Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect, bad flash update, Windows Vista,


  • This topic is locked This topic is locked
12 replies to this topic

#1 drunkle

drunkle

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 22 July 2012 - 10:38 PM

Hey all,

Recently, I had been having problems with Vista. To make a long story short, I reinstalled Vista from scratch. Afterwards, I was going through and completing about four years worth of updates (the laptop is that old!) and something didn't go as planned. Somewhere in the downloading process, I've picked up something. Adobe Flash kept wanting to me install it, even after I already had, every ten minutes or so (this is why I think it was the source of the problems). Now, some google searches are redirected to other websites. It's not every one, just ones at random. If enter an address directly into the browser, it's fine. but when I click on the link provided by google after a search, I'll end up somewhere else. My internet connection is junk now. I went from about 150Kb/s for downloads to about 5Kb/s. Webpages take forever to load. I'm afraid of going much further due to security concerns without getting this taken care of. I've ran several anti-malware programs hoping to take care of it but nothing really seems to work. I've used Ccleaner to dump temp files. I've used Ad-aware, Spy-bot S&D, as well as Malware Bytes. Each have found a few things and claimed to have fixed them, however after each reboot the problem returns. I appreciate any help anyone is able to lend me.

System Info:
HP dv7-1260us
Vista Home Premium SP1 x64
AMD Turion X2 Dual Core Mobile RM-74, 2.2Ghz


Thanks again,
drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,989 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:03:28 AM

Posted 22 July 2012 - 11:47 PM

Hello,

Please follow the instructions in ==>This Guide<== starting at step 6. If you cannot complete a step, skip it and continue.

Once the proper logs are created, then post them in a reply to this topic by using the Add Reply button.

If you can produce at least some of the logs, then please create the post and explain what happens when you try to create the log(s) that you couldn't get. If you cannot produce any of the logs, then still post the reply and explain that you followed the Prep. Guide, were unable to create the logs, and describe what happens when you try to create the logs.

Please note that I am not a member of the Malware Removal Team and will not be assisting you in removing the infection. I'm simply helping you to post the information they need in order to assist you.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

Orange Blossom :cherry:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 23 July 2012 - 08:28 AM

Here are the logs from DDS as requested (attach.txt is attached to this reply). I have a 64 bit system so I didn't run GMER. Also, something I forgot to mention earlier is that every device on my home WAN (my wife's computer, tab, and cell phone) all are having problems either connecting to or staying connected to the network. I'm not sure if this is related, but it happened immediately after this redirect hit me.

The logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_33
Run by Drunkle at 8:05:15 on 2012-07-23
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2103 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: secure.comodo.net *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: secure.comodo.net *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [cmstiles] rundll32 "C:\Users\Drunkle\AppData\Local\Temp\autoperf.dll",CreateProcessNotify
uRun: [netiheme] rundll32 "C:\Users\Drunkle\AppData\Local\Temp\autoperf64.dll",CreateProcessNotify
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9764D197-0F94-4AA3-AAB6-DC456B9CCFA8} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\68w9rcfz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/07/21 03:12:23];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-7-21 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-20 365952]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2008-11-26 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2008-11-26 116096]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-19 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250056]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-7-20 93184]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-23 02:51:14 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-23 02:51:14 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-23 02:06:21 -------- d-----w- C:\Users\Drunkle\AppData\Local\CrashDumps
2012-07-23 01:39:34 -------- d-----w- C:\ProgramData\GFI Software
2012-07-23 00:55:15 -------- d-----w- C:\Users\Drunkle\AppData\Local\NPE
2012-07-22 03:57:02 -------- d-----w- C:\ProgramData\WEBREG
2012-07-22 03:56:10 -------- d-----w- C:\Users\Drunkle\AppData\Local\HP
2012-07-22 03:44:05 266752 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp696.dll
2012-07-22 03:30:28 131072 ----a-w- C:\Windows\System32\hpz3l696.dll
2012-07-22 03:29:49 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-07-22 03:29:47 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-07-22 03:25:00 966656 ----a-w- C:\Windows\System32\hposwia_p01d.dll
2012-07-22 03:25:00 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2012-07-22 03:25:00 361816 ----a-w- C:\Windows\System32\hpzids40.dll
2012-07-22 03:24:59 512512 ----a-w- C:\Windows\System32\hposc_p01a.dll
2012-07-22 03:24:59 508928 ----a-w- C:\Windows\System32\difxapi.dll
2012-07-22 03:24:59 1411584 ----a-w- C:\Windows\System32\hpost_p01d.dll
2012-07-22 03:21:36 -------- d-----w- C:\Program Files\CCleaner
2012-07-22 00:51:45 -------- d-----w- C:\Temp
2012-07-22 00:23:18 -------- d-----w- C:\Users\Drunkle\AppData\Local\Samsung
2012-07-22 00:23:13 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\Samsung
2012-07-22 00:22:00 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-22 00:21:59 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-22 00:21:58 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-22 00:21:58 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-22 00:19:38 -------- d-----w- C:\Users\Drunkle\{6524cf81-5c65-498f-b1a7-1e4e2a1deccb}
2012-07-22 00:18:48 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-07-22 00:18:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-07-22 00:18:02 319456 ----a-w- C:\Windows\SysWow64\DIFxAPI.dll
2012-07-22 00:18:02 20032 ----a-w- C:\Windows\SysWow64\drivers\dgderdrv.sys
2012-07-22 00:18:02 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-07-22 00:16:19 -------- d-----w- C:\ProgramData\Samsung
2012-07-22 00:16:19 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-21 22:42:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 22:42:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 21:53:02 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\Malwarebytes
2012-07-21 21:51:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-21 20:01:30 -------- d-----w- C:\ProgramData\0C1D1A011775024D0FA791ED6C44B161
2012-07-21 08:39:41 -------- d-----w- C:\Users\Drunkle\AppData\Local\Adobe
2012-07-21 07:53:58 -------- d-----w- C:\Users\Drunkle\AppData\Local\Macromedia
2012-07-21 07:51:27 -------- d-----w- C:\Users\Drunkle\AppData\Local\CyberLink
2012-07-21 07:51:26 -------- d-----w- C:\Users\Drunkle\AppData\Local\PowerCinema
2012-07-21 03:31:04 -------- d-----w- C:\Users\Drunkle\AppData\Local\MediaSmart DVD
2012-07-21 03:20:37 -------- d-----w- C:\Program Files (x86)\Hp
2012-07-21 03:20:21 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\HpUpdate
2012-07-21 03:20:17 -------- d-----w- C:\Windows\Hewlett-Packard
2012-07-21 02:34:11 -------- d-----w- C:\Users\Drunkle\AppData\Local\Downloaded Installations
2012-07-21 02:29:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-21 02:29:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-21 01:58:30 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-21 01:57:05 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-21 01:57:05 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-21 01:57:05 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-21 01:57:05 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-21 01:57:05 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-21 01:57:05 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-21 01:57:05 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-21 01:57:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-21 01:57:05 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-21 01:57:05 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-21 01:55:02 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-07-21 01:54:46 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-07-21 01:54:46 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2012-07-21 01:54:46 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-07-21 01:54:46 17920 ----a-w- C:\Windows\System32\netevent.dll
2012-07-21 01:54:46 12288 ----a-w- C:\Windows\System32\sscore.dll
2012-07-21 01:54:21 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-07-21 01:54:21 378368 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-07-21 01:52:23 -------- d-----w- C:\Users\Drunkle\AppData\Local\Mozilla
2012-07-20 23:32:57 316416 ----a-w- C:\Windows\System32\msshsq.dll
2012-07-20 23:32:57 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-07-20 22:53:37 -------- d-----w- C:\ProgramData\Comodo
2012-07-20 22:53:25 -------- d-----w- C:\Program Files\COMODO
2012-07-20 22:37:43 49160 ----a-w- C:\Windows\System32\infocardcpl.cpl
2012-07-20 22:37:43 37384 ----a-w- C:\Windows\SysWow64\infocardcpl.cpl
2012-07-20 22:37:39 11264 ----a-w- C:\Windows\SysWow64\icardres.dll
2012-07-20 22:37:39 11264 ----a-w- C:\Windows\System32\icardres.dll
2012-07-20 22:37:38 97800 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2012-07-20 22:37:38 781344 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2012-07-20 22:37:38 622080 ----a-w- C:\Windows\SysWow64\icardagt.exe
2012-07-20 22:37:38 167432 ----a-w- C:\Windows\System32\infocardapi.dll
2012-07-20 22:37:38 1168928 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2012-07-20 22:37:37 1383936 ----a-w- C:\Windows\System32\icardagt.exe
2012-07-20 22:37:32 126520 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2012-07-20 22:37:32 105016 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-07-20 22:30:07 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
2012-07-20 22:30:07 158208 ----a-w- C:\Windows\System32\mscorier.dll
2012-07-20 22:30:05 76288 ----a-w- C:\Windows\System32\mscories.dll
2012-07-20 22:30:04 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
2012-07-20 22:26:31 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-07-20 22:26:31 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-07-20 22:26:30 610304 ----a-w- C:\Windows\System32\drivers\http.sys
2012-07-20 22:26:30 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-07-20 22:26:30 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-07-20 22:18:48 80896 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-07-20 22:18:48 101376 ----a-w- C:\Windows\System32\MSNP.ax
2012-07-20 22:18:43 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-07-20 22:18:42 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2012-07-20 22:18:42 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-07-20 22:18:41 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2012-07-20 22:12:50 136672 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-20 21:42:16 32256 ----a-w- C:\Windows\System32\NETSTAT.EXE
2012-07-20 21:40:58 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2012-07-20 21:38:58 622080 ----a-w- C:\Windows\System32\usp10.dll
2012-07-20 21:37:59 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-20 21:36:47 88576 ----a-w- C:\Windows\System32\atl.dll
2012-07-20 21:36:47 71680 ----a-w- C:\Windows\SysWow64\atl.dll
2012-07-20 21:36:46 87552 ----a-w- C:\Windows\System32\consent.exe
2012-07-20 21:36:45 880640 ----a-w- C:\Windows\System32\timedate.cpl
2012-07-20 21:36:45 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-07-20 21:36:43 50688 ----a-w- C:\Windows\System32\rtutils.dll
2012-07-20 21:36:43 36352 ----a-w- C:\Windows\SysWow64\rtutils.dll
2012-07-20 21:34:31 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-07-20 21:34:31 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-07-20 21:34:31 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-07-20 21:34:31 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-07-20 21:34:31 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-07-20 21:34:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-07-20 21:34:30 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-07-20 21:33:54 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-07-20 21:32:24 268800 ----a-w- C:\Windows\System32\msv1_0.dll
2012-07-20 21:32:24 1692160 ----a-w- C:\Windows\System32\lsasrv.dll
2012-07-20 21:32:23 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-07-20 21:32:23 76800 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-20 21:32:23 515656 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-20 21:32:23 213504 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-07-20 21:32:23 205312 ----a-w- C:\Windows\System32\wdigest.dll
2012-07-20 21:32:23 175104 ----a-w- C:\Windows\SysWow64\wdigest.dll
2012-07-20 21:32:23 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-07-20 21:30:59 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2012-07-20 21:29:33 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2012-07-20 21:29:33 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2012-07-20 21:27:30 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-07-20 21:27:30 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-07-20 21:27:30 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-07-20 21:27:29 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2012-07-20 21:27:29 450048 ----a-w- C:\Windows\System32\winsrv.dll
2012-07-20 04:33:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-20 04:29:56 -------- d-----w- C:\Program Files (x86)\muvee Technologies
2012-07-20 04:29:41 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies
2012-07-20 04:08:49 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-20 04:06:31 58880 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-07-20 04:06:31 439808 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-07-20 04:06:31 155648 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-07-20 04:06:30 76288 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-07-20 04:06:30 562688 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-07-20 04:06:30 441344 ----a-w- C:\Windows\sttray64.exe
2012-07-20 04:06:30 10760704 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-07-20 04:06:29 2869248 ----a-w- C:\Windows\System32\stlang64.dll
2012-07-20 04:06:20 -------- d-----w- C:\Windows\System32\SRSLabs
2012-07-20 04:05:46 201216 ----a-w- C:\Windows\System32\staco64.dll
2012-07-20 04:05:44 773632 ----a-w- C:\Windows\System32\stapo64.dll
2012-07-20 04:05:44 530944 ----a-w- C:\Windows\System32\stapi64.dll
2012-07-20 04:05:44 465408 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-07-20 04:05:44 430592 ----a-w- C:\Windows\System32\stcplx64.dll
2012-07-20 04:05:24 -------- d-----w- C:\Program Files\IDT
2012-07-20 04:04:50 131 ----a-w- C:\Windows\xUninstall.bat
2012-07-20 04:02:48 109568 ----a-w- C:\Windows\System32\JmCrIcon.dll
2012-07-20 04:02:48 -------- d-----w- C:\Windows\JMCR_DIR
2012-07-20 04:02:07 160768 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2012-07-20 04:02:06 -------- d-----w- C:\Program Files (x86)\Realtek
2012-07-20 04:01:42 -------- d-----w- C:\Windows\SysWow64\HPMDP
2012-07-20 04:01:07 -------- d-----w- C:\Program Files\Synaptics
2012-07-20 04:00:51 1491528 ----a-w- C:\Windows\System32\WdfCoInstaller01000.dll
2012-07-20 04:00:50 402432 ----a-w- C:\Windows\System32\SynCOM.dll
2012-07-20 04:00:50 320560 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-07-20 04:00:50 253952 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-07-20 04:00:50 196608 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-07-20 04:00:50 196096 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-07-20 04:00:50 163840 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-07-20 04:00:50 138240 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-07-20 04:00:50 102400 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-07-20 03:57:53 -------- d-----w- C:\Program Files\ATI
2012-07-20 03:57:51 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-07-20 03:56:32 1164288 ----a-w- C:\Windows\System32\drivers\athrx.sys
2012-07-20 03:56:08 -------- d-----w- C:\Windows\System32\nn-NO
2012-07-20 03:56:07 778240 ----a-w- C:\Windows\System32\S64CPA.exe
2012-07-20 03:56:07 54784 ----a-w- C:\Windows\System32\athihvui.dll
2012-07-20 03:56:07 432128 ----a-w- C:\Windows\System32\athihvs.dll
2012-07-20 03:55:51 -------- d-----w- C:\Program Files (x86)\Cisco
2012-07-20 03:55:51 -------- d-----w- C:\Program Files (x86)\Atheros
2012-07-20 03:55:46 -------- d-----w- C:\ProgramData\Atheros
2012-07-20 03:55:22 51256 ----a-w- C:\Windows\System32\drivers\pciidex.sys
2012-07-20 03:55:22 31288 ----a-w- C:\Windows\System32\drivers\msahci.sys
2012-07-20 03:55:22 31288 ----a-w- C:\Windows\System32\drivers\Dumpata.sys
2012-07-20 03:55:22 22584 ----a-w- C:\Windows\System32\drivers\atapi.sys
2012-07-20 03:55:22 16440 ----a-w- C:\Windows\System32\drivers\pciide.sys
2012-07-20 03:55:22 125496 ----a-w- C:\Windows\System32\drivers\ataport.sys
2012-07-20 03:54:24 54824 ------w- C:\Windows\SysWow64\agrsmdel.exe
2012-07-20 03:54:24 14336 ------w- C:\Windows\SysWow64\agrsco64.dll
2012-07-20 03:53:52 -------- d-----w- C:\Windows\Options
2012-07-20 01:56:48 -------- d-----w- C:\Users\Drunkle\AppData\Local\ATI
2012-07-20 01:56:47 -------- d-----w- C:\Users\Drunkle\AppData\Local\Hewlett-Packard
2012-07-20 01:56:17 -------- d-----w- C:\Users\Drunkle\AppData\Local\VirtualStore
2012-07-20 01:45:28 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\HP TCS
2012-07-20 01:43:44 26168 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-07-20 01:43:43 -------- d-----w- C:\Program Files (x86)\AMD
2012-06-26 21:02:40 90112 ----a-w- C:\Windows\MAMCityDownload.ocx
.
==================== Find3M ====================
.
2012-07-20 04:23:35 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
.
============= FINISH: 8:06:31.37 ===============
Attached File  Attach.txt   6.67KB   1 downloads
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 27 July 2012 - 10:40 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/462011 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 27 July 2012 - 11:41 PM

Hello all,

I seem to have a redirect bug of some sort. when ever I enter a search term, in any search engine (i.e. google, yahoo, ask.com, etc...) the results show up just fine. When, however, I click on the link to the result I am redirected to some junk advert site of fake search result site. If I copy the URL directly and paste it into the address bar I'm fine.

The background: My computer was acting up and I, after trying many things, had to reinstall my windows Vista to factory default. While I was downloading four years worth of updates, I seemed to pick up this redirect. It happened when I tried to update my Flash plugin for Firefox (it kept asking me every ten minutes or so to install after I already had). I've ran several virus scans with Adaware, Spybot and Malwarebytes with little effect. Spybot picks up something called fraud.privacIE. Spybot tried to "fix" the issues but it never worked. I've tried them all in regular and safe modes with no effect. Every time I reboot it returns.

Right now I'm running Vista x64 SP1. I cannot download SP2 as there are many problems with my Windows Update. I keep getting an error code of "80070424". I've researched this and I've tried the Mr. FixIt options provided by MS. Nothing helps. I've tried downloading SP2 directly. It fails upon install and I have to use a restore point after it fails. I'm hoping that these problems are all related to the fraud.privacIE bug.

System info:
HP DV7-1260US
Windows Vista x64 Home Premium SP1
I do not have an OS cd, but I do have a recovery partition on my hard drive.
I could not create a GMER log as I am running a 64bit system and it said not to.
Below is a current DDS log with the Attach.txt attached to this post.
Attached File  Attach.txt   4.28KB   1 downloads

Thanks again for your help. I look forward to hearing from you.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_33
Run by Drunkle at 23:02:29 on 2012-07-27
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.3837.2476 [GMT -5:00]
.
AV: Lavasoft Ad-Aware *Disabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800}
SP: Lavasoft Ad-Aware *Disabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: secure.comodo.net *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
FW: secure.comodo.net *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\STacSV64.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe
C:\Windows\system32\agr64svc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\SMINST\BLService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
"C:\Windows\SysWOW64\svchost.exe" -k LocalServiceDns
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Pavilion&pf=cnnb
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [cmstiles] rundll32 "C:\Users\Drunkle\AppData\Local\Temp\autoperf.dll",CreateProcessNotify
uRun: [netiheme] rundll32 "C:\Users\Drunkle\AppData\Local\Temp\autoperf64.dll",CreateProcessNotify
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
mRun: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
LSP: mswsock.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{9764D197-0F94-4AA3-AAB6-DC456B9CCFA8} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll
TB-X64: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
mRun-x64: [TSMAgent] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun-x64: [CLMLServer for HP TouchSmart] "C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun-x64: [UCam_Menu] "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Media\Webcam" update "Software\Hewlett-Packard\Media\Webcam"
mRun-x64: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun-x64: [UpdatePSTShortCut] "C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
mRun-x64: [QlbCtrl.exe] "C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" /Start
mRun-x64: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [UpdatePDIRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
mRun-x64: [(Default)]
mRun-x64: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun-x64: [KiesTrayAgent] "C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Drunkle\AppData\Roaming\Mozilla\Firefox\Profiles\68w9rcfz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/07/21 03:12:23];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2012-7-21 146928]
R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe --> C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_bd5387da\AESTSr64.exe [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?]
R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]
R2 Recovery Service for Windows;Recovery Service for Windows;C:\Program Files (x86)\SMINST\BLService.exe [2009-1-20 365952]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdLH6.sys --> C:\Windows\system32\drivers\AtihdLH6.sys [?]
R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-1-19 222512]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]
S2 Norton Internet Security;Norton Internet Security;"C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-7-21 250056]
S3 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2012-7-20 93184]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]
S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-7-27 113120]
S3 NETw3v64;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\NETw3v64.sys --> C:\Windows\system32\DRIVERS\NETw3v64.sys [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk60x64.sys --> C:\Windows\system32\DRIVERS\yk60x64.sys [?]
.
=============== Created Last 30 ================
.
2012-07-28 01:38:37 -------- d-----w- C:\9d57e892726f0743daed3751eae0
2012-07-28 00:55:04 -------- d-----w- C:\Users\Drunkle\AppData\Local\ElevatedDiagnostics
2012-07-26 13:29:23 -------- d-----w- C:\Program Files (x86)\Safer Networking
2012-07-26 03:59:42 -------- d-----w- C:\68c38b4d1a8f5139fe
2012-07-26 03:06:54 -------- d-----w- C:\Windows\SysWow64\vi-VN
2012-07-26 03:06:54 -------- d-----w- C:\Windows\SysWow64\eu-ES
2012-07-26 03:06:54 -------- d-----w- C:\Windows\SysWow64\ca-ES
2012-07-26 03:06:54 -------- d-----w- C:\Windows\System32\eu-ES
2012-07-26 03:06:54 -------- d-----w- C:\Windows\System32\ca-ES
2012-07-26 03:06:53 -------- d-----w- C:\Windows\System32\vi-VN
2012-07-26 02:23:53 -------- d-----w- C:\Windows\System32\EventProviders
2012-07-26 02:23:52 -------- d-----w- C:\4fefbc6d78e00d99a5e9dac2217031b9
2012-07-25 16:27:24 -------- d-----w- C:\Users\Drunkle\AppData\Local\Apple Computer
2012-07-25 16:27:09 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys
2012-07-25 16:27:09 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll
2012-07-25 16:27:09 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll
2012-07-25 16:26:11 -------- d-----w- C:\Program Files\iPod
2012-07-25 16:26:08 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2012-07-25 16:26:08 -------- d-----w- C:\Program Files\iTunes
2012-07-25 16:26:08 -------- d-----w- C:\Program Files (x86)\iTunes
2012-07-25 16:24:39 -------- d-----w- C:\Users\Drunkle\AppData\Local\Apple
2012-07-25 16:21:54 -------- d-----w- C:\Program Files\Bonjour
2012-07-25 16:21:54 -------- d-----w- C:\Program Files (x86)\Bonjour
2012-07-25 04:43:49 1902 ----a-w- C:\Users\Drunkle\AppData\Local\VWL62DA.tmp
2012-07-25 04:42:17 76648 ----a-w- C:\Users\Drunkle\AppData\Local\SDBFB8E.tmp
2012-07-25 04:42:17 2558 ----a-w- C:\Users\Drunkle\AppData\Local\MANFB0E.tmp
2012-07-25 04:42:17 1898 ----a-w- C:\Users\Drunkle\AppData\Local\VWLFB6C.tmp
2012-07-25 04:42:17 158572 ----a-w- C:\Users\Drunkle\AppData\Local\WLFFB7D.tmp
2012-07-25 04:42:17 -------- d-----w- C:\Users\Drunkle\AppData\Local\VSW0
2012-07-24 06:07:53 -------- d-sh--w- C:\found.001
2012-07-24 03:59:34 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-07-24 03:57:23 46136 ----a-w- C:\Windows\System32\drivers\amdiox64.sys
2012-07-24 03:57:16 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-07-24 03:50:08 -------- d-----w- C:\Program Files\ATI Technologies
2012-07-24 03:48:35 -------- d-----w- C:\AMD
2012-07-24 02:09:56 -------- d-sh--w- C:\found.000
2012-07-24 01:44:00 34872 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-07-24 01:43:59 -------- d-----w- C:\Program Files (x86)\AMD
2012-07-24 01:22:14 21992 ----a-w- C:\Windows\System32\drivers\cpuz135_x64.sys
2012-07-24 01:22:14 -------- d-----w- C:\Program Files\CPUID
2012-07-23 02:51:14 476976 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-07-23 02:51:14 472880 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-07-23 02:06:21 -------- d-----w- C:\Users\Drunkle\AppData\Local\CrashDumps
2012-07-23 01:39:34 -------- d-----w- C:\ProgramData\GFI Software
2012-07-23 00:55:15 -------- d-----w- C:\Users\Drunkle\AppData\Local\NPE
2012-07-22 03:57:02 -------- d-----w- C:\ProgramData\WEBREG
2012-07-22 03:56:10 -------- d-----w- C:\Users\Drunkle\AppData\Local\HP
2012-07-22 03:44:05 266752 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\hpzpp696.dll
2012-07-22 03:30:28 131072 ----a-w- C:\Windows\System32\hpz3l696.dll
2012-07-22 03:29:49 -------- d-----w- C:\Program Files (x86)\Common Files\HP
2012-07-22 03:29:47 -------- d-----w- C:\Program Files (x86)\Common Files\Hewlett-Packard
2012-07-22 03:25:00 966656 ----a-w- C:\Windows\System32\hposwia_p01d.dll
2012-07-22 03:25:00 551424 ----a-w- C:\Windows\System32\hppldcoi.dll
2012-07-22 03:25:00 361816 ----a-w- C:\Windows\System32\hpzids40.dll
2012-07-22 03:24:59 512512 ----a-w- C:\Windows\System32\hposc_p01a.dll
2012-07-22 03:24:59 1411584 ----a-w- C:\Windows\System32\hpost_p01d.dll
2012-07-22 03:21:36 -------- d-----w- C:\Program Files\CCleaner
2012-07-22 00:51:45 -------- d-----w- C:\Temp
2012-07-22 00:23:18 -------- d-----w- C:\Users\Drunkle\AppData\Local\Samsung
2012-07-22 00:23:13 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\Samsung
2012-07-22 00:22:00 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll
2012-07-22 00:21:59 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2012-07-22 00:21:58 99384 ----a-w- C:\Windows\System32\drivers\ssudbus.sys
2012-07-22 00:21:58 203320 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys
2012-07-22 00:19:38 -------- d-----w- C:\Users\Drunkle\{6524cf81-5c65-498f-b1a7-1e4e2a1deccb}
2012-07-22 00:18:48 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll
2012-07-22 00:18:02 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll
2012-07-22 00:18:02 319456 ----a-w- C:\Windows\SysWow64\DIFxAPI.dll
2012-07-22 00:18:02 20032 ----a-w- C:\Windows\SysWow64\drivers\dgderdrv.sys
2012-07-22 00:18:02 -------- d-----w- C:\Program Files (x86)\MarkAny
2012-07-22 00:16:19 -------- d-----w- C:\ProgramData\Samsung
2012-07-22 00:16:19 -------- d-----w- C:\Program Files (x86)\Samsung
2012-07-21 22:42:44 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-21 22:42:44 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-21 21:53:02 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\Malwarebytes
2012-07-21 21:51:48 -------- d-----w- C:\ProgramData\Malwarebytes
2012-07-21 20:01:30 -------- d-----w- C:\ProgramData\0C1D1A011775024D0FA791ED6C44B161
2012-07-21 08:39:41 -------- d-----w- C:\Users\Drunkle\AppData\Local\Adobe
2012-07-21 07:53:58 -------- d-----w- C:\Users\Drunkle\AppData\Local\Macromedia
2012-07-21 07:51:27 -------- d-----w- C:\Users\Drunkle\AppData\Local\CyberLink
2012-07-21 07:51:26 -------- d-----w- C:\Users\Drunkle\AppData\Local\PowerCinema
2012-07-21 03:31:04 -------- d-----w- C:\Users\Drunkle\AppData\Local\MediaSmart DVD
2012-07-21 03:20:37 -------- d-----w- C:\Program Files (x86)\Hp
2012-07-21 03:20:21 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\HpUpdate
2012-07-21 03:20:17 -------- d-----w- C:\Windows\Hewlett-Packard
2012-07-21 02:34:11 -------- d-----w- C:\Users\Drunkle\AppData\Local\Downloaded Installations
2012-07-21 02:29:26 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-07-21 02:29:26 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-21 01:58:30 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2012-07-21 01:57:05 99176 ----a-w- C:\Windows\SysWow64\PresentationHostProxy.dll
2012-07-21 01:57:05 49472 ----a-w- C:\Windows\SysWow64\netfxperf.dll
2012-07-21 01:57:05 48960 ----a-w- C:\Windows\System32\netfxperf.dll
2012-07-21 01:57:05 444752 ----a-w- C:\Windows\System32\mscoree.dll
2012-07-21 01:57:05 320352 ----a-w- C:\Windows\System32\PresentationHost.exe
2012-07-21 01:57:05 297808 ----a-w- C:\Windows\SysWow64\mscoree.dll
2012-07-21 01:57:05 295264 ----a-w- C:\Windows\SysWow64\PresentationHost.exe
2012-07-21 01:57:05 1942856 ----a-w- C:\Windows\System32\dfshim.dll
2012-07-21 01:57:05 1130824 ----a-w- C:\Windows\SysWow64\dfshim.dll
2012-07-21 01:57:05 109912 ----a-w- C:\Windows\System32\PresentationHostProxy.dll
2012-07-21 01:55:02 28160 ----a-w- C:\Windows\System32\drivers\en-US\http.sys.mui
2012-07-21 01:54:46 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
2012-07-21 01:54:46 179712 ----a-w- C:\Windows\System32\srvsvc.dll
2012-07-21 01:54:46 17920 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-07-21 01:54:46 17920 ----a-w- C:\Windows\System32\netevent.dll
2012-07-21 01:54:46 12288 ----a-w- C:\Windows\System32\sscore.dll
2012-07-21 01:54:21 442368 ----a-w- C:\Windows\System32\winhttp.dll
2012-07-21 01:54:21 378368 ----a-w- C:\Windows\SysWow64\winhttp.dll
2012-07-21 01:52:23 -------- d-----w- C:\Users\Drunkle\AppData\Local\Mozilla
2012-07-20 23:32:57 316416 ----a-w- C:\Windows\System32\msshsq.dll
2012-07-20 23:32:57 231936 ----a-w- C:\Windows\SysWow64\msshsq.dll
2012-07-20 22:37:43 49160 ----a-w- C:\Windows\System32\infocardcpl.cpl
2012-07-20 22:37:43 37384 ----a-w- C:\Windows\SysWow64\infocardcpl.cpl
2012-07-20 22:37:39 11264 ----a-w- C:\Windows\SysWow64\icardres.dll
2012-07-20 22:37:39 11264 ----a-w- C:\Windows\System32\icardres.dll
2012-07-20 22:37:38 97800 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2012-07-20 22:37:38 781344 ----a-w- C:\Windows\SysWow64\PresentationNative_v0300.dll
2012-07-20 22:37:38 622080 ----a-w- C:\Windows\SysWow64\icardagt.exe
2012-07-20 22:37:38 167432 ----a-w- C:\Windows\System32\infocardapi.dll
2012-07-20 22:37:38 1168928 ----a-w- C:\Windows\System32\PresentationNative_v0300.dll
2012-07-20 22:37:37 1383936 ----a-w- C:\Windows\System32\icardagt.exe
2012-07-20 22:37:32 126520 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2012-07-20 22:37:32 105016 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2012-07-20 22:30:07 158720 ----a-w- C:\Windows\SysWow64\mscorier.dll
2012-07-20 22:30:07 158208 ----a-w- C:\Windows\System32\mscorier.dll
2012-07-20 22:30:05 76288 ----a-w- C:\Windows\System32\mscories.dll
2012-07-20 22:30:04 83968 ----a-w- C:\Windows\SysWow64\mscories.dll
2012-07-20 22:26:31 32768 ----a-w- C:\Windows\System32\nshhttp.dll
2012-07-20 22:26:31 24064 ----a-w- C:\Windows\SysWow64\nshhttp.dll
2012-07-20 22:26:30 610304 ----a-w- C:\Windows\System32\drivers\http.sys
2012-07-20 22:26:30 33792 ----a-w- C:\Windows\System32\httpapi.dll
2012-07-20 22:26:30 31232 ----a-w- C:\Windows\SysWow64\httpapi.dll
2012-07-20 22:18:48 80896 ----a-w- C:\Windows\SysWow64\MSNP.ax
2012-07-20 22:18:48 101376 ----a-w- C:\Windows\System32\MSNP.ax
2012-07-20 22:18:43 293376 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2012-07-20 22:18:42 375808 ----a-w- C:\Windows\System32\psisdecd.dll
2012-07-20 22:18:42 217088 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2012-07-20 22:18:41 289792 ----a-w- C:\Windows\System32\psisrndr.ax
2012-07-20 21:42:16 32256 ----a-w- C:\Windows\System32\NETSTAT.EXE
2012-07-20 21:40:58 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
2012-07-20 21:38:58 622080 ----a-w- C:\Windows\System32\usp10.dll
2012-07-20 21:37:59 974848 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2012-07-20 21:36:47 88576 ----a-w- C:\Windows\System32\atl.dll
2012-07-20 21:36:47 71680 ----a-w- C:\Windows\SysWow64\atl.dll
2012-07-20 21:36:46 87552 ----a-w- C:\Windows\System32\consent.exe
2012-07-20 21:36:45 880640 ----a-w- C:\Windows\System32\timedate.cpl
2012-07-20 21:36:45 714240 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-07-20 21:36:43 50688 ----a-w- C:\Windows\System32\rtutils.dll
2012-07-20 21:36:43 36352 ----a-w- C:\Windows\SysWow64\rtutils.dll
2012-07-20 21:34:31 96256 ----a-w- C:\Windows\System32\fontsub.dll
2012-07-20 21:34:31 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2012-07-20 21:34:31 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-07-20 21:34:31 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-07-20 21:34:31 292864 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-07-20 21:34:30 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-07-20 21:34:30 10240 ----a-w- C:\Windows\SysWow64\dciman32.dll
2012-07-20 21:33:54 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-07-20 21:32:24 268800 ----a-w- C:\Windows\System32\msv1_0.dll
2012-07-20 21:32:24 1692160 ----a-w- C:\Windows\System32\lsasrv.dll
2012-07-20 21:32:23 94720 ----a-w- C:\Windows\System32\secur32.dll
2012-07-20 21:32:23 76800 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-07-20 21:32:23 515656 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-07-20 21:32:23 213504 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2012-07-20 21:32:23 205312 ----a-w- C:\Windows\System32\wdigest.dll
2012-07-20 21:32:23 175104 ----a-w- C:\Windows\SysWow64\wdigest.dll
2012-07-20 21:32:23 11264 ----a-w- C:\Windows\System32\lsass.exe
2012-07-20 21:30:59 2424320 ----a-w- C:\Windows\System32\mstscax.dll
2012-07-20 21:29:33 866816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
2012-07-20 21:29:33 1090048 ----a-w- C:\Windows\System32\wmpmde.dll
2012-07-20 21:27:30 28672 ----a-w- C:\Windows\System32\dnscacheugc.exe
2012-07-20 21:27:30 25088 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2012-07-20 21:27:30 117760 ----a-w- C:\Windows\System32\dnsrslvr.dll
2012-07-20 21:27:29 85504 ----a-w- C:\Windows\System32\csrsrv.dll
2012-07-20 21:27:29 450048 ----a-w- C:\Windows\System32\winsrv.dll
2012-07-20 04:33:43 -------- d-sh--w- C:\$RECYCLE.BIN
2012-07-20 04:29:56 -------- d-----w- C:\Program Files (x86)\muvee Technologies
2012-07-20 04:29:41 -------- d-----w- C:\Program Files (x86)\Common Files\muvee Technologies
2012-07-20 04:08:49 0 ----a-w- C:\Windows\ativpsrm.bin
2012-07-20 04:06:31 58880 ----a-w- C:\Windows\System32\AESTAR64.dll
2012-07-20 04:06:31 439808 ----a-w- C:\Windows\System32\AESTEC64.dll
2012-07-20 04:06:31 155648 ----a-w- C:\Windows\System32\AESTAC64.dll
2012-07-20 04:06:30 76288 ----a-w- C:\Windows\System32\AESTCo64.dll
2012-07-20 04:06:30 562688 ----a-w- C:\Windows\System32\idt64mp1.exe
2012-07-20 04:06:30 441344 ----a-w- C:\Windows\sttray64.exe
2012-07-20 04:06:30 10760704 ----a-w- C:\Windows\System32\idtcpl64.cpl
2012-07-20 04:06:29 2869248 ----a-w- C:\Windows\System32\stlang64.dll
2012-07-20 04:06:20 -------- d-----w- C:\Windows\System32\SRSLabs
2012-07-20 04:05:46 201216 ----a-w- C:\Windows\System32\staco64.dll
2012-07-20 04:05:44 773632 ----a-w- C:\Windows\System32\stapo64.dll
2012-07-20 04:05:44 530944 ----a-w- C:\Windows\System32\stapi64.dll
2012-07-20 04:05:44 465408 ----a-w- C:\Windows\System32\drivers\stwrt64.sys
2012-07-20 04:05:44 430592 ----a-w- C:\Windows\System32\stcplx64.dll
2012-07-20 04:05:24 -------- d-----w- C:\Program Files\IDT
2012-07-20 04:04:50 131 ----a-w- C:\Windows\xUninstall.bat
2012-07-20 04:02:48 109568 ----a-w- C:\Windows\System32\JmCrIcon.dll
2012-07-20 04:02:48 -------- d-----w- C:\Windows\JMCR_DIR
2012-07-20 04:02:07 160768 ----a-w- C:\Windows\System32\drivers\Rtlh64.sys
2012-07-20 04:02:06 -------- d-----w- C:\Program Files (x86)\Realtek
2012-07-20 04:01:42 -------- d-----w- C:\Windows\SysWow64\HPMDP
2012-07-20 04:01:07 -------- d-----w- C:\Program Files\Synaptics
2012-07-20 04:00:51 1491528 ----a-w- C:\Windows\System32\WdfCoInstaller01000.dll
2012-07-20 04:00:50 402432 ----a-w- C:\Windows\System32\SynCOM.dll
2012-07-20 04:00:50 320560 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2012-07-20 04:00:50 253952 ----a-w- C:\Windows\System32\SynCtrl.dll
2012-07-20 04:00:50 196608 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2012-07-20 04:00:50 196096 ----a-w- C:\Windows\System32\SynTPAPI.dll
2012-07-20 04:00:50 163840 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2012-07-20 04:00:50 138240 ----a-w- C:\Windows\System32\SynTPCo4.dll
2012-07-20 04:00:50 102400 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2012-07-20 03:57:53 -------- d-----w- C:\Program Files\ATI
2012-07-20 03:56:32 1164288 ----a-w- C:\Windows\System32\drivers\athrx.sys
2012-07-20 03:56:08 -------- d-----w- C:\Windows\System32\nn-NO
2012-07-20 03:56:07 778240 ----a-w- C:\Windows\System32\S64CPA.exe
2012-07-20 03:56:07 54784 ----a-w- C:\Windows\System32\athihvui.dll
2012-07-20 03:56:07 432128 ----a-w- C:\Windows\System32\athihvs.dll
2012-07-20 03:55:51 -------- d-----w- C:\Program Files (x86)\Cisco
2012-07-20 03:55:51 -------- d-----w- C:\Program Files (x86)\Atheros
2012-07-20 03:55:46 -------- d-----w- C:\ProgramData\Atheros
2012-07-20 03:55:22 51256 ----a-w- C:\Windows\System32\drivers\pciidex.sys
2012-07-20 03:55:22 31288 ----a-w- C:\Windows\System32\drivers\msahci.sys
2012-07-20 03:55:22 31288 ----a-w- C:\Windows\System32\drivers\Dumpata.sys
2012-07-20 03:55:22 22584 ----a-w- C:\Windows\System32\drivers\atapi.sys
2012-07-20 03:55:22 16440 ----a-w- C:\Windows\System32\drivers\pciide.sys
2012-07-20 03:55:22 125496 ----a-w- C:\Windows\System32\drivers\ataport.sys
2012-07-20 03:54:24 54824 ------w- C:\Windows\SysWow64\agrsmdel.exe
2012-07-20 03:54:24 14336 ------w- C:\Windows\SysWow64\agrsco64.dll
2012-07-20 03:53:52 -------- d-----w- C:\Windows\Options
2012-07-20 01:56:48 -------- d-----w- C:\Users\Drunkle\AppData\Local\ATI
2012-07-20 01:56:47 -------- d-----w- C:\Users\Drunkle\AppData\Local\Hewlett-Packard
2012-07-20 01:56:17 -------- d-----w- C:\Users\Drunkle\AppData\Local\VirtualStore
2012-07-20 01:45:28 -------- d-----w- C:\Users\Drunkle\AppData\Roaming\HP TCS
2012-07-04 07:32:22 187392 ----a-w- C:\Windows\System32\clinfo.exe
2012-07-04 07:32:06 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-07-04 07:32:02 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-07-04 07:31:54 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-07-04 07:31:52 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-07-04 07:31:44 16457216 ----a-w- C:\Windows\System32\amdocl64.dll
2012-07-04 07:30:58 13008384 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-07-04 07:30:12 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-07-04 07:30:08 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-07-04 06:59:32 11922944 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-07-04 06:52:04 26016256 ----a-w- C:\Windows\System32\atio6axx.dll
2012-07-04 06:35:46 19586048 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-07-04 06:27:18 159744 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-07-04 06:27:08 918528 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-07-04 06:25:14 1081856 ----a-w- C:\Windows\System32\aticfx64.dll
2012-07-04 06:21:46 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2012-07-04 06:21:40 514048 ----a-w- C:\Windows\System32\atieclxx.exe
2012-07-04 06:20:54 238080 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-07-04 06:19:16 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-07-04 06:19:12 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-07-04 06:19:06 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-07-04 06:18:18 6811648 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-07-04 05:57:18 7510528 ----a-w- C:\Windows\System32\atidxx64.dll
2012-07-04 05:36:34 1053696 ----a-w- C:\Windows\System32\atiumd6v.dll
2012-07-04 05:36:24 69632 ----a-w- C:\Windows\System32\coinst_8.97.100.3.dll
2012-07-04 05:36:14 1960960 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2012-07-04 05:35:14 6245888 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-07-04 05:28:52 4749312 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-07-04 05:11:42 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-07-04 05:11:40 535552 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-07-04 05:11:38 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-07-04 05:11:30 364544 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-07-04 05:11:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-07-04 05:11:16 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-07-04 05:11:12 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-07-04 05:11:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-07-04 05:10:56 359936 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-07-04 05:10:04 55296 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-07-04 05:09:56 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-07-04 05:09:50 45056 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-07-04 05:09:42 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-07-04 05:09:22 45056 ----a-w- C:\Windows\System32\atitmp64.dll
2012-07-04 05:09:10 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-07-04 05:04:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-07-04 05:04:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-07-04 05:04:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-07-04 05:04:18 44544 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-07-04 05:04:08 15827456 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-07-04 04:59:40 13402112 ----a-w- C:\Windows\SysWow64\aticaldd.dll
.
==================== Find3M ====================
.
2012-07-20 04:23:35 1066544 ----a-w- C:\Windows\SysWow64\MFC71.dll
2012-07-04 06:19:30 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-07-04 05:35:42 4261376 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-07-04 05:24:02 7477760 ----a-w- C:\Windows\System32\atiumd64.dll
.
============= FINISH: 23:03:16.54 ===============
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 28 July 2012 - 05:51 AM

Hello, drunkle.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.
















Step 1



Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 28 July 2012 - 10:01 AM

Good morning sir,

I think I'll just wipe clean and start from scratch. I haven't gotten very far with the updating since the last wipe (about a week ago) as I can't even install SP2 for Vista. But before I do that, I have a few questions first.

1) without SP2 my computer is at a huge risk of reinfection. What's the likelihood I'll be able to finish all of the necessary updates and not pick this up again?
2) How would I be able to protect against it while my computer is in such a vulnerable state?
3) How do I safely download updates without up to date protection?

Thanks again,
drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 29 July 2012 - 05:45 AM

Hi drunkie,

OK, that's a good plan for this infection. A few thoughts:
  • It's actually a pretty good chance. You could always download the standalone Vista SP2 update from a clean computer and transfer it with a flash drive without ever connecting to the internet. You can also put the antivirus installer on there.
  • To protect your computer, keep it unplugged from the network, reformat (don't do a repair install, but a custom install), install SP2 from the flash drive, install an antivirus, then plug it into the network and immediately update the antivirus definitions and update windows.
  • To safely download updates if you don't want to do it with a flash drive...don't open a web browser, ensure the Windows firewall is on and that an antivirus is installed, then update via Windows Update.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 31 July 2012 - 11:23 PM

etavares,

Thanks for the advice. I'm going to start to reformatting now (I've been out of town until now). Wish me luck and hopefully I'll see you on the other side!

drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 01 August 2012 - 07:03 AM

Hi drunkie,

Good luck! I'll leave this thread open for a few days in case you run into trouble.

-etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 drunkle

drunkle
  • Topic Starter

  • Members
  • 95 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:the Big O!
  • Local time:02:28 AM

Posted 03 August 2012 - 11:07 PM

etavares,

I just wanted to let you know that I've wiped my HD clean and reinstalled Vista. I've run many antivirus and everything is coming back clear. Now I'm just reupdating all of the little things like AMD drivers etc. Thanks for the advice!

drunkle
"Finished products are for decadent minds." --Asimov
"Cogito ergo sum." --René Descartes

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 04 August 2012 - 05:20 AM

Thanks for letting me know. Safe surfing!


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:28 AM

Posted 04 August 2012 - 05:20 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users