38) C:\Windows\system32\DRIVERS\amdsata.sys
13:38:40.0623 2664 amdsata - ok
13:38:40.0654 2664 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
13:38:40.0654 2664 amdsbs - ok
13:38:40.0670 2664 amdxata (b4ad0cacbab298671dd6f6ef7e20679d) C:\Windows\system32\DRIVERS\amdxata.sys
13:38:40.0670 2664 amdxata - ok
13:38:40.0701 2664 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
13:38:40.0701 2664 AppID - ok
13:38:40.0763 2664 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
13:38:40.0763 2664 arc - ok
13:38:40.0779 2664 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
13:38:40.0779 2664 arcsas - ok
13:38:40.0794 2664 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:38:40.0794 2664 AsyncMac - ok
13:38:40.0810 2664 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
13:38:40.0810 2664 atapi - ok
13:38:40.0919 2664 athr (96abf88241f90ff647e55c934c55c2f1) C:\Windows\system32\DRIVERS\athrx.sys
13:38:40.0982 2664 athr - ok
13:38:41.0060 2664 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
13:38:41.0060 2664 b06bdrv - ok
13:38:41.0106 2664 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:38:41.0106 2664 b57nd60a - ok
13:38:41.0138 2664 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:38:41.0138 2664 Beep - ok
13:38:41.0200 2664 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:38:41.0200 2664 blbdrive - ok
13:38:41.0231 2664 bowser (91ce0d3dc57dd377e690a2d324022b08) C:\Windows\system32\DRIVERS\bowser.sys
13:38:41.0231 2664 bowser - ok
13:38:41.0247 2664 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
13:38:41.0262 2664 BrFiltLo - ok
13:38:41.0262 2664 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
13:38:41.0262 2664 BrFiltUp - ok
13:38:41.0309 2664 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:38:41.0309 2664 BridgeMP - ok
13:38:41.0340 2664 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:38:41.0356 2664 Brserid - ok
13:38:41.0356 2664 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:38:41.0372 2664 BrSerWdm - ok
13:38:41.0372 2664 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:38:41.0372 2664 BrUsbMdm - ok
13:38:41.0387 2664 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:38:41.0387 2664 BrUsbSer - ok
13:38:41.0418 2664 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
13:38:41.0418 2664 BTHMODEM - ok
13:38:41.0465 2664 CAXHWAZL (d1787e11c6a0078ddeaf8cf3ee2ab293) C:\Windows\system32\DRIVERS\CAXHWAZL.sys
13:38:41.0481 2664 CAXHWAZL - ok
13:38:41.0512 2664 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:38:41.0512 2664 cdfs - ok
13:38:41.0543 2664 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
13:38:41.0559 2664 cdrom - ok
13:38:41.0574 2664 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
13:38:41.0574 2664 circlass - ok
13:38:41.0621 2664 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:38:41.0637 2664 CLFS - ok
13:38:41.0652 2664 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:38:41.0652 2664 CmBatt - ok
13:38:41.0668 2664 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
13:38:41.0668 2664 cmdide - ok
13:38:41.0699 2664 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
13:38:41.0699 2664 CNG - ok
13:38:41.0777 2664 CnxtHdAudService (3cb10294f7a59fd22501f4bad915f250) C:\Windows\system32\drivers\CHDRT64.sys
13:38:41.0793 2664 CnxtHdAudService - ok
13:38:41.0840 2664 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:38:41.0840 2664 Compbatt - ok
13:38:41.0871 2664 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:38:41.0871 2664 CompositeBus - ok
13:38:41.0902 2664 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
13:38:41.0902 2664 crcdisk - ok
13:38:41.0964 2664 DfsC (3f1dc527070acb87e40afe46ef6da749) C:\Windows\system32\Drivers\dfsc.sys
13:38:41.0964 2664 DfsC - ok
13:38:41.0996 2664 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:38:41.0996 2664 discache - ok
13:38:42.0011 2664 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
13:38:42.0027 2664 Disk - ok
13:38:42.0074 2664 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:38:42.0074 2664 drmkaud - ok
13:38:42.0105 2664 DXGKrnl (7cb7d2b73813ce05c7bc0f5f95d27cec) C:\Windows\System32\drivers\dxgkrnl.sys
13:38:42.0136 2664 DXGKrnl - ok
13:38:42.0245 2664 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
13:38:42.0339 2664 ebdrv - ok
13:38:42.0479 2664 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
13:38:42.0495 2664 elxstor - ok
13:38:42.0510 2664 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
13:38:42.0510 2664 ErrDev - ok
13:38:42.0542 2664 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:38:42.0557 2664 exfat - ok
13:38:42.0573 2664 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:38:42.0573 2664 fastfat - ok
13:38:42.0588 2664 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
13:38:42.0588 2664 fdc - ok
13:38:42.0620 2664 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:38:42.0620 2664 FileInfo - ok
13:38:42.0651 2664 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:38:42.0651 2664 Filetrace - ok
13:38:42.0666 2664 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
13:38:42.0666 2664 flpydisk - ok
13:38:42.0698 2664 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
13:38:42.0698 2664 FltMgr - ok
13:38:42.0729 2664 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:38:42.0744 2664 FsDepends - ok
13:38:42.0760 2664 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
13:38:42.0760 2664 Fs_Rec - ok
13:38:42.0807 2664 fvevol (b8b2a6e1558f8f5de5ce431c5b2c7b09) C:\Windows\system32\DRIVERS\fvevol.sys
13:38:42.0807 2664 fvevol - ok
13:38:42.0822 2664 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
13:38:42.0838 2664 gagp30kx - ok
13:38:42.0869 2664 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:38:42.0869 2664 hcw85cir - ok
13:38:42.0900 2664 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
13:38:42.0916 2664 HdAudAddService - ok
13:38:42.0947 2664 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:38:42.0947 2664 HDAudBus - ok
13:38:42.0947 2664 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
13:38:42.0963 2664 HidBatt - ok
13:38:42.0978 2664 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
13:38:42.0978 2664 HidBth - ok
13:38:42.0994 2664 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
13:38:42.0994 2664 HidIr - ok
13:38:43.0025 2664 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
13:38:43.0025 2664 HidUsb - ok
13:38:43.0103 2664 HpqKbFiltr (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:38:43.0103 2664 HpqKbFiltr - ok
13:38:43.0134 2664 HpSAMD (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
13:38:43.0134 2664 HpSAMD - ok
13:38:43.0212 2664 HSF_DPV (26c5d00321937e49b6bc91029947d094) C:\Windows\system32\DRIVERS\CAX_DPV.sys
13:38:43.0259 2664 HSF_DPV - ok
13:38:43.0337 2664 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
13:38:43.0353 2664 HTTP - ok
13:38:43.0384 2664 hwpolicy (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
13:38:43.0384 2664 hwpolicy - ok
13:38:43.0415 2664 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:38:43.0415 2664 i8042prt - ok
13:38:43.0446 2664 iaStorV (d83efb6fd45df9d55e9a1afc63640d50) C:\Windows\system32\DRIVERS\iaStorV.sys
13:38:43.0462 2664 iaStorV - ok
13:38:43.0680 2664 igfx (babd5f9b2bcc82ce556a0baf1ae208a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:38:43.0868 2664 igfx - ok
13:38:43.0883 2664 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
13:38:43.0883 2664 iirsp - ok
13:38:43.0930 2664 IntcHdmiAddService (d485d3bd3e2179aa86853a182f70699f) C:\Windows\system32\drivers\IntcHdmi.sys
13:38:43.0930 2664 IntcHdmiAddService - ok
13:38:43.0946 2664 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
13:38:43.0946 2664 intelide - ok
13:38:43.0977 2664 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:38:43.0977 2664 intelppm - ok
13:38:44.0008 2664 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:38:44.0008 2664 IpFilterDriver - ok
13:38:44.0024 2664 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
13:38:44.0024 2664 IPMIDRV - ok
13:38:44.0039 2664 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:38:44.0055 2664 IPNAT - ok
13:38:44.0086 2664 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:38:44.0086 2664 IRENUM - ok
13:38:44.0102 2664 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
13:38:44.0102 2664 isapnp - ok
13:38:44.0133 2664 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
13:38:44.0133 2664 iScsiPrt - ok
13:38:44.0164 2664 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:38:44.0164 2664 kbdclass - ok
13:38:44.0195 2664 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
13:38:44.0195 2664 kbdhid - ok
13:38:44.0226 2664 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
13:38:44.0226 2664 KSecDD - ok
13:38:44.0242 2664 KSecPkg (bbe1bf6d9b661c354d4857d5fadb943b) C:\Windows\system32\Drivers\ksecpkg.sys
13:38:44.0242 2664 KSecPkg - ok
13:38:44.0273 2664 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:38:44.0273 2664 ksthunk - ok
13:38:44.0336 2664 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:38:44.0336 2664 lltdio - ok
13:38:44.0382 2664 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
13:38:44.0382 2664 LSI_FC - ok
13:38:44.0398 2664 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
13:38:44.0398 2664 LSI_SAS - ok
13:38:44.0414 2664 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
13:38:44.0414 2664 LSI_SAS2 - ok
13:38:44.0445 2664 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
13:38:44.0445 2664 LSI_SCSI - ok
13:38:44.0460 2664 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:38:44.0460 2664 luafv - ok
13:38:44.0507 2664 mdmxsdk (e4f44ec214b3e381e1fc844a02926666) C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:38:44.0507 2664 mdmxsdk - ok
13:38:44.0507 2664 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
13:38:44.0523 2664 megasas - ok
13:38:44.0538 2664 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
13:38:44.0538 2664 MegaSR - ok
13:38:44.0570 2664 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:38:44.0570 2664 Modem - ok
13:38:44.0601 2664 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:38:44.0601 2664 monitor - ok
13:38:44.0632 2664 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:38:44.0632 2664 mouclass - ok
13:38:44.0648 2664 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:38:44.0648 2664 mouhid - ok
13:38:44.0679 2664 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
13:38:44.0679 2664 mountmgr - ok
13:38:44.0694 2664 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
13:38:44.0694 2664 mpio - ok
13:38:44.0726 2664 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:38:44.0726 2664 mpsdrv - ok
13:38:44.0741 2664 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
13:38:44.0741 2664 MRxDAV - ok
13:38:44.0757 2664 mrxsmb (cfdcd8ca87c2a657debc150ac35b5e08) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:38:44.0757 2664 mrxsmb - ok
13:38:44.0788 2664 mrxsmb10 (1bee517b220b7f024f411aec1571dd5a) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:38:44.0804 2664 mrxsmb10 - ok
13:38:44.0804 2664 mrxsmb20 (6b2d5fef385828b6e485c1c90afb8195) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:38:44.0819 2664 mrxsmb20 - ok
13:38:44.0819 2664 msahci (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
13:38:44.0819 2664 msahci - ok
13:38:44.0850 2664 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
13:38:44.0850 2664 msdsm - ok
13:38:44.0882 2664 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:38:44.0882 2664 Msfs - ok
13:38:44.0913 2664 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:38:44.0913 2664 mshidkmdf - ok
13:38:44.0913 2664 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
13:38:44.0928 2664 msisadrv - ok
13:38:44.0960 2664 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:38:44.0975 2664 MSKSSRV - ok
13:38:44.0991 2664 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:38:44.0991 2664 MSPCLOCK - ok
13:38:45.0022 2664 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:38:45.0022 2664 MSPQM - ok
13:38:45.0038 2664 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
13:38:45.0053 2664 MsRPC - ok
13:38:45.0069 2664 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:38:45.0069 2664 mssmbios - ok
13:38:45.0100 2664 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:38:45.0100 2664 MSTEE - ok
13:38:45.0116 2664 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
13:38:45.0116 2664 MTConfig - ok
13:38:45.0131 2664 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:38:45.0131 2664 Mup - ok
13:38:45.0178 2664 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:38:45.0194 2664 NativeWifiP - ok
13:38:45.0256 2664 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
13:38:45.0272 2664 NDIS - ok
13:38:45.0287 2664 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:38:45.0303 2664 NdisCap - ok
13:38:45.0318 2664 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:38:45.0318 2664 NdisTapi - ok
13:38:45.0350 2664 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
13:38:45.0350 2664 Ndisuio - ok
13:38:45.0381 2664 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:38:45.0381 2664 NdisWan - ok
13:38:45.0396 2664 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
13:38:45.0396 2664 NDProxy - ok
13:38:45.0428 2664 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:38:45.0428 2664 NetBIOS - ok
13:38:45.0443 2664 NetBT (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
13:38:45.0459 2664 NetBT - ok
13:38:45.0662 2664 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
13:38:45.0786 2664 netw5v64 - ok
13:38:45.0802 2664 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
13:38:45.0802 2664 nfrd960 - ok
13:38:45.0818 2664 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:38:45.0818 2664 Npfs - ok
13:38:45.0833 2664 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:38:45.0833 2664 nsiproxy - ok
13:38:45.0896 2664 Ntfs (356698a13c4630d5b31c37378d469196) C:\Windows\system32\drivers\Ntfs.sys
13:38:45.0911 2664 Ntfs - ok
13:38:45.0942 2664 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:38:45.0942 2664 Null - ok
13:38:45.0958 2664 nvraid (3e38712941e9bb4ddbee00affe3fed3d) C:\Windows\system32\DRIVERS\nvraid.sys
13:38:45.0958 2664 nvraid - ok
13:38:45.0974 2664 nvstor (477dc4d6deb99be37084c9ac6d013da1) C:\Windows\system32\DRIVERS\nvstor.sys
13:38:45.0974 2664 nvstor - ok
13:38:45.0989 2664 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
13:38:46.0005 2664 nv_agp - ok
13:38:46.0005 2664 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
13:38:46.0005 2664 ohci1394 - ok
13:38:46.0036 2664 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
13:38:46.0052 2664 Parport - ok
13:38:46.0052 2664 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
13:38:46.0052 2664 partmgr - ok
13:38:46.0083 2664 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
13:38:46.0083 2664 pci - ok
13:38:46.0083 2664 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
13:38:46.0083 2664 pciide - ok
13:38:46.0114 2664 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
13:38:46.0114 2664 pcmcia - ok
13:38:46.0130 2664 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:38:46.0130 2664 pcw - ok
13:38:46.0145 2664 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:38:46.0161 2664 PEAUTH - ok
13:38:46.0223 2664 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
13:38:46.0223 2664 PptpMiniport - ok
13:38:46.0254 2664 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
13:38:46.0254 2664 Processor - ok
13:38:46.0301 2664 Psched (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
13:38:46.0301 2664 Psched - ok
13:38:46.0348 2664 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
13:38:46.0395 2664 ql2300 - ok
13:38:46.0410 2664 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
13:38:46.0410 2664 ql40xx - ok
13:38:46.0442 2664 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:38:46.0442 2664 QWAVEdrv - ok
13:38:46.0457 2664 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:38:46.0457 2664 RasAcd - ok
13:38:46.0504 2664 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:38:46.0504 2664 RasAgileVpn - ok
13:38:46.0520 2664 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:38:46.0520 2664 Rasl2tp - ok
13:38:46.0551 2664 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:38:46.0551 2664 RasPppoe - ok
13:38:46.0566 2664 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:38:46.0566 2664 RasSstp - ok
13:38:46.0582 2664 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
13:38:46.0598 2664 rdbss - ok
13:38:46.0613 2664 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:38:46.0613 2664 rdpbus - ok
13:38:46.0629 2664 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:38:46.0629 2664 RDPCDD - ok
13:38:46.0676 2664 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:38:46.0676 2664 RDPENCDD - ok
13:38:46.0691 2664 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:38:46.0691 2664 RDPREFMP - ok
13:38:46.0707 2664 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
13:38:46.0707 2664 RDPWD - ok
13:38:46.0738 2664 rdyboost (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
13:38:46.0738 2664 rdyboost - ok
13:38:46.0800 2664 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:38:46.0800 2664 rspndr - ok
13:38:46.0847 2664 RSUSBSTOR (2db8116d52b19216812c4e6d5d837810) C:\Windows\System32\Drivers\RtsUStor.sys
13:38:46.0863 2664 RSUSBSTOR - ok
13:38:46.0910 2664 RTL8167 (b49dc435ae3695bac5623dd94b05732d) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:38:46.0925 2664 RTL8167 - ok
13:38:46.0956 2664 RtsUIR - ok
13:38:46.0988 2664 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
13:38:46.0988 2664 sbp2port - ok
13:38:47.0019 2664 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
13:38:47.0019 2664 scfilter - ok
13:38:47.0050 2664 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\Windows\system32\DRIVERS\sdbus.sys
13:38:47.0066 2664 sdbus - ok
13:38:47.0081 2664 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:38:47.0081 2664 secdrv - ok
13:38:47.0112 2664 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
13:38:47.0128 2664 Serenum - ok
13:38:47.0128 2664 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
13:38:47.0144 2664 Serial - ok
13:38:47.0159 2664 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
13:38:47.0159 2664 sermouse - ok
13:38:47.0190 2664 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
13:38:47.0206 2664 sffdisk - ok
13:38:47.0206 2664 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
13:38:47.0222 2664 sffp_mmc - ok
13:38:47.0222 2664 sffp_sd (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
13:38:47.0222 2664 sffp_sd - ok
13:38:47.0237 2664 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
13:38:47.0237 2664 sfloppy - ok
13:38:47.0284 2664 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
13:38:47.0284 2664 SiSRaid2 - ok
13:38:47.0300 2664 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
13:38:47.0300 2664 SiSRaid4 - ok
13:38:47.0331 2664 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:38:47.0331 2664 Smb - ok
13:38:47.0362 2664 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:38:47.0362 2664 spldr - ok
13:38:47.0393 2664 srv (ec8f67289105bf270498095f14963464) C:\Windows\system32\DRIVERS\srv.sys
13:38:47.0409 2664 srv - ok
13:38:47.0424 2664 srv2 (f773d2ed090b7baa1c1a034f3ca476c8) C:\Windows\system32\DRIVERS\srv2.sys
13:38:47.0424 2664 srv2 - ok
13:38:47.0456 2664 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
13:38:47.0471 2664 SrvHsfHDA - ok
13:38:47.0534 2664 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
13:38:47.0580 2664 SrvHsfV92 - ok
13:38:47.0612 2664 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
13:38:47.0627 2664 SrvHsfWinac - ok
13:38:47.0643 2664 srvnet (26e84d3649019c3244622e654dfcd75b) C:\Windows\system32\DRIVERS\srvnet.sys
13:38:47.0658 2664 srvnet - ok
13:38:47.0674 2664 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
13:38:47.0674 2664 stexstor - ok
13:38:47.0721 2664 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:38:47.0721 2664 swenum - ok
13:38:47.0799 2664 SynTP (bcf305959b53b200ceb2ad25ad22f8a7) C:\Windows\system32\DRIVERS\SynTP.sys
13:38:47.0799 2664 SynTP - ok
13:38:47.0892 2664 Tcpip (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\drivers\tcpip.sys
13:38:47.0908 2664 Tcpip - ok
13:38:47.0986 2664 TCPIP6 (912107716bab424c7870e8e6af5e07e1) C:\Windows\system32\DRIVERS\tcpip.sys
13:38:48.0002 2664 TCPIP6 - ok
13:38:48.0033 2664 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
13:38:48.0033 2664 tcpipreg - ok
13:38:48.0048 2664 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:38:48.0064 2664 TDPIPE - ok
13:38:48.0064 2664 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
13:38:48.0080 2664 TDTCP - ok
13:38:48.0111 2664 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
13:38:48.0111 2664 tdx - ok
13:38:48.0126 2664 TermDD (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
13:38:48.0126 2664 TermDD - ok
13:38:48.0173 2664 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:38:48.0173 2664 tssecsrv - ok
13:38:48.0220 2664 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
13:38:48.0220 2664 tunnel - ok
13:38:48.0236 2664 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
13:38:48.0236 2664 uagp35 - ok
13:38:48.0267 2664 udfs (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
13:38:48.0267 2664 udfs - ok
13:38:48.0314 2664 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
13:38:48.0314 2664 uliagpkx - ok
13:38:48.0345 2664 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
13:38:48.0345 2664 umbus - ok
13:38:48.0360 2664 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
13:38:48.0360 2664 UmPass - ok
13:38:48.0376 2664 usbccgp (b26afb54a534d634523c4fb66765b026) C:\Windows\system32\DRIVERS\usbccgp.sys
13:38:48.0392 2664 usbccgp - ok
13:38:48.0407 2664 USBCCID - ok
13:38:48.0454 2664 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
13:38:48.0454 2664 usbcir - ok
13:38:48.0470 2664 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
13:38:48.0470 2664 usbehci - ok
13:38:48.0516 2664 usbhub (4c9042b8df86c1e8e6240c218b99b39b) C:\Windows\system32\DRIVERS\usbhub.sys
13:38:48.0516 2664 usbhub - ok
13:38:48.0532 2664 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
13:38:48.0532 2664 usbohci - ok
13:38:48.0563 2664 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
13:38:48.0563 2664 usbprint - ok
13:38:48.0579 2664 USBSTOR (080d3820da6c046be82fc8b45a893e83) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:38:48.0579 2664 USBSTOR - ok
13:38:48.0594 2664 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
13:38:48.0594 2664 usbuhci - ok
13:38:48.0641 2664 usbvideo (d501e12614b00a3252073101d6a1a74b) C:\Windows\system32\Drivers\usbvideo.sys
13:38:48.0657 2664 usbvideo - ok
13:38:48.0704 2664 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
13:38:48.0704 2664 vdrvroot - ok
13:38:48.0719 2664 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:38:48.0735 2664 vga - ok
13:38:48.0735 2664 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:38:48.0750 2664 VgaSave - ok
13:38:48.0782 2664 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
13:38:48.0782 2664 vhdmp - ok
13:38:48.0797 2664 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
13:38:48.0797 2664 viaide - ok
13:38:48.0813 2664 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
13:38:48.0813 2664 volmgr - ok
13:38:48.0828 2664 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
13:38:48.0844 2664 volmgrx - ok
13:38:48.0875 2664 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
13:38:48.0875 2664 volsnap - ok
13:38:48.0891 2664 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
13:38:48.0891 2664 vsmraid - ok
13:38:48.0922 2664 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:38:48.0922 2664 vwifibus - ok
13:38:48.0938 2664 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:38:48.0953 2664 vwififlt - ok
13:38:48.0984 2664 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
13:38:48.0984 2664 WacomPen - ok
13:38:49.0016 2664 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:49.0016 2664 WANARP - ok
13:38:49.0031 2664 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
13:38:49.0031 2664 Wanarpv6 - ok
13:38:49.0078 2664 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
13:38:49.0078 2664 Wd - ok
13:38:49.0109 2664 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:38:49.0125 2664 Wdf01000 - ok
13:38:49.0187 2664 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:38:49.0187 2664 WfpLwf - ok
13:38:49.0203 2664 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:38:49.0218 2664 WIMMount - ok
13:38:49.0281 2664 winachsf (a6ea7a3fc4b00f48535b506db1e86efd) C:\Windows\system32\DRIVERS\CAX_CNXT.sys
13:38:49.0296 2664 winachsf - ok
13:38:49.0359 2664 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:38:49.0359 2664 WmiAcpi - ok
13:38:49.0406 2664 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:38:49.0406 2664 ws2ifsl - ok
13:38:49.0437 2664 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
13:38:49.0452 2664 WudfPf - ok
13:38:49.0468 2664 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:38:49.0484 2664 WUDFRd - ok
13:38:49.0530 2664 XAudio (e8f3fa126a06f8e7088f63757112a186) C:\Windows\system32\DRIVERS\XAudio64.sys
13:38:49.0530 2664 XAudio - ok
13:38:49.0577 2664 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
13:38:49.0593 2664 yukonw7 - ok
13:38:49.0608 2664 MBR (0x1B8) (26f09bb2d3c825f4e28a6915a269f46d) \Device\Harddisk0\DR0
13:38:49.0655 2664 \Device\Harddisk0\DR0 - ok
13:38:49.0655 2664 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR2
13:38:49.0718 2664 \Device\Harddisk1\DR2 - ok
13:38:49.0749 2664 Boot (0x1200) (f697d9fa915845ba1d595b524bfb1521) \Device\Harddisk0\DR0\Partition0
13:38:49.0749 2664 \Device\Harddisk0\DR0\Partition0 - ok
13:38:49.0749 2664 Boot (0x1200) (fd786ecdcfc983ea8a89191366e81224) \Device\Harddisk0\DR0\Partition1
13:38:49.0749 2664 \Device\Harddisk0\DR0\Partition1 - ok
13:38:49.0780 2664 Boot (0x1200) (5fc70bdc364dc46ae1a6c73a57850738) \Device\Harddisk0\DR0\Partition2
13:38:49.0780 2664 \Device\Harddisk0\DR0\Partition2 - ok
13:38:49.0796 2664 Boot (0x1200) (374f2acc3bf13b0c6c6c334f24b80f72) \Device\Harddisk1\DR2\Partition0
13:38:49.0796 2664 \Device\Harddisk1\DR2\Partition0 - ok
13:38:49.0796 2664 ============================================================
13:38:49.0796 2664 Scan finished
13:38:49.0796 2664 ============================================================
13:38:49.0811 2456 Detected object count: 0
13:38:49.0811 2456 Actual detected object count: 0

#7 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 01:53 PM

About to change some parts on my car. I have it set up to email me so I'll know instantly when you respond. Will be back on as soon as possible.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 02:03 PM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 02:12 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : usert-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR9285 802.11b/g/n WiFi Adapter
Physical Address. . . . . . . . . : 90-4C-E5-88-1E-49
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7c96:90f6:3e42:2b5e%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.29(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 03, 2012 2:08:22 PM
Lease Expires . . . . . . . . . . : Sunday, March 04, 2012 2:08:22 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 311446757
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-16-E3-B4-B0-00-26-2D-B4-B7-E7
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : hsd1.ga.comcast.net.
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 00-26-2D-B4-B7-E7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{3D90EB3F-6827-4B63-9AD2-DCD256379FD3}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:183c:2804:bc44:cea0(Preferred)
Link-local IPv6 Address . . . . . : fe80::183c:2804:bc44:cea0%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.157.102
74.125.157.100
74.125.157.101

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.127.62
98.139.183.24
209.191.122.70


Pinging google.com [74.125.45.113] with 32 bytes of data:
Reply from 74.125.45.113: bytes=32 time=39ms TTL=48
Reply from 74.125.45.113: bytes=32 time=38ms TTL=48

Ping statistics for 74.125.45.113:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 39ms, Average = 38ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=45ms TTL=47
Reply from 209.191.122.70: bytes=32 time=49ms TTL=47

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 45ms, Maximum = 49ms, Average = 47ms
===========================================================================
Interface List
12...90 4c e5 88 1e 49 ......Atheros AR9285 802.11b/g/n WiFi Adapter
11...00 26 2d b4 b7 e7 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.29 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.29 281
192.168.1.29 255.255.255.255 On-link 192.168.1.29 281
192.168.1.255 255.255.255.255 On-link 192.168.1.29 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.29 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.29 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:183c:2804:bc44:cea0/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::183c:2804:bc44:cea0/128
On-link
12 281 fe80::7c96:90f6:3e42:2b5e/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 02:20 PM

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 03:50 PM

Before I do this, would this be a computer specific problem? The other laptops connecting to the same router have no issues, and the laptop in question will do the same thing on all other routers I have tested it on. If at all possible I don't want to reset the router because it isn't mine but will if necessary. I know all passwords involved and how to set it back up.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 03:53 PM

Hello

OK lets do this

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 04:07 PM

OTL logfile created on: 3/3/2012 4:02:26 PM - Run 1
OTL by OldTimer - Version 3.2.33.2 Folder = G:\
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.93 Gb Total Physical Memory | 2.01 Gb Available Physical Memory | 68.56% Memory free
5.86 Gb Paging File | 4.74 Gb Available in Paging File | 80.91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 285.98 Gb Total Space | 259.99 Gb Free Space | 90.91% Space Free | Partition Type: NTFS
Drive D: | 199.00 Mb Total Space | 166.88 Mb Free Space | 83.86% Space Free | Partition Type: NTFS
Drive E: | 11.91 Gb Total Space | 2.00 Gb Free Space | 16.83% Space Free | Partition Type: NTFS
Drive G: | 3.73 Gb Total Space | 3.59 Gb Free Space | 96.24% Space Free | Partition Type: FAT32

Computer Name: USERT-PC | User Name: usert | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - G:\OTL.exe (OldTimer Tools)


========== Modules (No Company Name) ==========

MOD - C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e033d390dc7e9567b6960b0f530cf30\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\39f5a71b5185d267b0f55cd4cea26d6b\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\7f457271e765b5d72f081942b829469c\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\68e5eeb3c6ef18ba2dc1ad70eb74aeee\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\dca322ae03db6422ff99b125d1bdb941\UIAutomationTypes.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b459c5815af8123e4bf30d4e05bba65\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\c2f9dd7db911053edcaaadf5fefc500a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HsfXAudioService) -- C:\Windows\SysWOW64\XAudio64.dll (Conexant Systems, Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (XAudio) -- C:\Windows\SysNative\drivers\XAudio64.sys (Conexant Systems, Inc.)
DRV:64bit: - (HSF_DPV) -- C:\Windows\SysNative\drivers\CAX_DPV.sys (Conexant Systems, Inc.)
DRV:64bit: - (mdmxsdk) -- C:\Windows\SysNative\drivers\mdmxsdk.sys (Conexant)
DRV:64bit: - (winachsf) -- C:\Windows\SysNative\drivers\CAX_CNXT.sys (Conexant Systems, Inc.)
DRV:64bit: - (CAXHWAZL) -- C:\Windows\SysNative\drivers\CAXHWAZL.sys (Conexant Systems, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (SrvHsfV92) -- C:\Windows\SysNative\drivers\VSTDPV6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfWinac) -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (SrvHsfHDA) -- C:\Windows\SysNative\drivers\VSTAZL6.SYS (Conexant Systems, Inc.)
DRV:64bit: - (yukonw7) -- C:\Windows\SysNative\drivers\yk62x64.sys (Marvell)
DRV:64bit: - (netw5v64) Intel® -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (IntcHdmiAddService) Intel® -- C:\Windows\SysNative\drivers\IntcHdmi.sys (Intel® Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-492154405-1609943552-7897334-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-492154405-1609943552-7897334-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_US&c=94&bd=bestbuy&pf=cnnb
IE - HKU\S-1-5-21-492154405-1609943552-7897334-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8064.0206: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/08/17 15:33:24 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2012/03/03 13:13:37 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (hpBHO Class) - {ABD3B5E1-B268-407B-A150-2641DAB8D898} - C:\Program Files (x86)\Common Files\Homepage Protection\HomepageProtection.dll (AOL Products)
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0560.0\msneshellx.dll (Microsoft Corp.)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-492154405-1609943552-7897334-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-492154405-1609943552-7897334-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D90EB3F-6827-4B63-9AD2-DCD256379FD3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7F32BCDC-A343-44A6-B9CA-CEB76F39265D}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/03 14:08:28 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/03/03 13:30:11 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Adobe
[2012/03/03 13:16:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/03 13:10:39 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/03 13:10:39 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/03 13:10:39 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/03 13:10:05 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/03 12:58:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/03 12:55:59 | 000,439,808 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvs.dll
[2012/03/03 12:55:59 | 000,426,075 | ---- | C] (Atheros) -- C:\Windows\SysWow64\wgapi.dll
[2012/03/03 12:55:59 | 000,413,765 | ---- | C] (Atheros) -- C:\Windows\SysWow64\wcapi.dll
[2012/03/03 12:55:59 | 000,335,964 | ---- | C] (Atheros) -- C:\Windows\SysWow64\wcapiU.dll
[2012/03/03 12:55:59 | 000,311,391 | ---- | C] (Atheros) -- C:\Windows\SysWow64\athcfg20U.dll
[2012/03/03 12:55:59 | 000,299,080 | ---- | C] (Atheros) -- C:\Windows\SysWow64\athcfg20.dll
[2012/03/03 12:55:59 | 000,127,080 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\athcfg20resU.dll
[2012/03/03 12:55:59 | 000,127,054 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysWow64\athcfg20res.dll
[2012/03/03 12:55:59 | 000,060,416 | ---- | C] (Atheros) -- C:\Windows\SysNative\athihvui.dll
[2012/03/03 12:55:59 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2012/03/03 12:55:59 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\nn-NO
[2012/03/03 12:55:14 | 000,000,000 | ---D | C] -- C:\Program Files\Broadcom
[2012/03/03 09:30:16 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\HpUpdate
[2012/03/03 09:30:02 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\Diagnostics
[2012/03/03 09:25:40 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Hewlett-Packard
[2012/03/03 09:24:16 | 000,000,000 | R--D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/03 09:24:16 | 000,000,000 | R--D | C] -- C:\Users\usert\Searches
[2012/03/03 09:24:16 | 000,000,000 | R--D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/03 09:24:16 | 000,000,000 | -H-D | C] -- C:\Users\usert\Application Data\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2012/03/03 09:24:09 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Identities
[2012/03/03 09:24:07 | 000,000,000 | R--D | C] -- C:\Users\usert\Contacts
[2012/03/03 09:24:05 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\VirtualStore
[2012/03/03 09:18:16 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\Hewlett-Packard_Company
[2012/03/03 09:17:46 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\Hewlett-Packard
[2012/03/03 07:47:40 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\HP TCS
[2012/03/03 07:44:26 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll
[2012/03/03 07:44:26 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll
[2012/03/03 07:44:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012/03/03 07:42:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\muvee
[2012/03/03 07:42:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\muvee Technologies
[2012/03/03 07:42:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\muvee Technologies
[2012/03/03 07:38:57 | 001,233,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012/03/03 07:38:57 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4r.dll
[2012/03/03 07:38:57 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4a.dll
[2012/03/03 07:38:39 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll
[2012/03/03 07:38:39 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll
[2012/03/03 07:38:39 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll
[2012/03/03 07:32:57 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2012/03/03 07:32:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2012/03/03 07:11:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Recovery
[2012/03/03 07:09:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\x64
[2012/03/03 07:09:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Lang
[2012/03/03 07:09:49 | 000,997,912 | ---- | C] (Intel Corporation) -- C:\Windows\SysWow64\igxpun.exe
[2012/03/03 07:09:47 | 000,000,000 | ---D | C] -- C:\Intel
[2012/03/03 07:09:29 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2012/03/03 07:08:53 | 000,215,040 | ---- | C] (Realtek ) -- C:\Windows\SysNative\drivers\Rt64win7.sys
[2012/03/03 07:08:41 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2012/03/03 07:08:19 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2012/03/03 07:08:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2012/03/03 07:07:51 | 002,374,656 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2012/03/03 07:07:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Atheros
[2012/03/03 07:07:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\AppData\Local\Temporary Internet Files
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Templates
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Start Menu
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\SendTo
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Recent
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\PrintHood
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\NetHood
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Documents\My Videos
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Documents\My Pictures
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Documents\My Music
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\My Documents
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Local Settings
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\AppData\Local\History
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Cookies
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\Application Data
[2012/03/03 07:00:25 | 000,000,000 | -HSD | C] -- C:\Users\usert\AppData\Local\Application Data
[2012/03/03 07:00:24 | 000,000,000 | --SD | C] -- C:\Users\usert\AppData\Roaming\Microsoft
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Videos
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Saved Games
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Pictures
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Music
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Links
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Favorites
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Downloads
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Documents
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\Desktop
[2012/03/03 07:00:24 | 000,000,000 | R--D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2012/03/03 07:00:24 | 000,000,000 | -H-D | C] -- C:\Users\usert\AppData
[2012/03/03 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\Temp
[2012/03/03 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recovery Manager
[2012/03/03 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Local\Microsoft
[2012/03/03 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Media Center Programs
[2012/03/03 07:00:24 | 000,000,000 | ---D | C] -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam
[2012/03/03 06:13:28 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2012/03/03 06:11:11 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2012/03/03 06:08:12 | 002,868,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/03 06:08:12 | 002,613,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/03/03 06:06:47 | 000,000,000 | ---D | C] -- C:\Windows\ehome
[2012/03/03 05:47:19 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[1 C:\Users\usert\Desktop\*.tmp files -> C:\Users\usert\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/03/03 16:02:22 | 000,713,888 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/03 16:02:22 | 000,615,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/03 16:02:22 | 000,103,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/03 15:57:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/03 14:15:26 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:15:26 | 000,023,024 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/03 14:11:03 | 000,000,153 | ---- | M] () -- C:\Users\usert\Desktop\router.bat
[2012/03/03 14:08:33 | 000,000,290 | ---- | M] () -- C:\ProgramData\hpqp.ini
[2012/03/03 14:08:06 | 2361,802,752 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/03 13:13:37 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/03 12:54:58 | 000,006,656 | ---- | M] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/03/03 12:15:22 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/03 09:54:46 | 000,039,252 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2012/03/03 09:54:46 | 000,039,252 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2012/03/03 09:27:34 | 000,001,433 | ---- | M] () -- C:\Users\usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/03 08:32:03 | 000,328,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/03 07:14:52 | 000,015,266 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2012/03/03 07:08:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/03 07:08:42 | 000,000,000 | RHS- | M] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9503KQC_E575545-001_4A_I3612_SHP_V09.66_F.61_T091119_WU3-0_L409_M3004_J320_7Intel_867A_92.10_#120303_N10EC8136;168C002B_(VM085UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/03/03 07:08:41 | 000,000,000 | RHS- | M] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9503KQC_E575545-001_4A_I3612_SHP_V09.66_F.61_T091119_WU3-0_L409_M3004_J320_7Intel_867A_92.10_#120303_N10EC8136;168C002B_(VM085UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/03/03 06:08:12 | 002,868,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[2012/03/03 06:08:12 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\explorer.exe
[2012/02/29 13:54:44 | 000,580,160 | ---- | M] () -- C:\Users\usert\Documents\cc_20120229_135430.reg
[1 C:\Users\usert\Desktop\*.tmp files -> C:\Users\usert\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/03/03 14:10:41 | 000,000,153 | ---- | C] () -- C:\Users\usert\Desktop\router.bat
[2012/03/03 13:10:39 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/03 13:10:39 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/03 13:10:39 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/03 13:10:39 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/03 13:10:39 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/03 12:55:24 | 000,006,656 | ---- | C] () -- C:\Windows\SysNative\bcmwlrc.dll
[2012/03/03 12:15:22 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2012/03/03 09:27:33 | 000,001,433 | ---- | C] () -- C:\Users\usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/03/03 09:24:46 | 000,001,405 | ---- | C] () -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012/03/03 09:24:17 | 000,001,439 | ---- | C] () -- C:\Users\usert\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012/03/03 07:47:36 | 000,001,562 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Try Microsoft Office for 60 days.lnk
[2012/03/03 07:47:33 | 000,002,276 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
[2012/03/03 07:47:33 | 000,002,270 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Trials for QuickBooks, Quicken and TurboTax.lnk
[2012/03/03 07:47:33 | 000,000,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora Internet Radio.url
[2012/03/03 07:39:17 | 000,000,290 | ---- | C] () -- C:\ProgramData\hpqp.ini
[2012/03/03 07:39:12 | 000,001,939 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Play.lnk
[2012/03/03 07:14:52 | 000,015,266 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2012/03/03 07:08:53 | 000,067,584 | ---- | C] () -- C:\Windows\SysNative\RtNicProp64.dll
[2012/03/03 07:08:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2012/03/03 07:08:42 | 000,000,000 | RHS- | C] () -- C:\Windows\SysWow64\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9503KQC_E575545-001_4A_I3612_SHP_V09.66_F.61_T091119_WU3-0_L409_M3004_J320_7Intel_867A_92.10_#120303_N10EC8136;168C002B_(VM085UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/03/03 07:08:41 | 000,000,000 | RHS- | C] () -- C:\Windows\SysNative\drivers\103C_HP_cNB_G60 Notebook PC_Y5335KV_0U_Q2CE9503KQC_E575545-001_4A_I3612_SHP_V09.66_F.61_T091119_WU3-0_L409_M3004_J320_7Intel_867A_92.10_#120303_N10EC8136;168C002B_(VM085UA#ABA)_XMOBILE_CN10_Z.MRK
[2012/03/03 07:00:24 | 000,000,290 | ---- | C] () -- C:\Users\usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2012/03/03 07:00:24 | 000,000,272 | ---- | C] () -- C:\Users\usert\Application Data\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2012/03/03 06:16:40 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2012/03/03 06:16:34 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2012/03/03 06:10:21 | 2361,802,752 | -HS- | C] () -- C:\hiberfil.sys
[2012/03/03 06:07:27 | 000,048,265 | ---- | C] () -- C:\Windows\HomePremium.xml
[2012/02/29 13:54:34 | 000,580,160 | ---- | C] () -- C:\Users\usert\Documents\cc_20120229_135430.reg

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:07:12 PM

Posted 03 March 2012 - 05:33 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    :otl
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O18:64bit: - Protocol\Handler\livecall - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
    O18:64bit: - Protocol\Handler\msnim - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [EMPTYTEMP]
    [emptyjava]
    [EMPTYFLASH]
    [RESETHOSTS]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 godcixelsyd

godcixelsyd
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:06:12 PM

Posted 03 March 2012 - 05:54 PM

OK so as an update, the internet is working when I connect to another router now, but not the primary home one. So weird... Guess I will have to do a reset after all. But something we JUST did made it start working on the other one. Can you think of what I might be able to do on the router besides resetting?


All processes killed
========== OTL ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
G:\cmd.bat deleted successfully.
G:\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Big South
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: usert
->Temp folder emptied: 4073786 bytes
->Temporary Internet Files folder emptied: 2395287 bytes
->Java cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 11506 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50132 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb


[EMPTYJAVA]

User: All Users

User: Big South

User: Default

User: Default User

User: Public

User: usert
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Big South

User: Default

User: Default User

User: Public

User: usert

Total Flash Files Cleaned = 0.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.33.2 log created on 03032012_173738

Files\Folders moved on Reboot...
C:\Users\usert\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users