Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

codec c


  • This topic is locked This topic is locked
26 replies to this topic

#1 campbell88

campbell88

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 26 March 2012 - 04:12 AM

Hi ive stupidly installed the codec-c virus thing. It has been displaying ads on sites like yahoo with a note saying not ad's from this site although these have stopped recently. It also had removed the majority of my programs from the start menu i can still find them by going into my C: so they are not moved or deleted. I can see the program in the remove program thing but it wont let me uninstall it and i also found the exact folder the codec-c is in and it has an unistall button but that also doesnt do anything. I have ran virus software and spybot but it didnt find it. Also this virus is sending spam emails from my account. Can you help me remove this please.

Edited by campbell88, 26 March 2012 - 04:19 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 26 March 2012 - 08:25 AM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

1.Do not run any other tool untill instructed to do so!
doing so will only at best cause you unneeded worry as it finds our backups and may even list our tools
and at worst can cause conficts with our tools and lead to unforseen things to happen2.Please Do not Attach logs or put in code boxes.
besides the time it takes me to open the reports it makes it harder to find something if I need to go back to do more research and putting them in code boxes just makes them so hard to read3. After each step give me a little feedback
It does not need to be long but just something so I know how things are going it can be something like
I am still getting redirected
The computer is running as it should
Don't put things like - it is the same as before or still the same this just makes me go back and look for you last feedback as to how things are4. read every post completely before doing anything
Pay special attention to the Notes** I have put in
These are things I have found that happen allot and can be taken care of easily just by reading the Notes**

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


Backup any files that cannot be replaced

If you have not done it yet spend a few minutes to backup any files that cannot be replaced. Removing malware can be unpredictable and this may save you and me allot of grief later.

You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

you may want to backup the whole harddrive there is some good info in the Preparation Guide on how to make full backups and how to restore it back if something goes wrong. Read the tutorial and print it out so you will know what to do in case the unforeseen happens.

When you have the files backed up you may do the following.


Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 26 March 2012 - 02:20 PM

Hey gringo, i have done as instructed so far here is the log from DDS and i had no problems so far. Thanks




.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Shaun at 20:16:54 on 2012-03-26
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.1836 [GMT 1:00]
.
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Spybot - Search && Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\SysWOW64\NlsSrv32.exe
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://www.skybroadband.com
uWindow Title = Internet Explorer Provided By Sky Broadband
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Codec-C Class: {19480e4e-f264-4dfb-b991-c35664edbe49} - C:\ProgramData\Codec-C\bhoclass.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {f9e4a054-e9b1-4bc3-83a3-76a1ae736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-GB
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
uRun: [Logitech Vid] "C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe" -bootmode
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe /minimized
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [Facebook Update] "C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
StartupFolder: C:\Users\Shaun\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\WARNER~1.LNK - C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{1D5C7779-DEF4-494E-B14A-03EFEAB8F78B} : DhcpNameServer = 192.168.42.129
TCP: Interfaces\{456C8851-F50A-4EF8-8615-789446BDE1C0} : NameServer = 192.168.0.1
TCP: Interfaces\{5AAA8B34-2142-4B3B-AA33-39C17466B741} : NameServer = 10.94.88.1
TCP: Interfaces\{8A256F57-EC75-47CA-8165-BF48177CFAE3} : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A256F57-EC75-47CA-8165-BF48177CFAE3}\35B4955383139313 : DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A256F57-EC75-47CA-8165-BF48177CFAE3}\35B4956333134393 : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SEH: EasyBits ShellExecute Hook: {e54729e8-bb3d-4270-9d49-7389ea579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Codec-C Class: {19480E4E-F264-4DFB-B991-C35664EDBE49} - C:\ProgramData\Codec-C\bhoclass.dll
BHO-X64: Codec-C - No File
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coIEPlg.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun-x64: [HP Remote Solution] %ProgramFiles%\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun-x64: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
mRun-x64: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
mRun-x64: [lxcrmon.exe] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe"
mRun-x64: [EzPrint] "C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe"
mRun-x64: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
mRun-x64: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
IE-X64: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com
SEH-X64: EasyBits ShellExecute Hook: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-3-20 1157240]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120323.002\IDSviA64.sys [2012-3-24 488568]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe [2012-3-23 138232]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\System32\NlsSrv32.exe [2011-4-13 61440]
R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-9-15 88576]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-3-25 1181104]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-3-25 1185704]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-3-25 166528]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-16 138360]
R3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
R3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\system32\DRIVERS\lvuvc64.sys --> C:\Windows\system32\DRIVERS\lvuvc64.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-5 135664]
S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?]
S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?]
S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\system32\DRIVERS\lvpopf64.sys --> C:\Windows\system32\DRIVERS\lvpopf64.sys [?]
S3 LVPr2M64;Logitech LVPr2M64 Driver;C:\Windows\system32\DRIVERS\LVPr2M64.sys --> C:\Windows\system32\DRIVERS\LVPr2M64.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-03-26 08:07:29 -------- d-----w- C:\Users\Shaun\AppData\Local\{CF28BC65-E2D8-4516-99E0-DE6C3A69A5F5}
2012-03-26 08:07:18 -------- d-----w- C:\Users\Shaun\AppData\Local\{EB1976AA-E02B-459A-8023-678739602609}
2012-03-25 18:06:11 -------- d-----w- C:\Users\Shaun\AppData\Local\{5B2DD883-982B-428E-8A5C-250CA3D376C7}
2012-03-25 18:05:45 -------- d-----w- C:\Users\Shaun\AppData\Local\{349C3263-BFDC-4F61-85BF-2C8CAAE001FB}
2012-03-25 13:03:43 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-03-25 13:03:25 17272 ----a-w- C:\Windows\System32\sdnclean64.exe
2012-03-25 13:03:22 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2012-03-25 04:06:34 -------- d-----w- C:\Users\Shaun\AppData\Local\{85417340-3A94-4BF7-95E6-794070DEF29B}
2012-03-25 04:06:13 -------- d-----w- C:\Users\Shaun\AppData\Local\{1B6D5238-A300-4FCA-875B-7CC63A19B123}
2012-03-24 12:36:49 -------- d-----w- C:\ProgramData\Premium
2012-03-24 12:36:25 -------- d-----w- C:\ProgramData\Codec-C
2012-03-24 12:36:14 -------- d-----w- C:\codec-info
2012-03-24 12:35:54 -------- d-----w- C:\ProgramData\InstallMate
2012-03-23 06:04:18 738936 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtsp64.sys
2012-03-23 06:04:18 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1306020.00A\symds64.sys
2012-03-23 06:04:18 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symnets.sys
2012-03-23 06:04:18 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\srtspx64.sys
2012-03-23 06:04:18 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ironx64.sys
2012-03-23 06:04:18 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\ccsetx64.sys
2012-03-23 06:04:18 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1306020.00A\symefa64.sys
2012-03-23 06:04:10 -------- d-----w- C:\Windows\System32\drivers\NISx64\1306020.00A
2012-03-22 17:42:52 -------- d-----w- C:\Users\Shaun\AppData\Local\{111E8FEC-17DC-47E0-AD49-4461764E1017}
2012-03-22 17:42:40 -------- d-----w- C:\Users\Shaun\AppData\Local\{11A12ECC-673B-456B-A518-DDE0F50E38D8}
2012-03-21 09:53:14 -------- d-----w- C:\Users\Shaun\AppData\Local\{F91A1BBA-1813-4903-9E34-DCE67ED86CDD}
2012-03-21 09:53:02 -------- d-----w- C:\Users\Shaun\AppData\Local\{079358C8-F0A3-4B8C-AA80-BE12A244D5B9}
2012-03-18 02:00:30 -------- d-----w- C:\Users\Shaun\AppData\Roaming\PFStaticIP
2012-03-15 07:03:35 -------- d-----w- C:\Users\Shaun\AppData\Local\{5F95B96B-7AEA-49D8-AA1A-D14CCC16FD15}
2012-03-15 07:03:13 -------- d-----w- C:\Users\Shaun\AppData\Local\{9601BE09-38E2-43F0-8B25-6D7FDFA92AEE}
2012-03-15 03:03:36 5559152 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-03-15 03:03:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:03:35 3913584 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-03-14 06:22:03 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-03-14 06:22:00 1544192 ----a-w- C:\Windows\System32\DWrite.dll
2012-03-14 06:22:00 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-03-14 06:19:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-03-14 06:19:58 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-03-14 06:19:58 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-03-14 06:19:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-03-14 06:19:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-03-14 06:19:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-03-14 06:19:48 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-03-14 02:03:32 -------- d-----w- C:\Users\Shaun\AppData\Local\{809364FA-164E-436C-A94E-F5F9F5C31C00}
2012-03-14 02:03:21 -------- d-----w- C:\Users\Shaun\AppData\Local\{D858925B-DD8D-4E25-99AC-F173EFD5F703}
2012-03-11 14:31:47 -------- d-----w- C:\Users\Shaun\AppData\Local\{061FC475-E2A2-45AF-BF7D-6D3C20A3E637}
2012-03-11 14:31:30 -------- d-----w- C:\Users\Shaun\AppData\Local\{03E3938B-02B6-4802-AA5E-F6E521F17FEC}
2012-03-11 14:00:40 -------- d-----w- C:\Program Files\iTunes
2012-03-11 14:00:40 -------- d-----w- C:\Program Files\iPod
2012-03-11 14:00:40 -------- d-----w- C:\Program Files (x86)\iTunes
2012-03-08 00:49:08 -------- d-----w- C:\Users\Shaun\AppData\Local\{73A55079-2574-4E59-A591-05F15B57B479}
2012-03-08 00:48:57 -------- d-----w- C:\Users\Shaun\AppData\Local\{22B557BC-DF5F-4023-81F5-D2AC6052A269}
2012-03-04 22:53:03 -------- d-----w- C:\Users\Shaun\AppData\Local\{9ED8D74A-3CB4-481D-B14B-BC46C6E1E529}
2012-03-04 22:52:52 -------- d-----w- C:\Users\Shaun\AppData\Local\{3094F3CD-1471-4DDC-B2CE-6628094922C3}
2012-03-03 20:21:37 -------- d-----w- C:\Users\Shaun\AppData\Local\{C9F6C858-A112-4DF3-8859-6D2811DA1B41}
2012-03-03 20:21:26 -------- d-----w- C:\Users\Shaun\AppData\Local\{931C9859-426E-4E1D-B519-A0C219B8946E}
2012-02-28 18:48:22 -------- d-----w- C:\Users\Shaun\AppData\Local\{D5477FB5-A23C-49D4-8EEF-9DA775EEAB77}
2012-02-28 18:47:54 -------- d-----w- C:\Users\Shaun\AppData\Local\{F4FFB8DD-4890-41ED-B530-8F0C93DE0BA9}
2012-02-27 00:05:54 -------- d-----w- C:\Users\Shaun\AppData\Local\{C67D31CE-F3D5-48C7-9D38-F78BBE12E7F1}
2012-02-27 00:05:43 -------- d-----w- C:\Users\Shaun\AppData\Local\{841A347F-A20C-4CF2-940E-49FD1D3D7EDA}
.
==================== Find3M ====================
.
2012-03-23 06:04:27 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-03-11 14:27:15 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-02-18 07:31:02 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-04 10:44:20 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-01-04 08:58:41 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-01-04 00:48:42 354176 ----a-w- C:\Windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26:08 515584 ----a-w- C:\Windows\System32\timedate.cpl
2011-12-30 05:27:56 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2011-12-28 03:59:24 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 20:17:22.98 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 26 March 2012 - 02:35 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 26 March 2012 - 06:42 PM

hey, here is the log from combofix. The codec-c is still on the computer as it is still listed in programs in the add/remove section. I usually have to wait a while to see the unwanted ad's on certain websites but since its still on the computer i assume it will still do it. Edit** I have noticed after doing this i am now getting hyperlinks with certain text like "win" on websites which link to surveys and things like that now.

ComboFix 12-03-26.02 - Shaun 27/03/2012 0:00.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2322 [GMT 1:00]
Running from: c:\users\Shaun\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search && Destroy *Disabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\Hotspot Shield\HssIE\HsSIe.dll
c:\users\James\AppData\Roaming\Ribo
c:\users\James\AppData\Roaming\Ribo\esfyk.ofg
c:\users\Public\invokesi.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-26 to 2012-03-26 )))))))))))))))))))))))))))))))
.
.
2012-03-26 23:11 . 2012-03-26 23:11 -------- d-----w- c:\users\Mcx1-SHAUN-PC\AppData\Local\temp
2012-03-25 13:03 . 2012-03-25 13:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-25 13:03 . 2012-03-26 23:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-03-24 12:36 . 2012-03-24 12:36 -------- d-----w- c:\programdata\Premium
2012-03-24 12:36 . 2012-03-25 17:50 -------- d-----w- c:\programdata\Codec-C
2012-03-24 12:36 . 2012-03-24 12:36 -------- d-----w- C:\codec-info
2012-03-24 12:35 . 2012-03-24 12:36 -------- d-----w- c:\programdata\InstallMate
2012-03-23 06:04 . 2012-03-25 17:50 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-18 02:00 . 2012-03-18 02:00 -------- d-----w- c:\users\Shaun\AppData\Roaming\PFStaticIP
2012-03-15 03:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 06:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:19 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:19 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:19 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 14:31 . 2012-03-11 14:31 -------- d-----w- c:\users\Shaun\AppData\Roaming\Yahoo!
2012-03-11 14:27 . 2012-03-11 14:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-11 14:00 . 2012-03-11 14:01 -------- d-----w- c:\program files\iTunes
2012-03-11 14:00 . 2012-03-11 14:01 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 14:00 . 2012-03-11 14:00 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 06:04 . 2010-01-25 21:35 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-11 14:27 . 2010-10-06 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-18 07:31 . 2011-07-19 16:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 01:29 . 2012-01-25 01:29 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-25 01:28 . 2012-01-25 01:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-25 01:28 . 2012-01-25 01:28 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-18 06:44 . 2012-01-18 06:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44 . 2012-01-18 06:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 06:44 . 2012-01-18 06:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 06:44 . 2012-01-18 06:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 06:44 . 2012-01-18 06:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 06:44 . 2012-01-18 06:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 06:44 . 2012-01-18 06:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 06:44 . 2012-01-18 06:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-04 10:44 . 2012-02-15 05:47 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:47 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 05:46 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 05:46 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2011-12-28 03:59 . 2012-02-15 05:46 498688 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{19480E4E-F264-4DFB-B991-C35664EDBE49}]
2012-03-22 19:51 141312 ----a-w- c:\programdata\Codec-C\bhoclass.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-28 740216]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2010-10-31 19071672]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"lxcrmon.exe"="c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
.
c:\users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2012-1-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120323.002\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-25 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001Core.job
- c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-02 01:14]
.
2012-03-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001UA.job
- c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-02 01:14]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:55]
.
2012-03-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:55]
.
2012-03-26 c:\windows\Tasks\HPCeeScheduleForShaun.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
2010-09-22 19:19 284208 ----a-w- c:\program files (x86)\Hotspot Shield\hssie\HssIE_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{456C8851-F50A-4EF8-8615-789446BDE1C0}: NameServer = 192.168.0.1
TCP: Interfaces\{5AAA8B34-2142-4B3B-AA33-39C17466B741}: NameServer = 10.94.88.1
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2012-03-27 00:29:10 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-26 23:29
.
Pre-Run: 140,471,123,968 bytes free
Post-Run: 141,246,611,456 bytes free
.
- - End Of File - - B7D93C76AF40E53F6E835018A382FDE8

Edited by campbell88, 26 March 2012 - 08:24 PM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 26 March 2012 - 08:32 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 March 2012 - 05:35 AM

hey, here are the reports from TDSS and asw you asked me to run.

10:59:57.0488 0892 TDSS rootkit removing tool 2.7.23.0 Mar 26 2012 13:40:18
10:59:57.0831 0892 ============================================================
10:59:57.0831 0892 Current date / time: 2012/03/27 10:59:57.0831
10:59:57.0831 0892 SystemInfo:
10:59:57.0831 0892
10:59:57.0831 0892 OS Version: 6.1.7601 ServicePack: 1.0
10:59:57.0831 0892 Product type: Workstation
10:59:57.0831 0892 ComputerName: SHAUN-PC
10:59:57.0831 0892 UserName: Shaun
10:59:57.0831 0892 Windows directory: C:\Windows
10:59:57.0831 0892 System windows directory: C:\Windows
10:59:57.0831 0892 Running under WOW64
10:59:57.0831 0892 Processor architecture: Intel x64
10:59:57.0831 0892 Number of processors: 2
10:59:57.0831 0892 Page size: 0x1000
10:59:57.0831 0892 Boot type: Normal boot
10:59:57.0831 0892 ============================================================
10:59:58.0939 0892 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:59:58.0970 0892 \Device\Harddisk0\DR0:
10:59:58.0970 0892 MBR used
10:59:58.0970 0892 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:59:58.0970 0892 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x238E4800
10:59:58.0970 0892 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x23917000, BlocksNum 0x1B17000
10:59:59.0032 0892 Initialize success
10:59:59.0032 0892 ============================================================
11:00:03.0416 4960 ============================================================
11:00:03.0416 4960 Scan started
11:00:03.0416 4960 Mode: Manual;
11:00:03.0416 4960 ============================================================
11:00:04.0695 4960 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:00:04.0695 4960 1394ohci - ok
11:00:04.0789 4960 ABBYY.Licensing.FineReader.Professional.9.0 (368638508f3675f7c6e69381fa65339d) C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe
11:00:04.0804 4960 ABBYY.Licensing.FineReader.Professional.9.0 - ok
11:00:04.0882 4960 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:00:04.0898 4960 ACPI - ok
11:00:04.0945 4960 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:00:04.0945 4960 AcpiPmi - ok
11:00:04.0992 4960 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:00:05.0007 4960 adp94xx - ok
11:00:05.0054 4960 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:00:05.0070 4960 adpahci - ok
11:00:05.0101 4960 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:00:05.0101 4960 adpu320 - ok
11:00:05.0132 4960 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:00:05.0132 4960 AeLookupSvc - ok
11:00:05.0194 4960 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:00:05.0210 4960 AFD - ok
11:00:05.0257 4960 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:00:05.0257 4960 agp440 - ok
11:00:05.0288 4960 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:00:05.0304 4960 ALG - ok
11:00:05.0319 4960 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:00:05.0335 4960 aliide - ok
11:00:05.0350 4960 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:00:05.0350 4960 amdide - ok
11:00:05.0382 4960 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:00:05.0382 4960 AmdK8 - ok
11:00:05.0397 4960 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:00:05.0413 4960 AmdPPM - ok
11:00:05.0444 4960 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:00:05.0444 4960 amdsata - ok
11:00:05.0475 4960 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:00:05.0491 4960 amdsbs - ok
11:00:05.0506 4960 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:00:05.0506 4960 amdxata - ok
11:00:05.0647 4960 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:00:05.0647 4960 AppID - ok
11:00:05.0709 4960 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:00:05.0725 4960 AppIDSvc - ok
11:00:05.0756 4960 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:00:05.0756 4960 Appinfo - ok
11:00:05.0834 4960 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:00:05.0834 4960 Apple Mobile Device - ok
11:00:05.0928 4960 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:00:05.0943 4960 arc - ok
11:00:05.0974 4960 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:00:05.0974 4960 arcsas - ok
11:00:06.0006 4960 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:00:06.0006 4960 AsyncMac - ok
11:00:06.0037 4960 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:00:06.0037 4960 atapi - ok
11:00:06.0193 4960 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:00:06.0208 4960 AudioEndpointBuilder - ok
11:00:06.0224 4960 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:00:06.0240 4960 AudioSrv - ok
11:00:06.0364 4960 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:00:06.0442 4960 AxInstSV - ok
11:00:06.0567 4960 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:00:06.0583 4960 b06bdrv - ok
11:00:06.0630 4960 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:00:06.0630 4960 b57nd60a - ok
11:00:06.0661 4960 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:00:06.0661 4960 BDESVC - ok
11:00:06.0676 4960 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:00:06.0676 4960 Beep - ok
11:00:06.0754 4960 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:00:06.0770 4960 BFE - ok
11:00:06.0926 4960 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys
11:00:06.0957 4960 BHDrvx64 - ok
11:00:07.0035 4960 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\system32\qmgr.dll
11:00:07.0066 4960 BITS - ok
11:00:07.0113 4960 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:00:07.0113 4960 blbdrive - ok
11:00:07.0176 4960 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:00:07.0191 4960 Bonjour Service - ok
11:00:07.0300 4960 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:00:07.0300 4960 bowser - ok
11:00:07.0332 4960 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:00:07.0332 4960 BrFiltLo - ok
11:00:07.0347 4960 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:00:07.0347 4960 BrFiltUp - ok
11:00:07.0410 4960 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
11:00:07.0410 4960 BridgeMP - ok
11:00:07.0441 4960 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:00:07.0441 4960 Browser - ok
11:00:07.0472 4960 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:00:07.0472 4960 Brserid - ok
11:00:07.0503 4960 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:00:07.0503 4960 BrSerWdm - ok
11:00:07.0534 4960 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:00:07.0534 4960 BrUsbMdm - ok
11:00:07.0550 4960 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:00:07.0550 4960 BrUsbSer - ok
11:00:07.0581 4960 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:00:07.0581 4960 BTHMODEM - ok
11:00:07.0597 4960 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:00:07.0612 4960 bthserv - ok
11:00:07.0659 4960 catchme - ok
11:00:07.0784 4960 ccSet_NIS (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys
11:00:07.0784 4960 ccSet_NIS - ok
11:00:07.0831 4960 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:00:07.0831 4960 cdfs - ok
11:00:07.0878 4960 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:00:07.0878 4960 cdrom - ok
11:00:07.0925 4960 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:00:07.0925 4960 CertPropSvc - ok
11:00:07.0956 4960 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:00:07.0971 4960 circlass - ok
11:00:08.0003 4960 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:00:08.0018 4960 CLFS - ok
11:00:08.0081 4960 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:00:08.0081 4960 clr_optimization_v2.0.50727_32 - ok
11:00:08.0112 4960 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:00:08.0112 4960 clr_optimization_v2.0.50727_64 - ok
11:00:08.0174 4960 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:00:08.0174 4960 clr_optimization_v4.0.30319_32 - ok
11:00:08.0205 4960 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:00:08.0205 4960 clr_optimization_v4.0.30319_64 - ok
11:00:08.0283 4960 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:00:08.0283 4960 CmBatt - ok
11:00:08.0315 4960 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:00:08.0315 4960 cmdide - ok
11:00:08.0361 4960 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
11:00:08.0377 4960 CNG - ok
11:00:08.0408 4960 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:00:08.0408 4960 Compbatt - ok
11:00:08.0439 4960 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:00:08.0439 4960 CompositeBus - ok
11:00:08.0455 4960 COMSysApp - ok
11:00:08.0486 4960 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:00:08.0486 4960 crcdisk - ok
11:00:08.0549 4960 CryptSvc (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll
11:00:08.0564 4960 CryptSvc - ok
11:00:08.0627 4960 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:00:08.0642 4960 DcomLaunch - ok
11:00:08.0689 4960 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:00:08.0689 4960 defragsvc - ok
11:00:08.0736 4960 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:00:08.0736 4960 DfsC - ok
11:00:08.0783 4960 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:00:08.0798 4960 Dhcp - ok
11:00:08.0814 4960 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:00:08.0814 4960 discache - ok
11:00:08.0861 4960 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:00:08.0861 4960 Disk - ok
11:00:08.0892 4960 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:00:08.0907 4960 Dnscache - ok
11:00:08.0939 4960 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:00:08.0939 4960 dot3svc - ok
11:00:08.0985 4960 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:00:08.0985 4960 DPS - ok
11:00:09.0017 4960 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:00:09.0017 4960 drmkaud - ok
11:00:09.0063 4960 dtsoftbus01 (1cecd1252261153c7873b5d9eb259d65) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
11:00:09.0063 4960 dtsoftbus01 - ok
11:00:09.0110 4960 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:00:09.0141 4960 DXGKrnl - ok
11:00:09.0173 4960 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:00:09.0173 4960 EapHost - ok
11:00:09.0266 4960 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:00:09.0329 4960 ebdrv - ok
11:00:09.0407 4960 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:00:09.0422 4960 eeCtrl - ok
11:00:09.0485 4960 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:00:09.0485 4960 EFS - ok
11:00:09.0547 4960 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:00:09.0563 4960 ehRecvr - ok
11:00:09.0594 4960 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:00:09.0594 4960 ehSched - ok
11:00:09.0656 4960 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:00:09.0672 4960 elxstor - ok
11:00:09.0765 4960 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:00:09.0765 4960 EraserUtilRebootDrv - ok
11:00:09.0843 4960 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:00:09.0843 4960 ErrDev - ok
11:00:09.0890 4960 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:00:09.0906 4960 EventSystem - ok
11:00:09.0921 4960 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:00:09.0937 4960 exfat - ok
11:00:09.0953 4960 ezSharedSvc - ok
11:00:09.0984 4960 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:00:09.0984 4960 fastfat - ok
11:00:10.0031 4960 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:00:10.0046 4960 Fax - ok
11:00:10.0077 4960 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:00:10.0077 4960 fdc - ok
11:00:10.0124 4960 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:00:10.0124 4960 fdPHost - ok
11:00:10.0140 4960 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:00:10.0140 4960 FDResPub - ok
11:00:10.0171 4960 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:00:10.0171 4960 FileInfo - ok
11:00:10.0187 4960 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:00:10.0187 4960 Filetrace - ok
11:00:10.0218 4960 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:00:10.0218 4960 flpydisk - ok
11:00:10.0265 4960 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:00:10.0280 4960 FltMgr - ok
11:00:10.0327 4960 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:00:10.0358 4960 FontCache - ok
11:00:10.0421 4960 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:00:10.0421 4960 FontCache3.0.0.0 - ok
11:00:10.0452 4960 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:00:10.0452 4960 FsDepends - ok
11:00:10.0483 4960 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
11:00:10.0483 4960 Fs_Rec - ok
11:00:10.0530 4960 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:00:10.0530 4960 fvevol - ok
11:00:10.0561 4960 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:00:10.0561 4960 gagp30kx - ok
11:00:10.0639 4960 GameConsoleService (67cf4c2e7477b9a01df07e38af293414) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
11:00:10.0639 4960 GameConsoleService - ok
11:00:10.0717 4960 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:00:10.0717 4960 GEARAspiWDM - ok
11:00:10.0779 4960 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:00:10.0795 4960 gpsvc - ok
11:00:10.0889 4960 gupdate (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:00:10.0889 4960 gupdate - ok
11:00:10.0920 4960 gupdatem (8f0de4fef8201e306f9938b0905ac96a) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
11:00:10.0935 4960 gupdatem - ok
11:00:11.0013 4960 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:00:11.0013 4960 hcw85cir - ok
11:00:11.0060 4960 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:00:11.0076 4960 HDAudBus - ok
11:00:11.0091 4960 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:00:11.0091 4960 HidBatt - ok
11:00:11.0107 4960 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:00:11.0123 4960 HidBth - ok
11:00:11.0138 4960 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:00:11.0138 4960 HidIr - ok
11:00:11.0169 4960 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
11:00:11.0169 4960 hidserv - ok
11:00:11.0216 4960 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:00:11.0216 4960 HidUsb - ok
11:00:11.0263 4960 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:00:11.0263 4960 hkmsvc - ok
11:00:11.0294 4960 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:00:11.0294 4960 HomeGroupListener - ok
11:00:11.0325 4960 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:00:11.0341 4960 HomeGroupProvider - ok
11:00:11.0419 4960 HotspotShieldService (4d31603aac4bba1951d6f100f71fee5c) C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
11:00:11.0435 4960 HotspotShieldService - ok
11:00:11.0497 4960 HP Support Assistant Service (13bb1114451c63bfb41ba7daa4d70a29) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
11:00:11.0497 4960 HP Support Assistant Service - ok
11:00:11.0544 4960 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
11:00:11.0544 4960 HPDrvMntSvc.exe - ok
11:00:11.0653 4960 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
11:00:11.0669 4960 hpqwmiex - ok
11:00:11.0747 4960 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:00:11.0747 4960 HpSAMD - ok
11:00:11.0809 4960 HssDrv (a60c877e1cd3aa2e4e5ccd8af305c0f1) C:\Windows\system32\DRIVERS\HssDrv.sys
11:00:11.0809 4960 HssDrv - ok
11:00:11.0903 4960 HssSrv (882b18a2e79b3a99c0637f3ac9b28d03) C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
11:00:11.0903 4960 HssSrv - ok
11:00:11.0949 4960 HssTrayService (583152096c0ec2d33b269b71b9df7923) C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE
11:00:11.0965 4960 HssTrayService - ok
11:00:11.0965 4960 HssWd - ok
11:00:12.0043 4960 HTCAND64 (f47cec45fb85791d4ab237563ad0fa8f) C:\Windows\system32\Drivers\ANDROIDUSB.sys
11:00:12.0043 4960 HTCAND64 - ok
11:00:12.0090 4960 htcnprot (b8b1b284362e1d8135112573395d5da5) C:\Windows\system32\DRIVERS\htcnprot.sys
11:00:12.0090 4960 htcnprot - ok
11:00:12.0152 4960 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:00:12.0168 4960 HTTP - ok
11:00:12.0199 4960 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:00:12.0199 4960 hwpolicy - ok
11:00:12.0246 4960 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:00:12.0246 4960 i8042prt - ok
11:00:12.0293 4960 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:00:12.0324 4960 iaStorV - ok
11:00:12.0386 4960 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:00:12.0417 4960 idsvc - ok
11:00:12.0605 4960 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120324.004\IDSvia64.sys
11:00:12.0620 4960 IDSVia64 - ok
11:00:12.0823 4960 igfx (2d18c9e1f23970de32d78d3b1cdda0a7) C:\Windows\system32\DRIVERS\igdkmd64.sys
11:00:12.0948 4960 igfx - ok
11:00:12.0995 4960 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:00:12.0995 4960 iirsp - ok
11:00:13.0041 4960 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:00:13.0057 4960 IKEEXT - ok
11:00:13.0135 4960 IntcAzAudAddService (bfbabcb231628a4551dbb10d0ea25d62) C:\Windows\system32\drivers\RTKVHD64.sys
11:00:13.0166 4960 IntcAzAudAddService - ok
11:00:13.0197 4960 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:00:13.0197 4960 intelide - ok
11:00:13.0229 4960 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:00:13.0229 4960 intelppm - ok
11:00:13.0260 4960 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:00:13.0260 4960 IPBusEnum - ok
11:00:13.0291 4960 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:00:13.0291 4960 IpFilterDriver - ok
11:00:13.0322 4960 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:00:13.0338 4960 iphlpsvc - ok
11:00:13.0369 4960 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:00:13.0369 4960 IPMIDRV - ok
11:00:13.0400 4960 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:00:13.0400 4960 IPNAT - ok
11:00:13.0478 4960 iPod Service (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:00:13.0509 4960 iPod Service - ok
11:00:13.0681 4960 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:00:13.0697 4960 IRENUM - ok
11:00:13.0837 4960 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:00:13.0837 4960 isapnp - ok
11:00:13.0868 4960 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:00:13.0868 4960 iScsiPrt - ok
11:00:13.0915 4960 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
11:00:13.0915 4960 kbdclass - ok
11:00:13.0962 4960 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
11:00:13.0962 4960 kbdhid - ok
11:00:13.0993 4960 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:13.0993 4960 KeyIso - ok
11:00:14.0024 4960 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
11:00:14.0024 4960 KSecDD - ok
11:00:14.0040 4960 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
11:00:14.0040 4960 KSecPkg - ok
11:00:14.0071 4960 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:00:14.0071 4960 ksthunk - ok
11:00:14.0102 4960 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:00:14.0102 4960 KtmRm - ok
11:00:14.0149 4960 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
11:00:14.0149 4960 LanmanServer - ok
11:00:14.0196 4960 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:00:14.0196 4960 LanmanWorkstation - ok
11:00:14.0258 4960 LightScribeService (108333981c841eb0ff198aa5dfcf3d3b) c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
11:00:14.0258 4960 LightScribeService - ok
11:00:14.0336 4960 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:00:14.0352 4960 lltdio - ok
11:00:14.0383 4960 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:00:14.0399 4960 lltdsvc - ok
11:00:14.0414 4960 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:00:14.0414 4960 lmhosts - ok
11:00:14.0445 4960 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:00:14.0445 4960 LSI_FC - ok
11:00:14.0477 4960 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:00:14.0477 4960 LSI_SAS - ok
11:00:14.0492 4960 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:00:14.0508 4960 LSI_SAS2 - ok
11:00:14.0539 4960 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:00:14.0539 4960 LSI_SCSI - ok
11:00:14.0617 4960 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:00:14.0617 4960 luafv - ok
11:00:14.0679 4960 lvpopf64 (c586cc39820b6e7fe3657fed8329d300) C:\Windows\system32\DRIVERS\lvpopf64.sys
11:00:14.0679 4960 lvpopf64 - ok
11:00:14.0711 4960 LVPr2M64 (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:00:14.0711 4960 LVPr2M64 - ok
11:00:14.0726 4960 LVPr2Mon (b3944d06eb4b64d57bd7e5fe89415f58) C:\Windows\system32\DRIVERS\LVPr2M64.sys
11:00:14.0726 4960 LVPr2Mon - ok
11:00:14.0773 4960 LVRS64 (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
11:00:14.0789 4960 LVRS64 - ok
11:00:14.0913 4960 LVUVC64 (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:00:15.0007 4960 LVUVC64 - ok
11:00:15.0023 4960 lxcr_device - ok
11:00:15.0054 4960 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:00:15.0069 4960 Mcx2Svc - ok
11:00:15.0085 4960 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:00:15.0085 4960 megasas - ok
11:00:15.0132 4960 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:00:15.0132 4960 MegaSR - ok
11:00:15.0163 4960 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:00:15.0163 4960 MMCSS - ok
11:00:15.0210 4960 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:00:15.0210 4960 Modem - ok
11:00:15.0241 4960 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:00:15.0241 4960 monitor - ok
11:00:15.0288 4960 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
11:00:15.0288 4960 mouclass - ok
11:00:15.0335 4960 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:00:15.0335 4960 mouhid - ok
11:00:15.0366 4960 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:00:15.0366 4960 mountmgr - ok
11:00:15.0397 4960 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:00:15.0397 4960 mpio - ok
11:00:15.0428 4960 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:00:15.0428 4960 mpsdrv - ok
11:00:15.0475 4960 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:00:15.0506 4960 MpsSvc - ok
11:00:15.0537 4960 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:00:15.0553 4960 MRxDAV - ok
11:00:15.0615 4960 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:00:15.0615 4960 mrxsmb - ok
11:00:15.0647 4960 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:00:15.0647 4960 mrxsmb10 - ok
11:00:15.0662 4960 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:00:15.0662 4960 mrxsmb20 - ok
11:00:15.0693 4960 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:00:15.0709 4960 msahci - ok
11:00:15.0725 4960 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:00:15.0740 4960 msdsm - ok
11:00:15.0756 4960 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:00:15.0771 4960 MSDTC - ok
11:00:15.0803 4960 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:00:15.0803 4960 Msfs - ok
11:00:15.0818 4960 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:00:15.0818 4960 mshidkmdf - ok
11:00:15.0865 4960 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:00:15.0865 4960 msisadrv - ok
11:00:15.0881 4960 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:00:15.0896 4960 MSiSCSI - ok
11:00:15.0896 4960 msiserver - ok
11:00:15.0927 4960 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:00:15.0927 4960 MSKSSRV - ok
11:00:15.0943 4960 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:00:15.0943 4960 MSPCLOCK - ok
11:00:15.0959 4960 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:00:15.0974 4960 MSPQM - ok
11:00:16.0005 4960 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:00:16.0005 4960 MsRPC - ok
11:00:16.0037 4960 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:00:16.0052 4960 mssmbios - ok
11:00:16.0068 4960 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:00:16.0068 4960 MSTEE - ok
11:00:16.0099 4960 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:00:16.0099 4960 MTConfig - ok
11:00:16.0130 4960 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:00:16.0130 4960 Mup - ok
11:00:16.0161 4960 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:00:16.0193 4960 napagent - ok
11:00:16.0224 4960 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:00:16.0224 4960 NativeWifiP - ok
11:00:16.0317 4960 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120326.019\ENG64.SYS
11:00:16.0317 4960 NAVENG - ok
11:00:16.0380 4960 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120326.019\EX64.SYS
11:00:16.0458 4960 NAVEX15 - ok
11:00:16.0583 4960 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:00:16.0614 4960 NDIS - ok
11:00:16.0661 4960 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:00:16.0661 4960 NdisCap - ok
11:00:16.0692 4960 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:00:16.0692 4960 NdisTapi - ok
11:00:16.0739 4960 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:00:16.0739 4960 Ndisuio - ok
11:00:16.0770 4960 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:00:16.0770 4960 NdisWan - ok
11:00:16.0817 4960 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:00:16.0817 4960 NDProxy - ok
11:00:16.0848 4960 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:00:16.0848 4960 NetBIOS - ok
11:00:16.0879 4960 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:00:16.0879 4960 NetBT - ok
11:00:16.0910 4960 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:16.0910 4960 Netlogon - ok
11:00:16.0957 4960 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:00:16.0973 4960 Netman - ok
11:00:16.0988 4960 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:00:17.0004 4960 netprofm - ok
11:00:17.0066 4960 netr28x (44d4bd55191624c82a2745296ba42814) C:\Windows\system32\DRIVERS\netr28x.sys
11:00:17.0082 4960 netr28x - ok
11:00:17.0144 4960 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:00:17.0144 4960 NetTcpPortSharing - ok
11:00:17.0207 4960 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:00:17.0207 4960 nfrd960 - ok
11:00:17.0300 4960 NIS (7a02f128a454bb22e300f3f80bc1bd22) C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe
11:00:17.0300 4960 NIS - ok
11:00:17.0378 4960 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:00:17.0394 4960 NlaSvc - ok
11:00:17.0425 4960 nlsX86cc - ok
11:00:17.0456 4960 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:00:17.0456 4960 Npfs - ok
11:00:17.0487 4960 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:00:17.0487 4960 nsi - ok
11:00:17.0503 4960 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:00:17.0503 4960 nsiproxy - ok
11:00:17.0628 4960 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:00:17.0675 4960 Ntfs - ok
11:00:17.0690 4960 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:00:17.0690 4960 Null - ok
11:00:17.0737 4960 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:00:17.0737 4960 nvraid - ok
11:00:17.0768 4960 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:00:17.0784 4960 nvstor - ok
11:00:17.0799 4960 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:00:17.0799 4960 nv_agp - ok
11:00:17.0831 4960 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:00:17.0831 4960 ohci1394 - ok
11:00:17.0877 4960 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:00:17.0877 4960 p2pimsvc - ok
11:00:17.0909 4960 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:00:17.0924 4960 p2psvc - ok
11:00:17.0971 4960 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:00:17.0971 4960 Parport - ok
11:00:18.0002 4960 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
11:00:18.0002 4960 partmgr - ok
11:00:18.0096 4960 PassThru Service (39b9dcd7040654c2e57d7396736c718e) C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
11:00:18.0096 4960 PassThru Service - ok
11:00:18.0111 4960 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:00:18.0127 4960 PcaSvc - ok
11:00:18.0174 4960 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:00:18.0174 4960 pci - ok
11:00:18.0189 4960 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:00:18.0189 4960 pciide - ok
11:00:18.0221 4960 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:00:18.0236 4960 pcmcia - ok
11:00:18.0252 4960 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:00:18.0252 4960 pcw - ok
11:00:18.0283 4960 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:00:18.0314 4960 PEAUTH - ok
11:00:18.0345 4960 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:00:18.0361 4960 PerfHost - ok
11:00:18.0423 4960 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:00:18.0455 4960 pla - ok
11:00:18.0517 4960 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:00:18.0533 4960 PlugPlay - ok
11:00:18.0595 4960 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:00:18.0595 4960 PNRPAutoReg - ok
11:00:18.0611 4960 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:00:18.0626 4960 PNRPsvc - ok
11:00:18.0657 4960 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:00:18.0689 4960 PolicyAgent - ok
11:00:18.0720 4960 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:00:18.0720 4960 Power - ok
11:00:18.0767 4960 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:00:18.0767 4960 PptpMiniport - ok
11:00:18.0798 4960 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:00:18.0798 4960 Processor - ok
11:00:18.0860 4960 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
11:00:18.0891 4960 ProfSvc - ok
11:00:18.0969 4960 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:18.0969 4960 ProtectedStorage - ok
11:00:19.0016 4960 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:00:19.0016 4960 Psched - ok
11:00:19.0079 4960 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:00:19.0125 4960 ql2300 - ok
11:00:19.0141 4960 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:00:19.0141 4960 ql40xx - ok
11:00:19.0188 4960 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:00:19.0188 4960 QWAVE - ok
11:00:19.0203 4960 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:00:19.0203 4960 QWAVEdrv - ok
11:00:19.0219 4960 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:00:19.0219 4960 RasAcd - ok
11:00:19.0266 4960 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:00:19.0266 4960 RasAgileVpn - ok
11:00:19.0281 4960 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:00:19.0281 4960 RasAuto - ok
11:00:19.0313 4960 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:00:19.0328 4960 Rasl2tp - ok
11:00:19.0359 4960 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:00:19.0376 4960 RasMan - ok
11:00:19.0392 4960 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:00:19.0392 4960 RasPppoe - ok
11:00:19.0423 4960 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:00:19.0423 4960 RasSstp - ok
11:00:19.0454 4960 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:00:19.0470 4960 rdbss - ok
11:00:19.0485 4960 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:00:19.0485 4960 rdpbus - ok
11:00:19.0501 4960 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:00:19.0501 4960 RDPCDD - ok
11:00:19.0516 4960 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:00:19.0516 4960 RDPENCDD - ok
11:00:19.0532 4960 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:00:19.0532 4960 RDPREFMP - ok
11:00:19.0610 4960 RDPWD (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys
11:00:19.0610 4960 RDPWD - ok
11:00:19.0657 4960 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:00:19.0657 4960 rdyboost - ok
11:00:19.0688 4960 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:00:19.0688 4960 RemoteAccess - ok
11:00:19.0719 4960 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:00:19.0735 4960 RemoteRegistry - ok
11:00:19.0750 4960 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:00:19.0750 4960 RpcEptMapper - ok
11:00:19.0782 4960 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:00:19.0782 4960 RpcLocator - ok
11:00:19.0813 4960 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:00:19.0828 4960 RpcSs - ok
11:00:19.0860 4960 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:00:19.0860 4960 rspndr - ok
11:00:19.0906 4960 RTL8167 (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
11:00:19.0906 4960 RTL8167 - ok
11:00:19.0953 4960 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:19.0953 4960 SamSs - ok
11:00:19.0984 4960 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:00:19.0984 4960 sbp2port - ok
11:00:20.0016 4960 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:00:20.0031 4960 SCardSvr - ok
11:00:20.0062 4960 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:00:20.0062 4960 scfilter - ok
11:00:20.0125 4960 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:00:20.0140 4960 Schedule - ok
11:00:20.0172 4960 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:00:20.0172 4960 SCPolicySvc - ok
11:00:20.0203 4960 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:00:20.0218 4960 SDRSVC - ok
11:00:20.0250 4960 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:00:20.0250 4960 secdrv - ok
11:00:20.0281 4960 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:00:20.0281 4960 seclogon - ok
11:00:20.0312 4960 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll
11:00:20.0312 4960 SENS - ok
11:00:20.0343 4960 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:00:20.0343 4960 SensrSvc - ok
11:00:20.0374 4960 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:00:20.0374 4960 Serenum - ok
11:00:20.0407 4960 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:00:20.0422 4960 Serial - ok
11:00:20.0453 4960 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:00:20.0453 4960 sermouse - ok
11:00:20.0500 4960 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:00:20.0500 4960 SessionEnv - ok
11:00:20.0531 4960 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:00:20.0531 4960 sffdisk - ok
11:00:20.0578 4960 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:00:20.0594 4960 sffp_mmc - ok
11:00:20.0609 4960 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:00:20.0609 4960 sffp_sd - ok
11:00:20.0625 4960 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:00:20.0641 4960 sfloppy - ok
11:00:20.0672 4960 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:00:20.0687 4960 SharedAccess - ok
11:00:20.0719 4960 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:00:20.0750 4960 ShellHWDetection - ok
11:00:20.0781 4960 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:00:20.0781 4960 SiSRaid2 - ok
11:00:20.0812 4960 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:00:20.0812 4960 SiSRaid4 - ok
11:00:20.0843 4960 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:00:20.0843 4960 Smb - ok
11:00:20.0890 4960 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:00:20.0890 4960 SNMPTRAP - ok
11:00:20.0906 4960 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:00:20.0906 4960 spldr - ok
11:00:20.0968 4960 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:00:20.0984 4960 Spooler - ok
11:00:21.0077 4960 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:00:21.0155 4960 sppsvc - ok
11:00:21.0187 4960 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:00:21.0187 4960 sppuinotify - ok
11:00:21.0265 4960 SRTSP (4d56f175f76c685a06471800a03219b2) C:\Windows\System32\Drivers\NISx64\1306020.00A\SRTSP64.SYS
11:00:21.0296 4960 SRTSP - ok
11:00:21.0311 4960 SRTSPX (7b02f64dc80c0ec7300af302ed5d1cb3) C:\Windows\system32\drivers\NISx64\1306020.00A\SRTSPX64.SYS
11:00:21.0311 4960 SRTSPX - ok
11:00:21.0358 4960 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:00:21.0374 4960 srv - ok
11:00:21.0389 4960 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:00:21.0405 4960 srv2 - ok
11:00:21.0406 4960 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:00:21.0422 4960 srvnet - ok
11:00:21.0453 4960 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:00:21.0468 4960 SSDPSRV - ok
11:00:21.0484 4960 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:00:21.0484 4960 SstpSvc - ok
11:00:21.0515 4960 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:00:21.0515 4960 stexstor - ok
11:00:21.0609 4960 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:00:21.0624 4960 stisvc - ok
11:00:21.0656 4960 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:00:21.0656 4960 swenum - ok
11:00:21.0687 4960 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:00:21.0702 4960 swprv - ok
11:00:21.0780 4960 SymDS (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS
11:00:21.0796 4960 SymDS - ok
11:00:21.0843 4960 SymEFA (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS
11:00:21.0874 4960 SymEFA - ok
11:00:21.0905 4960 SymEvent (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:00:21.0905 4960 SymEvent - ok
11:00:21.0952 4960 SymIRON (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS
11:00:21.0952 4960 SymIRON - ok
11:00:21.0983 4960 SymNetS (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS
11:00:22.0014 4960 SymNetS - ok
11:00:22.0077 4960 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:00:22.0124 4960 SysMain - ok
11:00:22.0155 4960 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:00:22.0155 4960 TabletInputService - ok
11:00:22.0202 4960 tap0901 (595cb8da5b522ad8cc28193dc21fd496) C:\Windows\system32\DRIVERS\tap0901.sys
11:00:22.0202 4960 tap0901 - ok
11:00:22.0233 4960 taphss (f33fdc72298df4bf9813a55d21f4eb31) C:\Windows\system32\DRIVERS\taphss.sys
11:00:22.0233 4960 taphss - ok
11:00:22.0280 4960 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:00:22.0280 4960 TapiSrv - ok
11:00:22.0295 4960 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:00:22.0311 4960 TBS - ok
11:00:22.0373 4960 Tcpip (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
11:00:22.0451 4960 Tcpip - ok
11:00:22.0498 4960 TCPIP6 (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
11:00:22.0514 4960 TCPIP6 - ok
11:00:22.0545 4960 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:00:22.0545 4960 tcpipreg - ok
11:00:22.0623 4960 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:00:22.0623 4960 TDPIPE - ok
11:00:22.0654 4960 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:00:22.0654 4960 TDTCP - ok
11:00:22.0701 4960 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:00:22.0701 4960 tdx - ok
11:00:22.0732 4960 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:00:22.0732 4960 TermDD - ok
11:00:22.0763 4960 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:00:22.0794 4960 TermService - ok
11:00:22.0826 4960 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:00:22.0826 4960 Themes - ok
11:00:22.0857 4960 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:00:22.0857 4960 THREADORDER - ok
11:00:22.0872 4960 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:00:22.0888 4960 TrkWks - ok
11:00:22.0919 4960 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:00:22.0919 4960 TrustedInstaller - ok
11:00:22.0966 4960 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:00:22.0966 4960 tssecsrv - ok
11:00:23.0013 4960 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:00:23.0013 4960 TsUsbFlt - ok
11:00:23.0060 4960 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:00:23.0075 4960 tunnel - ok
11:00:23.0106 4960 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:00:23.0106 4960 uagp35 - ok
11:00:23.0138 4960 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:00:23.0153 4960 udfs - ok
11:00:23.0200 4960 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:00:23.0200 4960 UI0Detect - ok
11:00:23.0231 4960 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:00:23.0231 4960 uliagpkx - ok
11:00:23.0278 4960 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:00:23.0278 4960 umbus - ok
11:00:23.0309 4960 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:00:23.0309 4960 UmPass - ok
11:00:23.0403 4960 UMVPFSrv (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:00:23.0418 4960 UMVPFSrv - ok
11:00:23.0465 4960 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:00:23.0481 4960 upnphost - ok
11:00:23.0543 4960 USBAAPL64 (cd03479f2da26500b203ed075c146a7a) C:\Windows\system32\Drivers\usbaapl64.sys
11:00:23.0559 4960 USBAAPL64 - ok
11:00:23.0606 4960 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:00:23.0606 4960 usbaudio - ok
11:00:23.0637 4960 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:00:23.0637 4960 usbccgp - ok
11:00:23.0684 4960 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:00:23.0684 4960 usbcir - ok
11:00:23.0715 4960 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:00:23.0715 4960 usbehci - ok
11:00:23.0746 4960 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:00:23.0762 4960 usbhub - ok
11:00:23.0777 4960 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
11:00:23.0793 4960 usbohci - ok
11:00:23.0808 4960 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:00:23.0808 4960 usbprint - ok
11:00:23.0855 4960 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:00:23.0855 4960 usbscan - ok
11:00:23.0902 4960 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:00:23.0902 4960 USBSTOR - ok
11:00:23.0933 4960 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:00:23.0933 4960 usbuhci - ok
11:00:23.0980 4960 usb_rndisx (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
11:00:23.0996 4960 usb_rndisx - ok
11:00:24.0011 4960 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:00:24.0011 4960 UxSms - ok
11:00:24.0058 4960 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:00:24.0058 4960 VaultSvc - ok
11:00:24.0089 4960 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:00:24.0089 4960 vdrvroot - ok
11:00:24.0136 4960 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:00:24.0152 4960 vds - ok
11:00:24.0198 4960 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:00:24.0198 4960 vga - ok
11:00:24.0214 4960 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:00:24.0230 4960 VgaSave - ok
11:00:24.0261 4960 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:00:24.0261 4960 vhdmp - ok
11:00:24.0292 4960 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:00:24.0292 4960 viaide - ok
11:00:24.0308 4960 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:00:24.0323 4960 volmgr - ok
11:00:24.0354 4960 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:00:24.0354 4960 volmgrx - ok
11:00:24.0386 4960 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:00:24.0386 4960 volsnap - ok
11:00:24.0417 4960 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:00:24.0417 4960 vsmraid - ok
11:00:24.0479 4960 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:00:24.0510 4960 VSS - ok
11:00:24.0542 4960 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:00:24.0588 4960 vwifibus - ok
11:00:24.0620 4960 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:00:24.0635 4960 vwififlt - ok
11:00:24.0651 4960 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:00:24.0666 4960 W32Time - ok
11:00:24.0698 4960 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:00:24.0698 4960 WacomPen - ok
11:00:24.0760 4960 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:24.0760 4960 WANARP - ok
11:00:24.0760 4960 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:00:24.0776 4960 Wanarpv6 - ok
11:00:24.0854 4960 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
11:00:24.0869 4960 WatAdminSvc - ok
11:00:24.0932 4960 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:00:24.0978 4960 wbengine - ok
11:00:24.0994 4960 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:00:25.0010 4960 WbioSrvc - ok
11:00:25.0041 4960 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:00:25.0056 4960 wcncsvc - ok
11:00:25.0072 4960 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:00:25.0088 4960 WcsPlugInService - ok
11:00:25.0119 4960 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:00:25.0119 4960 Wd - ok
11:00:25.0166 4960 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:00:25.0181 4960 Wdf01000 - ok
11:00:25.0197 4960 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:00:25.0197 4960 WdiServiceHost - ok
11:00:25.0212 4960 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:00:25.0212 4960 WdiSystemHost - ok
11:00:25.0259 4960 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:00:25.0275 4960 WebClient - ok
11:00:25.0290 4960 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:00:25.0306 4960 Wecsvc - ok
11:00:25.0322 4960 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:00:25.0322 4960 wercplsupport - ok
11:00:25.0353 4960 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:00:25.0353 4960 WerSvc - ok
11:00:25.0400 4960 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:00:25.0400 4960 WfpLwf - ok
11:00:25.0415 4960 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:00:25.0415 4960 WIMMount - ok
11:00:25.0446 4960 WinDefend - ok
11:00:25.0462 4960 WinHttpAutoProxySvc - ok
11:00:25.0509 4960 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:00:25.0524 4960 Winmgmt - ok
11:00:25.0743 4960 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:00:25.0790 4960 WinRM - ok
11:00:25.0992 4960 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:00:25.0992 4960 WinUsb - ok
11:00:26.0039 4960 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:00:26.0070 4960 Wlansvc - ok
11:00:26.0195 4960 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
11:00:26.0258 4960 wlidsvc - ok
11:00:26.0320 4960 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:00:26.0320 4960 WmiAcpi - ok
11:00:26.0367 4960 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:00:26.0367 4960 wmiApSrv - ok
11:00:26.0414 4960 WMPNetworkSvc - ok
11:00:26.0445 4960 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:00:26.0445 4960 WPCSvc - ok
11:00:26.0492 4960 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:00:26.0492 4960 WPDBusEnum - ok
11:00:26.0523 4960 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:00:26.0523 4960 ws2ifsl - ok
11:00:26.0538 4960 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
11:00:26.0538 4960 wscsvc - ok
11:00:26.0554 4960 WSearch - ok
11:00:26.0648 4960 wuauserv (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll
11:00:26.0694 4960 wuauserv - ok
11:00:26.0757 4960 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:00:26.0757 4960 WudfPf - ok
11:00:26.0788 4960 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:00:26.0788 4960 WUDFRd - ok
11:00:26.0819 4960 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:00:26.0835 4960 wudfsvc - ok
11:00:26.0866 4960 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:00:26.0866 4960 WwanSvc - ok
11:00:26.0913 4960 xusb21 (2ee48cfce7ca8e0db4c44c7476c0943b) C:\Windows\system32\DRIVERS\xusb21.sys
11:00:26.0928 4960 xusb21 - ok
11:00:27.0038 4960 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
11:00:27.0053 4960 YahooAUService - ok
11:00:27.0084 4960 MBR (0x1B8) (50551a35a98ae9fc27c5601df0a404cf) \Device\Harddisk0\DR0
11:00:27.0287 4960 \Device\Harddisk0\DR0 - ok
11:00:27.0287 4960 Boot (0x1200) (f92165d34e335cf6ab5a810df4f56ed6) \Device\Harddisk0\DR0\Partition0
11:00:27.0303 4960 \Device\Harddisk0\DR0\Partition0 - ok
11:00:27.0303 4960 Boot (0x1200) (96736f35a7e1dc01a5f75169eb9c2c99) \Device\Harddisk0\DR0\Partition1
11:00:27.0318 4960 \Device\Harddisk0\DR0\Partition1 - ok
11:00:27.0334 4960 Boot (0x1200) (72a11966694c549d29a66399c337c6c5) \Device\Harddisk0\DR0\Partition2
11:00:27.0350 4960 \Device\Harddisk0\DR0\Partition2 - ok
11:00:27.0350 4960 ============================================================
11:00:27.0350 4960 Scan finished
11:00:27.0350 4960 ============================================================
11:00:27.0365 5892 Detected object count: 0
11:00:27.0365 5892 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-27 11:01:16
-----------------------------
11:01:16.108 OS Version: Windows x64 6.1.7601 Service Pack 1
11:01:16.108 Number of processors: 2 586 0x170A
11:01:16.108 ComputerName: SHAUN-PC UserName: Shaun
11:01:18.043 Initialize success
11:09:44.314 AVAST engine defs: 12032700
11:23:32.708 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
11:23:32.708 Disk 0 Vendor: WDC_WD3200AAJS-65M0A0 01.03E01 Size: 305245MB BusType: 3
11:23:32.739 Disk 0 MBR read successfully
11:23:32.739 Disk 0 MBR scan
11:23:32.739 Disk 0 unknown MBR code
11:23:32.754 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
11:23:32.770 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291273 MB offset 206848
11:23:32.801 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13870 MB offset 596733952
11:23:32.864 Disk 0 scanning C:\Windows\system32\drivers
11:23:41.880 Service scanning
11:24:02.316 Modules scanning
11:24:02.316 Disk 0 trace - called modules:
11:24:02.348 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS intelide.sys PCIIDEX.SYS hal.dll atapi.sys
11:24:02.363 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004606060]
11:24:02.363 3 CLASSPNP.SYS[fffff88001b9f43f] -> nt!IofCallDriver -> [0xfffffa800414a580]
11:24:02.379 5 ACPI.sys[fffff88000fa07a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004138060]
11:24:03.845 AVAST engine scan C:\Windows
11:24:06.918 AVAST engine scan C:\Windows\system32
11:26:48.306 AVAST engine scan C:\Windows\system32\drivers
11:27:10.599 AVAST engine scan C:\Users\Shaun
11:31:50.421 File: C:\Users\Shaun\AppData\Local\Temp\_av4_\data\aswar0.dll **INFECTED** Win32:Malware-gen
11:31:50.608 File: C:\Users\Shaun\AppData\Local\Temp\_av4_\data\updldr0.bin **INFECTED** Win32:Malware-gen
11:34:43.472 Disk 0 MBR has been saved successfully to "C:\Users\Shaun\Desktop\MBR.dat"
11:34:43.472 The log file has been saved successfully to "C:\Users\Shaun\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 March 2012 - 07:56 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:dir
C:\Users\Shaun\AppData\Local\Temp\_av4_ /sub
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 March 2012 - 08:06 AM

here is the system look report


SystemLook 30.07.11 by jpshortstuff
Log created at 14:05 on 27/03/2012 by Shaun
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== dir ==========

C:\Users\Shaun\AppData\Local\Temp\_av4_ - Parameters: "/sub"

---Files---
aswCmnB.dll --a---- 131072 bytes [10:01 27/03/2012] [10:01 27/03/2012]
aswCmnOS.dll --a---- 81920 bytes [10:01 27/03/2012] [10:01 27/03/2012]
aswCmnS.dll --a---- 192512 bytes [10:01 27/03/2012] [10:01 27/03/2012]
aswEngin.dll --a---- 1228800 bytes [10:01 27/03/2012] [10:01 27/03/2012]
aswScan.dll --a---- 86016 bytes [10:01 27/03/2012] [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data d------ [10:01 27/03/2012]
400.vps --a---- 51745557 bytes [10:01 27/03/2012] [10:09 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\backup d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\chest d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\integ d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\journal d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\log d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\moved d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\report d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\data\skin d------ [10:01 27/03/2012]

C:\Users\Shaun\AppData\Local\Temp\_av4_\english d------ [10:01 27/03/2012]

-= EOF =-

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 March 2012 - 08:47 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::
KillAll::
Folder::
c:\programdata\Premium
c:\programdata\Codec-C
C:\codec-info
c:\programdata\InstallMate

File::
C:\Users\Shaun\AppData\Local\Temp\_av4_\data\aswar0.dll
C:\Users\Shaun\AppData\Local\Temp\_av4_\data\updldr0.bin

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 March 2012 - 11:56 AM

Hey here is the new combofix report, i didnt have any problems running the script. After running the script the Codec-c is still in the add and remove program thing and i also still dont have my programs back in my start menu, i havent noticed any ad's in the usual places but they sometimes take a while to show after a restart i'll update you if they show up again.

ComboFix 12-03-26.02 - Shaun 27/03/2012 17:07:19.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.4061.2389 [GMT 1:00]
Running from: c:\users\Shaun\Desktop\ComboFix.exe
Command switches used :: c:\users\Shaun\Desktop\CFscript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\users\Shaun\AppData\Local\Temp\_av4_\data\aswar0.dll"
"c:\users\Shaun\AppData\Local\Temp\_av4_\data\updldr0.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\codec-info
c:\codec-info\codec_info.html
c:\programdata\Codec-C
c:\programdata\Codec-C\background.html
c:\programdata\Codec-C\bhoclass.dll
c:\programdata\Codec-C\content.js
c:\programdata\Codec-C\data\content.js
c:\programdata\Codec-C\data\jsondb.js
c:\programdata\Codec-C\joifgdlkhokekeaenpkaehbnjhncglbh.crx
c:\programdata\Codec-C\settings.ini
c:\programdata\Codec-C\uninstall.exe
c:\programdata\InstallMate
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setup.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\_Setupx.dll
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\0.ini
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\20120324123552.log
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.dat
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.exe
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\Setup.ico
c:\programdata\InstallMate\{B01A9061-55EF-4AEF-9983-6BD5B2D76491}\TsuDll.dll
c:\programdata\Premium
.
.
((((((((((((((((((((((((( Files Created from 2012-02-27 to 2012-03-27 )))))))))))))))))))))))))))))))
.
.
2012-03-27 16:19 . 2012-03-27 16:19 -------- d-----w- c:\users\Mcx1-SHAUN-PC\AppData\Local\temp
2012-03-27 16:19 . 2012-03-27 16:19 -------- d-----w- c:\users\James\AppData\Local\temp
2012-03-27 16:19 . 2012-03-27 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-25 13:03 . 2012-03-25 13:29 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-25 13:03 . 2012-03-26 23:12 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2012-03-23 06:04 . 2012-03-25 17:50 -------- d-----w- c:\windows\system32\drivers\NISx64\1306020.00A
2012-03-18 02:00 . 2012-03-18 02:00 -------- d-----w- c:\users\Shaun\AppData\Roaming\PFStaticIP
2012-03-15 03:03 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-15 03:03 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-15 03:03 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-14 06:22 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-14 06:22 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-14 06:22 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-14 06:19 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-14 06:19 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-14 06:19 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-14 06:19 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-14 06:19 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-14 06:19 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-14 06:19 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-11 14:31 . 2012-03-11 14:31 -------- d-----w- c:\users\Shaun\AppData\Roaming\Yahoo!
2012-03-11 14:27 . 2012-03-11 14:27 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-03-11 14:00 . 2012-03-11 14:01 -------- d-----w- c:\program files\iTunes
2012-03-11 14:00 . 2012-03-11 14:01 -------- d-----w- c:\program files (x86)\iTunes
2012-03-11 14:00 . 2012-03-11 14:00 -------- d-----w- c:\program files\iPod
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-23 06:04 . 2010-01-25 21:35 175736 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-03-11 14:27 . 2010-10-06 16:15 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-18 07:31 . 2011-07-19 16:45 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-25 01:29 . 2012-01-25 01:29 2301208 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-01-25 01:28 . 2012-01-25 01:28 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-01-25 01:28 . 2012-01-25 01:28 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-01-18 06:44 . 2012-01-18 06:44 540960 ----a-w- c:\windows\SysWow64\LVUI2RC.dll
2012-01-18 06:44 . 2012-01-18 06:44 545056 ----a-w- c:\windows\SysWow64\LVUI2.dll
2012-01-18 06:44 . 2012-01-18 06:44 561440 ----a-w- c:\windows\system32\LVUIRC64.dll
2012-01-18 06:44 . 2012-01-18 06:44 4865568 ----a-w- c:\windows\system32\drivers\lvuvc64.sys
2012-01-18 06:44 . 2012-01-18 06:44 769312 ----a-w- c:\windows\system32\LVUI64.dll
2012-01-18 06:44 . 2012-01-18 06:44 351136 ----a-w- c:\windows\system32\drivers\lvrs64.sys
2012-01-18 06:44 . 2012-01-18 06:44 307488 ----a-w- c:\windows\SysWow64\lvcodec2.dll
2012-01-18 06:44 . 2012-01-18 06:44 263456 ----a-w- c:\windows\system32\lvco13311044.dll
2012-01-18 06:44 . 2012-01-18 06:44 176416 ----a-w- c:\windows\system32\lvcod64.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\SysWow64\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 336408 ----a-w- c:\windows\system32\DevManagerCore.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\SysWow64\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 10920984 ----a-w- c:\windows\system32\LogiDPP.dll
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\SysWow64\LogiDPPApp.exe
2012-01-18 06:44 . 2012-01-18 06:44 104472 ----a-w- c:\windows\system32\LogiDPPApp.exe
2012-01-04 10:44 . 2012-02-15 05:47 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-01-04 08:58 . 2012-02-15 05:47 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2011-12-30 06:26 . 2012-02-15 05:46 515584 ----a-w- c:\windows\system32\timedate.cpl
2011-12-30 05:27 . 2012-02-15 05:46 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-26_23.14.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-03-27 16:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-26 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-03-26 23:12 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 16:20 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-27 16:20 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-26 23:12 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-19 12:20 . 2012-03-26 23:36 60404 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2010-01-25 20:49 . 2012-03-26 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-25 20:49 . 2012-03-26 23:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-25 20:49 . 2012-03-26 23:15 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-01-25 20:49 . 2012-03-26 23:35 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-01-25 20:49 . 2012-03-26 23:15 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-25 20:49 . 2012-03-26 23:35 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-11-02 11:10 . 2012-03-27 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-11-02 11:10 . 2012-03-26 23:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-11-02 11:10 . 2012-03-27 16:14 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-11-02 11:10 . 2012-03-26 23:02 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-03-27 16:20 . 2012-03-27 16:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 23:12 . 2012-03-26 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-03-26 23:12 . 2012-03-26 23:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-03-27 16:20 . 2012-03-27 16:20 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-03-26 08:09 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-26 23:39 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-26 23:39 110208 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-26 08:09 110208 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-03-26 23:11 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-27 16:19 288976 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-01-25 21:31 . 2012-03-27 16:19 1709980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3474861053-3292695585-4223325806-1001-8192.dat
- 2010-01-25 21:31 . 2012-03-26 23:11 1709980 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3474861053-3292695585-4223325806-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files (x86)\AIM\aim.exe" [2010-03-08 3972440]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-02-28 740216]
"Logitech Vid"="c:\program files (x86)\Logitech\Logitech Vid\Vid.exe" [2010-05-11 6061400]
"ooVoo.exe"="c:\program files (x86)\ooVoo\oovoo.exe" [2010-10-31 19071672]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"Facebook Update"="c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-11-02 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"HP Remote Solution"="c:\program files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe" [2009-05-26 656896]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-05-12 581480]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"lxcrmon.exe"="c:\program files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86) (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2011-12-20 634880]
.
c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A]
.
c:\users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Warner Bros.lnk - c:\program files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe [2012-1-18 142848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files (x86)\Hotspot Shield\bin\hsswd.exe [2010-10-15 326704]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 135664]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVPr2M64;Logitech LVPr2M64 Driver;c:\windows\system32\DRIVERS\LVPr2M64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1306020.00A\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1306020.00A\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys [2012-03-02 1157240]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1306020.00A\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120324.004\IDSvia64.sys [2012-03-06 488568]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1306020.00A\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1306020.00A\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ABBYY.Licensing.FineReader.Professional.9.0;ABBYY FineReader 9.0 PE Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe [2008-10-27 759072]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe [2012-01-17 138232]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-16 138360]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001Core.job
- c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-02 01:14]
.
2012-03-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001UA.job
- c:\users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-11-02 01:14]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:55]
.
2012-03-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-05 18:55]
.
2012-03-26 c:\windows\Tasks\HPCeeScheduleForShaun.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 22:15]
.
2012-02-28 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2009-06-10 11:04]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-08 610360]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-02 159232]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-02 380928]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-02 358912]
"lxcrmon.exe"="c:\program files (x86)\Lexmark 2400 Series\lxcrmon.exe" [2009-05-01 291496]
"EzPrint"="c:\program files (x86)\Lexmark 2400 Series\ezprint.exe" [2009-05-01 82600]
"LXCRCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCRtime.dll" [2006-11-21 31744]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{456C8851-F50A-4EF8-8615-789446BDE1C0}: NameServer = 192.168.0.1
TCP: Interfaces\{5AAA8B34-2142-4B3B-AA33-39C17466B741}: NameServer = 10.94.88.1
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{19480E4E-F264-4DFB-B991-C35664EDBE49} - c:\programdata\Codec-C\bhoclass.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-{2EF17083-57D4-4D64-AE4F-55F32A2C4571} - c:\programdata\Codec-C\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.6.2.10\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\windows\SysWOW64\NlsSrv32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hotspot Shield\bin\openvpnas.exe
.
**************************************************************************
.
Completion time: 2012-03-27 17:37:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-27 16:37
ComboFix2.txt 2012-03-26 23:29
.
Pre-Run: 143,865,937,920 bytes free
Post-Run: 143,759,568,896 bytes free
.
- - End Of File - - 26F6081CB5C1CE67B46A3A1E56D27487

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 March 2012 - 04:37 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 March 2012 - 07:19 PM

hey, here is the old timer report. thanks for all this help by the way


OTL logfile created on: 28/03/2012 01:13:05 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\Shaun\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

3.97 Gb Total Physical Memory | 2.11 Gb Available Physical Memory | 53.08% Memory free
7.93 Gb Paging File | 5.97 Gb Available in Paging File | 75.24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 284.45 Gb Total Space | 134.57 Gb Free Space | 47.31% Space Free | Partition Type: NTFS
Drive D: | 13.54 Gb Total Space | 2.39 Gb Free Space | 17.63% Space Free | Partition Type: NTFS

Computer Name: SHAUN-PC | User Name: Shaun | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Shaun\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe (TeamSpeak Systems GmbH)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11f_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
PRC - C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
PRC - C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
PRC - C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
PRC - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (CyberLink)
PRC - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe (CyberLink Corp.)
PRC - C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
PRC - C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
PRC - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))


========== Modules (No Company Name) ==========

MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\plugins\clientquery_plugin.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\soundbackends\windowsaudiosession_win32.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\soundbackends\directsound_win32.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\plugins\appscanner_plugin.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\QtGui4.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\QtCore4.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\QtNetwork4.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\imageformats\qjpeg4.dll ()
MOD - C:\Users\Shaun\AppData\Local\TeamSpeak 3 Client\imageformats\qgif4.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
MOD - C:\Program Files (x86)\Lexmark 2400 Series\iptk.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (lxcr_device) -- C:\Windows\SysNative\lxcrcoms.exe ( )
SRV - (UMVPFSrv) -- C:\Program Files (x86)\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe (Logitech Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ccSvcHst.exe (Symantec Corporation)
SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (HssTrayService) -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.exe ()
SRV - (HotspotShieldService) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe ()
SRV - (HssSrv) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe ()
SRV - (GameConsoleService) -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe (WildTangent, Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (nlsX86cc) -- C:\Windows\SysWOW64\NlsSrv32.exe (Nalpeiron Ltd.)
SRV - (ezSharedSvc) -- C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
SRV - (ABBYY.Licensing.FineReader.Professional.9.0) -- C:\Program Files (x86)\Common Files\ABBYY\FineReader\9.00\Licensing\PE\NetworkLicenseServer.exe (ABBYY (BIT Software))
SRV - (lxcr_device) -- C:\Windows\SysWOW64\lxcrcoms.exe ( )


========== Driver Services (SafeList) ==========

DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (LVUVC64) Logitech Webcam 250(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\symds64.sys (Symantec Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HssDrv) -- C:\Windows\SysNative\drivers\HssDrv.sys (AnchorFree Inc.)
DRV:64bit: - (lvpopf64) -- C:\Windows\SysNative\drivers\lvpopf64.sys (Logitech Inc.)
DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows ® Win 7 DDK provider)
DRV:64bit: - (LVPr2Mon) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (LVPr2M64) -- C:\Windows\SysNative\drivers\LVPr2M64.sys ()
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (taphss) -- C:\Windows\SysNative\drivers\taphss.sys (AnchorFree Inc)
DRV:64bit: - (tap0901) -- C:\Windows\SysNative\drivers\tap0901.sys (The OpenVPN Project)
DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (netr28x) -- C:\Windows\SysNative\drivers\netr28x.sys (Ralink Technology, Corp.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120327.008\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120327.008\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120324.004\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120317.002\BHDrvx64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {245BD935-469F-4E65-8D49-4AED56384B94}
IE:64bit: - HKLM\..\SearchScopes\{245BD935-469F-4E65-8D49-4AED56384B94}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE:64bit: - HKLM\..\SearchScopes\{24803EB1-32CD-4EAC-AC93-6C2DFE1AC487}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE:64bit: - HKLM\..\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_GB&c=94&bd=Pavilion&pf=cndt
IE - HKLM\..\SearchScopes,DefaultScope = {0B4A10D1-FBD6-451d-BFDA-F03252B05984}
IE - HKLM\..\SearchScopes\{0B4A10D1-FBD6-451d-BFDA-F03252B05984}: "URL" = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us
IE - HKLM\..\SearchScopes\{245BD935-469F-4E65-8D49-4AED56384B94}: "URL" = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1184&query={searchTerms}&invocationType=tb50hpcndtie7-en-gb
IE - HKLM\..\SearchScopes\{24803EB1-32CD-4EAC-AC93-6C2DFE1AC487}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKLM\..\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}: "URL" = http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes,DefaultScope = {24803EB1-32CD-4EAC-AC93-6C2DFE1AC487}
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes\{24803EB1-32CD-4EAC-AC93-6C2DFE1AC487}: "URL" = http://uk.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://uk.ask.com/web?q={SEARCHTERMS}&o=15528&l=dis
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes\{BB5259EA-ECD2-4E02-AACA-3E948FAE07D7}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=FAA35F7B-663C-46E7-BB40-F4548E275E25&apn_sauid=BEDA7998-D926-4212-99A8-048281CCADDD
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Shaun\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012/03/25 18:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012/03/27 17:38:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/23 11:09:03 | 000,000,000 | ---D | M]

[2010/10/07 05:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Extensions
[2010/10/07 05:30:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Shaun\AppData\Roaming\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2012/03/27 17:21:38 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Codec-C Class) - {19480E4E-F264-4DFB-B991-C35664EDBE49} - C:\ProgramData\Codec-C\bhoclass.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.6.2.10\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [EzPrint] C:\Program Files (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LXCRCATS] C:\Windows\SysNative\spool\DRIVERS\x64\3\LXCRtime.DLL (Lexmark International Inc.)
O4:64bit: - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EzPrint] C:\Program Files (x86) (x86)\Lexmark 2400 Series\ezprint.exe (Lexmark International Inc.)
O4 - HKLM..\Run: [HP Remote Solution] C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe ()
O4 - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [lxcrmon.exe] C:\Program Files (x86) (x86)\Lexmark 2400 Series\lxcrmon.exe ()
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [Aim] C:\Program Files (x86)\AIM\aim.exe (AOL Inc.)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [Facebook Update] C:\Users\Shaun\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [Logitech Vid] C:\Program Files (x86)\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [Messenger (Yahoo!)] C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [ooVoo.exe] C:\Program Files (x86)\ooVoo\oovoo.exe (ooVoo LLC)
O4 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = File not found
O4 - Startup: C:\Users\Shaun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Warner Bros.lnk = C:\Program Files (x86)\Warner Bros. Digital Copy Manager\Warner Bros. Digital Copy Manager.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O9 - Extra Button: Sky - {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.skybroadband.com File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1D5C7779-DEF4-494E-B14A-03EFEAB8F78B}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{456C8851-F50A-4EF8-8615-789446BDE1C0}: NameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AAA8B34-2142-4B3B-AA33-39C17466B741}: NameServer = 10.94.88.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A256F57-EC75-47CA-8165-BF48177CFAE3}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/03/28 01:00:26 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\Shaun\Desktop\OTL.exe
[2012/03/27 17:37:26 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/03/27 17:21:45 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/03/27 14:04:31 | 000,000,000 | ---D | C] -- C:\Users\Shaun\Desktop\virus removal
[2012/03/26 23:58:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/03/26 23:58:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/03/26 23:58:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/03/26 23:58:14 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2012/03/26 23:54:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/03/26 20:16:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
[2012/03/26 20:16:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012/03/26 09:07:29 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{CF28BC65-E2D8-4516-99E0-DE6C3A69A5F5}
[2012/03/26 09:07:18 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{EB1976AA-E02B-459A-8023-678739602609}
[2012/03/25 19:06:11 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{5B2DD883-982B-428E-8A5C-250CA3D376C7}
[2012/03/25 19:05:45 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{349C3263-BFDC-4F61-85BF-2C8CAAE001FB}
[2012/03/25 14:03:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/03/25 14:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012/03/25 05:06:34 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{85417340-3A94-4BF7-95E6-794070DEF29B}
[2012/03/25 05:06:13 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{1B6D5238-A300-4FCA-875B-7CC63A19B123}
[2012/03/22 18:42:52 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{111E8FEC-17DC-47E0-AD49-4461764E1017}
[2012/03/22 18:42:40 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{11A12ECC-673B-456B-A518-DDE0F50E38D8}
[2012/03/21 10:53:14 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{F91A1BBA-1813-4903-9E34-DCE67ED86CDD}
[2012/03/21 10:53:02 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{079358C8-F0A3-4B8C-AA80-BE12A244D5B9}
[2012/03/18 03:00:30 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Roaming\PFStaticIP
[2012/03/15 08:03:35 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{5F95B96B-7AEA-49D8-AA1A-D14CCC16FD15}
[2012/03/15 08:03:13 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{9601BE09-38E2-43F0-8B25-6D7FDFA92AEE}
[2012/03/15 04:03:36 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012/03/15 04:03:35 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012/03/15 04:03:35 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012/03/14 07:22:00 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll
[2012/03/14 07:19:59 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012/03/14 07:19:58 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012/03/14 07:19:58 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012/03/14 07:19:49 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll
[2012/03/14 07:19:49 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll
[2012/03/14 03:03:32 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{809364FA-164E-436C-A94E-F5F9F5C31C00}
[2012/03/14 03:03:21 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{D858925B-DD8D-4E25-99AC-F173EFD5F703}
[2012/03/11 15:31:53 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Roaming\Yahoo!
[2012/03/11 15:31:47 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{061FC475-E2A2-45AF-BF7D-6D3C20A3E637}
[2012/03/11 15:31:30 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{03E3938B-02B6-4802-AA5E-F6E521F17FEC}
[2012/03/11 15:27:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/03/11 15:27:22 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/11 15:27:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/11 15:27:22 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/11 15:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/03/11 15:00:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/03/11 15:00:40 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/03/08 01:49:08 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{73A55079-2574-4E59-A591-05F15B57B479}
[2012/03/08 01:48:57 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{22B557BC-DF5F-4023-81F5-D2AC6052A269}
[2012/03/06 03:15:45 | 000,000,000 | ---D | C] -- C:\Users\Shaun\Desktop\behaviour
[2012/03/04 23:53:03 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{9ED8D74A-3CB4-481D-B14B-BC46C6E1E529}
[2012/03/04 23:52:52 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{3094F3CD-1471-4DDC-B2CE-6628094922C3}
[2012/03/03 21:21:37 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{C9F6C858-A112-4DF3-8859-6D2811DA1B41}
[2012/03/03 21:21:26 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{931C9859-426E-4E1D-B519-A0C219B8946E}
[2012/02/28 19:48:22 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{D5477FB5-A23C-49D4-8EEF-9DA775EEAB77}
[2012/02/28 19:47:54 | 000,000,000 | ---D | C] -- C:\Users\Shaun\AppData\Local\{F4FFB8DD-4890-41ED-B530-8F0C93DE0BA9}

========== Files - Modified Within 30 Days ==========

[2012/03/28 01:11:00 | 000,000,896 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/03/28 01:11:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/03/28 01:00:32 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\Shaun\Desktop\OTL.exe
[2012/03/27 22:19:01 | 000,000,928 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001UA.job
[2012/03/27 17:46:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 17:46:12 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/03/27 17:43:11 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/03/27 17:43:11 | 000,628,024 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/03/27 17:43:11 | 000,110,208 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/03/27 17:38:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/03/27 17:38:39 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012/03/27 17:38:37 | 3193,888,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/03/27 17:21:38 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/03/27 01:19:00 | 000,000,906 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3474861053-3292695585-4223325806-1001Core.job
[2012/03/27 00:12:49 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForShaun.job
[2012/03/26 23:14:04 | 000,015,414 | ---- | M] () -- C:\Users\Shaun\AppData\Roaming\wklnhst.dat
[2012/03/26 20:15:40 | 000,000,178 | ---- | M] () -- C:\Users\Shaun\defogger_reenable
[2012/03/26 12:10:05 | 000,001,532 | ---- | M] () -- C:\Users\Shaun\Desktop\wmplayer.exe - Shortcut.lnk
[2012/03/25 05:03:29 | 000,002,463 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2012/03/25 05:03:19 | 002,079,065 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\Cat.DB
[2012/03/25 05:02:50 | 000,008,727 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\VT20120301.009
[2012/03/23 07:04:27 | 000,175,736 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2012/03/23 07:04:27 | 000,007,488 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2012/03/23 07:04:27 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2012/03/22 19:14:30 | 000,001,044 | ---- | M] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012/03/20 05:26:35 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1306020.00A\isolate.ini
[2012/03/15 08:01:37 | 000,330,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/03/11 15:27:15 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll
[2012/03/11 15:27:15 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe
[2012/03/11 15:27:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe
[2012/03/11 15:27:15 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe
[2012/03/11 15:01:18 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/09 06:01:34 | 000,041,472 | ---- | M] () -- C:\Users\Shaun\Desktop\Assesment 3.wps
[2012/02/28 21:00:21 | 000,000,552 | ---- | M] () -- C:\Windows\tasks\PCDRScheduledMaintenance.job

========== Files Created - No Company Name ==========

[2012/03/26 23:58:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/03/26 23:58:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/03/26 23:58:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/03/26 23:58:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/03/26 23:58:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/03/26 20:15:40 | 000,000,178 | ---- | C] () -- C:\Users\Shaun\defogger_reenable
[2012/03/26 12:10:05 | 000,001,532 | ---- | C] () -- C:\Users\Shaun\Desktop\wmplayer.exe - Shortcut.lnk
[2012/03/22 19:14:30 | 000,001,044 | ---- | C] () -- C:\Users\Public\Desktop\HTC Sync.lnk
[2012/03/11 15:01:18 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/03/07 03:25:56 | 000,041,472 | ---- | C] () -- C:\Users\Shaun\Desktop\Assesment 3.wps
[2012/01/18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012/01/18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012/01/18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011/09/12 14:29:04 | 000,001,854 | ---- | C] () -- C:\Users\Shaun\AppData\Roaming\GhostObjGAFix.xml
[2011/05/08 23:43:29 | 000,000,091 | ---- | C] () -- C:\Windows\CIV.INI
[2011/04/14 01:39:08 | 000,006,656 | ---- | C] () -- C:\Users\Shaun\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/12/11 21:21:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\cd.dat
[2010/11/25 01:03:27 | 000,007,598 | ---- | C] () -- C:\Users\Shaun\AppData\Local\Resmon.ResmonCfg
[2010/10/10 08:12:30 | 000,604,186 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpSDC11213.JPG
[2010/10/10 08:12:29 | 002,424,863 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpSDC11213.0
[2010/10/10 06:49:52 | 000,880,762 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpSDC11264.JPG
[2010/10/10 06:49:51 | 003,048,993 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpSDC11264.0
[2010/10/09 05:32:47 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010/06/30 00:12:16 | 000,013,312 | ---- | C] () -- C:\Windows\LPRES.DLL
[2010/04/25 23:56:42 | 000,017,605 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmp1270686919.JPG
[2010/04/12 15:04:34 | 000,084,170 | ---- | C] () -- C:\Windows\War3Unin.dat
[2010/04/08 08:10:48 | 000,031,941 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmp1270686919.0
[2010/04/02 17:24:42 | 000,063,181 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpPICTURE 9.0
[2010/04/02 17:24:42 | 000,029,469 | ---- | C] () -- C:\Users\Shaun\AppData\Local\tmpPICTURE 9.JPG

========== Alternate Data Streams ==========

@Alternate Data Stream - 64 bytes -> C:\Users\Shaun\Desktop\VTS_01_3.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Shaun\Desktop\VTS_01_2.VOB:TOC.WMV
@Alternate Data Stream - 64 bytes -> C:\Users\Shaun\Desktop\VTS_01_1.VOB:TOC.WMV

< End of report >

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:02:26 PM

Posted 27 March 2012 - 07:28 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE:64bit: - HKLM\..\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}: "URL" = <http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936>
    IE - HKLM\..\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}: "URL" = <http://uk.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913936>
    IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = <http://uk.ask.com/web?q={SEARCHTERMS}&o=15528&l=dis>
    IE - HKU\S-1-5-21-3474861053-3292695585-4223325806-1001\..\SearchScopes\{BB5259EA-ECD2-4E02-AACA-3E948FAE07D7}: "URL" = <http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=en_UK&apn_ptnrs=U3&apn_dtid=OSJ000YYGB&apn_uid=FAA35F7B-663C-46E7-BB40-F4548E275E25&apn_sauid=BEDA7998-D926-4212-99A8-048281CCADDD>
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (Codec-C Class) - {19480E4E-F264-4DFB-B991-C35664EDBE49} - C:\ProgramData\Codec-C\bhoclass.dll File not found
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 campbell88

campbell88
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:26 PM

Posted 27 March 2012 - 08:24 PM

hey here is the last report you asked me to post, there has been no change to the computer the programs are still missing from start menu although codec-c is now gone from the add/remove thing i just had to click on it and it said it had already been removed.



========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{929EAEF5-6EF3-4329-AA3A-CB3FA5DDDEEA}\ not found.
Registry key HKEY_USERS\S-1-5-21-3474861053-3292695585-4223325806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}\ not found.
Registry key HKEY_USERS\S-1-5-21-3474861053-3292695585-4223325806-1001\Software\Microsoft\Internet Explorer\SearchScopes\{BB5259EA-ECD2-4E02-AACA-3E948FAE07D7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BB5259EA-ECD2-4E02-AACA-3E948FAE07D7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{19480E4E-F264-4DFB-B991-C35664EDBE49}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{19480E4E-F264-4DFB-B991-C35664EDBE49}\ deleted successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Shaun\Desktop\cmd.bat deleted successfully.
C:\Users\Shaun\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: James
->Java cache emptied: 0 bytes

User: Mcx1-SHAUN-PC

User: Public

User: Shaun
->Java cache emptied: 0 bytes

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56475 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: James
->Flash cache emptied: 42090 bytes

User: Mcx1-SHAUN-PC
->Flash cache emptied: 41620 bytes

User: Public

User: Shaun
->Flash cache emptied: 56986 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.39.2 log created on 03282012_022019

Edited by campbell88, 27 March 2012 - 08:55 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users