Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google/Bing Redirects in Every Browser


  • This topic is locked This topic is locked
16 replies to this topic

#1 7sunami

7sunami

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 23 August 2012 - 11:18 PM

Hey all,
I have been trying to fix my parent's computer and have had some issues getting everything removed. The main issue is that Google Chrome, Internet Explorer, and Firefox all seem to be redirecting on their search engines. It is seemingly random. It doesn't happen all the time or on every link. That sites that it redirects to are mostly just link farms or pure ads. Most of the time, the domain name isn't in the address. Instead, it eventually redirects to a class A IP address. That seems to be the main issue (besides any behind the scenes keylogging or such). Here are the requested logs:

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0
Run by Helene at 23:54:51 on 2012-08-23
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2245 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Microsoft Security Essentials *Enabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\nvvsvc.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\SysWOW64\PnkBstrB.exe
c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\HP2\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
c:\program files (x86)\teamviewer\version7\TeamViewer_Desktop.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/ig
mWinlogon: Userinit=userinit.exe,
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [Google Update] "C:\Users\Helene\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
uRun: [Spotify Web Helper] "C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
mRun: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun: [hpqSRMon] C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP2\HP Software Update\HPWuSchd2.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\Users\Helene\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\EVENTP~2.LNK - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MYSOFT~1.LNK - C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{2F094FA7-C64F-4A2B-93BC-18327601E78F} : DhcpNameServer = 192.168.1.1
Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO-X64: HP Print Enhancer - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
BHO-X64: HP Smart BHO Class - No File
TB-X64: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File
mRun-x64: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
mRun-x64: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqSRMon.exe
mRun-x64: [HP Software Update] C:\Program Files (x86)\HP2\HP Software Update\HPWuSchd2.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [AddressBookReminderApp] C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun-x64: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
FF - component: C:\Program Files (x86)\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll
FF - component: C:\Program Files (x86)\pdfforge Toolbar\SSFF\components\SearchSettingsFF.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Helene\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}\plugins\npGarmin.dll
FF - plugin: C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - plugin: C:\Windows\SysWOW64\npwmsdrm.dll
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]
R2 CLDTVHNService;CLDTVHNService;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-9-17 75048]
R2 Dyyno Launcher;Dyyno Service;C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-12-16 409600]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-6-27 2369960]
R2 ntk_dtv;ntk_dtv;C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-9-17 82416]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-14 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-7-25 1326176]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-7-25 681056]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-7-16 2673064]
R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k62x64.sys --> C:\Windows\system32\DRIVERS\e1k62x64.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe --> C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [?]
S3 CXPLRCAP;Capture Device;C:\Windows\system32\drivers\CxPlrCap.sys --> C:\Windows\system32\drivers\CxPlrCap.sys [?]
S3 lvpepf64;Volume Adapter;C:\Windows\system32\DRIVERS\lv302a64.sys --> C:\Windows\system32\DRIVERS\lv302a64.sys [?]
S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\system32\DRIVERS\lvrs64.sys --> C:\Windows\system32\DRIVERS\lvrs64.sys [?]
S3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-26 113120]
S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-3-26 291696]
S3 Revoflt;Revoflt;C:\Windows\system32\DRIVERS\revoflt.sys --> C:\Windows\system32\DRIVERS\revoflt.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?]
.
=============== Created Last 30 ================
.
2012-08-24 03:52:33 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F9046B9-1A98-4B0A-81D0-8AFD3A5200DC}\offreg.dll
2012-08-23 13:40:38 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{4F9046B9-1A98-4B0A-81D0-8AFD3A5200DC}\mpengine.dll
2012-08-23 02:54:13 -------- d-----w- C:\Program Files (x86)\ESET
2012-08-22 15:17:43 9309624 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-22 13:57:21 -------- d-----w- C:\Program Files\Web Publish
2012-08-21 06:17:07 2560 ----a-w- C:\Windows\_MSRSTRT.EXE
2012-08-21 05:49:35 73728 ----a-r- C:\Users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 05:49:35 73728 ----a-r- C:\Users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 05:49:35 73728 ----a-r- C:\Users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-21 05:49:33 -------- d-----w- C:\Program Files (x86)\Sophos
2012-08-21 05:25:56 -------- d-----w- C:\Windows\SysWow64\Adobe
2012-08-21 03:21:18 -------- d-----w- C:\Users\Helene\AppData\Local\Macromedia
2012-08-21 03:20:54 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-08-18 23:49:04 -------- d-----w- C:\ProgramData\Sophos
2012-08-18 18:21:33 -------- d-----w- C:\Users\Helene\AppData\Local\Secunia PSI
2012-08-18 18:21:20 -------- d-----w- C:\Program Files (x86)\Secunia
2012-08-18 18:16:06 -------- d-----w- C:\Users\Helene\AppData\Roaming\SUPERAntiSpyware.com
2012-08-18 18:15:49 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2012-08-18 18:15:49 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2012-08-18 16:48:20 -------- d-----w- C:\Users\Helene\temp
2012-08-18 16:48:20 -------- d-----w- C:\Users\Helene\AppData\Roaming\TeamViewer
2012-08-18 16:22:10 -------- d-----w- C:\Users\Helene\AppData\Local\LogMeIn Hamachi
2012-08-18 16:21:27 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2012-08-16 17:23:52 -------- d-----w- C:\Users\Helene\AppData\Local\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}
2012-08-15 02:42:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2012-08-15 02:42:04 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2012-08-15 02:42:01 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-08-15 02:42:01 67072 ----a-w- C:\Windows\splwow64.exe
2012-08-15 02:42:01 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-08-15 02:42:01 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-08-15 02:41:46 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-08-15 02:41:46 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-08-15 02:41:46 136704 ----a-w- C:\Windows\System32\browser.dll
2012-08-15 02:41:43 3148800 ----a-w- C:\Windows\System32\win32k.sys
2012-08-15 02:41:42 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-08-14 15:55:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2012-08-14 15:55:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2012-08-13 04:44:36 -------- d-----w- C:\Users\Helene\AppData\Roaming\Malwarebytes
2012-08-13 04:44:18 -------- d-----w- C:\ProgramData\Malwarebytes
2012-08-13 04:44:17 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-08-13 04:44:17 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-08-13 04:15:00 -------- d-----w- C:\Users\Helene\AppData\Local\{DE126B12-75A3-452E-A1F8-068D1D68380D}
2012-08-13 04:14:27 -------- d-----w- C:\Users\Helene\AppData\Local\{7DD715AB-4D45-496E-9483-3408F1D21F45}
2012-08-10 06:19:11 -------- d-----w- C:\Users\Helene\AppData\Local\Garmin
2012-08-10 06:08:23 -------- d-----w- C:\Users\Helene\AppData\Local\{BC3D1D35-ABD1-47AA-9E86-7F3CF6F4D270}
2012-08-10 06:07:33 -------- d-----w- C:\Users\Helene\AppData\Local\{C177742E-6D09-407F-9213-C7D16DBA053E}
2012-08-07 20:14:01 -------- d-----w- C:\Users\Helene\AppData\Local\Apple Computer
2012-07-30 01:53:59 -------- d-----w- C:\Users\Helene\AppData\Local\{2A6D4AC4-0EF5-4F69-93D9-39EDAB5C5CD7}
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51:30 184248 ----a-w- C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
.
==================== Find3M ====================
.
2012-08-21 05:32:47 772592 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-08-21 05:32:47 687600 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-08-21 04:06:23 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-06-07 00:59:42 1070152 ----a-w- C:\Windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
.
============= FINISH: 23:55:04.87 ===============

Some other things worth mentioning: I'll be able to respond to this in a timely manner after around 4 PM tomorrow and over the weekend. I am several hours away from the computer so I'm using Teamviewer to remote in. I can reboot/reboot into safemode with it, so I think I can make it work. I have ran some many fixes/scans on the computer already to not much luck (you'll see that in the log).

Thanks in advanced! B)

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 06:32 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 August 2012 - 01:51 PM

f screen317's Security Check version 0.99.46
Windows 7 Service Pack 1 x64 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.3001)
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.0
Java™ 6 Update 33
Java™ 7 Update 5
Java version out of Date!
Adobe Reader X (10.1.4)
Mozilla Firefox (14.0.1)
Google Chrome 21.0.1180.79
Google Chrome 21.0.1180.83
Google Chrome plugins...
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````


ComboFix 12-08-25.04 - Helene 08/25/2012 13:12:42.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4086.2423 [GMT -4:00]
Running from: c:\users\Helene\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Helene\AppData\Roaming\Dyyno
c:\users\Helene\AppData\Roaming\Dyyno\dgcsrv.xml
c:\users\Helene\AppData\Roaming\Dyyno\dyyno.xml
c:\users\Helene\Documents\~WRD2979.tmp
c:\windows\SysWow64\SETA13D.tmp
c:\windows\SysWow64\SETA2F4.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-25 to 2012-08-25 )))))))))))))))))))))))))))))))
.
.
2012-08-25 14:10 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FFFF7194-BE22-42A5-94DD-E050492014B1}\mpengine.dll
2012-08-24 13:44 . 2012-08-01 22:58 9309624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-23 02:54 . 2012-08-23 02:54 -------- d-----w- c:\program files (x86)\ESET
2012-08-22 13:57 . 2012-08-22 13:57 -------- d-----w- c:\program files\Web Publish
2012-08-22 13:57 . 2012-08-22 13:57 -------- d-----w- c:\users\Kevin
2012-08-21 06:17 . 2012-08-21 06:17 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2012-08-21 05:49 . 2012-08-21 05:49 73728 ----a-r- c:\users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe1_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 05:49 . 2012-08-21 05:49 73728 ----a-r- c:\users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\SVRTgui.exe_810EDD9E2F0A4E2BACF86673C38D9F48.exe
2012-08-21 05:49 . 2012-08-21 05:49 73728 ----a-r- c:\users\Helene\AppData\Roaming\Microsoft\Installer\{B829E117-D072-41EA-9606-9826A38D34C1}\ARPPRODUCTICON.exe
2012-08-21 05:49 . 2012-08-21 05:49 -------- d-----w- c:\program files (x86)\Sophos
2012-08-21 05:30 . 2012-08-21 05:30 -------- d-----w- c:\programdata\Apple Computer
2012-08-21 05:25 . 2012-08-21 05:25 -------- d-----w- c:\windows\SysWow64\Adobe
2012-08-21 03:21 . 2012-08-21 03:21 -------- d-----w- c:\users\Helene\AppData\Local\Macromedia
2012-08-21 03:20 . 2012-08-25 13:53 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-18 23:49 . 2012-08-18 23:49 -------- d-----w- c:\programdata\Sophos
2012-08-18 18:21 . 2012-08-18 18:21 -------- d-----w- c:\users\Helene\AppData\Local\Secunia PSI
2012-08-18 18:21 . 2012-08-18 18:21 -------- d-----w- c:\program files (x86)\Secunia
2012-08-18 18:16 . 2012-08-18 18:16 -------- d-----w- c:\users\Helene\AppData\Roaming\SUPERAntiSpyware.com
2012-08-18 18:15 . 2012-08-18 18:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-08-18 18:15 . 2012-08-18 18:15 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-08-18 16:48 . 2012-08-18 16:48 -------- d-----w- c:\users\Helene\temp
2012-08-18 16:48 . 2012-08-18 16:48 -------- d-----w- c:\users\Helene\AppData\Roaming\TeamViewer
2012-08-18 16:22 . 2012-08-25 18:21 -------- d-----w- c:\users\Helene\AppData\Local\LogMeIn Hamachi
2012-08-18 16:21 . 2012-08-18 16:21 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2012-08-16 17:23 . 2012-08-16 17:23 -------- d-----w- c:\users\Helene\AppData\Local\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}
2012-08-15 14:02 . 2012-06-29 03:56 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-15 02:42 . 2012-05-05 08:36 503808 ----a-w- c:\windows\system32\srcore.dll
2012-08-15 02:42 . 2012-05-05 07:46 43008 ----a-w- c:\windows\SysWow64\srclient.dll
2012-08-15 02:42 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-08-15 02:42 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-08-15 02:42 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-08-15 02:42 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-08-15 02:41 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-08-15 02:41 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-08-15 02:41 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-08-15 02:41 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-08-15 02:41 . 2012-07-18 18:15 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-08-15 02:41 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 15:55 . 2012-08-14 18:11 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-08-14 15:55 . 2012-08-14 15:56 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2012-08-13 04:44 . 2012-08-13 04:44 -------- d-----w- c:\users\Helene\AppData\Roaming\Malwarebytes
2012-08-13 04:44 . 2012-08-13 04:44 -------- d-----w- c:\programdata\Malwarebytes
2012-08-13 04:44 . 2012-08-23 04:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-13 04:44 . 2012-07-03 17:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-10 06:19 . 2012-08-18 23:50 -------- d-----w- c:\users\Helene\AppData\Local\Garmin
2012-08-07 20:14 . 2012-08-07 20:14 -------- d-----w- c:\users\Helene\AppData\Local\Apple Computer
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2012-07-27 20:51 . 2012-07-27 20:51 184248 ----a-w- c:\program files (x86)\Internet Explorer\plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-25 13:53 . 2011-06-18 12:09 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-21 05:32 . 2012-06-05 13:17 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-21 05:32 . 2010-04-21 15:46 687600 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-08-15 14:00 . 2009-12-14 00:05 62134624 ----a-w- c:\windows\system32\MRT.exe
2012-06-09 05:43 . 2012-07-11 11:51 14172672 ----a-w- c:\windows\system32\shell32.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-06-06 06:06 . 2012-07-11 11:51 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-06-06 06:06 . 2012-07-11 11:51 1881600 ----a-w- c:\windows\system32\msxml3.dll
2012-06-06 06:02 . 2012-07-11 11:51 1133568 ----a-w- c:\windows\system32\cdosys.dll
2012-06-06 05:05 . 2012-07-11 11:51 1390080 ----a-w- c:\windows\SysWow64\msxml6.dll
2012-06-06 05:05 . 2012-07-11 11:51 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2012-06-06 05:03 . 2012-07-11 11:51 805376 ----a-w- c:\windows\SysWow64\cdosys.dll
2012-06-02 22:19 . 2012-06-23 08:42 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 08:42 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-23 08:42 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 08:42 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 08:42 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-23 08:42 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-23 08:42 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 19:19 . 2012-06-23 08:41 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 19:15 . 2012-06-23 08:41 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:50 . 2012-07-11 11:51 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-06-02 05:48 . 2012-07-11 11:51 95600 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-06-02 05:48 . 2012-07-11 11:51 151920 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-06-02 05:45 . 2012-07-11 11:51 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 05:44 . 2012-07-11 11:51 307200 ----a-w- c:\windows\system32\ncrypt.dll
2012-06-02 04:40 . 2012-07-11 11:51 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2012-06-02 04:40 . 2012-07-11 11:51 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-06-02 04:39 . 2012-07-11 11:51 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2012-06-02 04:34 . 2012-07-11 11:51 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2012-05-29 13:25 . 2012-04-02 13:24 737072 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\SportsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2012-05-29 13:25 . 2012-04-02 13:24 4283672 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2012-05-29 13:24 . 2012-04-02 13:24 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2012-05-29 13:24 . 2012-04-02 13:24 539984 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Dyyno Launcher"="c:\program files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" [2011-12-16 2146304]
"Spotify Web Helper"="c:\users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-18 932528]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-07-09 5661056]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickFinder Scheduler"="c:\program files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE" [2003-02-26 77887]
"Intuit SyncManager"="c:\program files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2010-10-19 1439496]
"hpqSRMon"="c:\program files (x86)\HP2\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files (x86)\HP2\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
c:\users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Planner Reminder.lnk - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe [2010-12-20 365960]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe [2009-9-23 270336]
MySoftware NewsFlash.lnk - c:\program files (x86)\Common Files\MySoftware\NewsFlsh.exe [2010-8-22 261120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 250568]
R3 CXPLRCAP;Capture Device;c:\windows\system32\drivers\CxPlrCap.sys [2010-01-06 235904]
R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2009-11-04 22528]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2008-07-26 15768]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2008-07-26 790424]
R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2008-07-26 50072]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-28 113120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-21 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-07-25 1326176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-08 1255736]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 CLDTVHNService;CLDTVHNService;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe [2009-09-17 75048]
S2 Dyyno Launcher;Dyyno Service;c:\program files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe [2011-12-16 409600]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 ntk_dtv;ntk_dtv;c:\program files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys [2009-09-17 82416]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-07-25 681056]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-06-22 273072]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64k.sys [2009-06-01 33160]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-08-16 17:43 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-25 13:53]
.
2012-08-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57964471-1374911142-2031730832-1000Core.job
- c:\users\Helene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-14 00:38]
.
2012-08-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-57964471-1374911142-2031730832-1000UA.job
- c:\users\Helene\AppData\Local\Google\Update\GoogleUpdate.exe [2009-12-14 00:38]
.
2010-01-11 c:\windows\Tasks\K.M.S., Inc. 1262638422.job
- c:\program files (x86)\Intuit\QuickBooks 2010\AutoBackupEXE.exe [2012-07-25 22:11]
.
2010-01-03 c:\windows\Tasks\QDATA 1262554094.job
- c:\program files (x86)\Intuit\QuickBooks 2010\AutoBackupEXE.exe [2012-07-25 22:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-10 7968800]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 2314120]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/ig
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-AddressBookReminderApp - c:\program files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\ReminderApp.exe
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-ftmps - c:\users\Helene\AppData\Roaming\ftmps.dll
HKLM-Run-macrat - c:\users\Helene\AppData\Roaming\macrat.dll
AddRemove-Adobe Flash Player Plugin - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E} - c:\program files (x86)\HP2\{5372B9A6-6E51-4f90-9B40-E0A3B8475C4E}\setup\hpzscr01.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\SysWOW64\IoctlSvc.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\PnkBstrB.exe
c:\program files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
.
**************************************************************************
.
Completion time: 2012-08-25 14:23:34 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-25 18:23
.
Pre-Run: 319,353,552,896 bytes free
Post-Run: 320,195,465,216 bytes free
.
- - End Of File - - 336A0D441D336B442BA450E5FD90DB0A

Still redirecting websites. The reboot kicked me out of teamviewer so I had to regain access...

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 01:56 PM

Greetings 7sunami

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 August 2012 - 02:28 PM

15:04:38.0483 2588 TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
15:04:38.0702 2588 ============================================================
15:04:38.0702 2588 Current date / time: 2012/08/25 15:04:38.0702
15:04:38.0702 2588 SystemInfo:
15:04:38.0702 2588
15:04:38.0702 2588 OS Version: 6.1.7601 ServicePack: 1.0
15:04:38.0702 2588 Product type: Workstation
15:04:38.0702 2588 ComputerName: KEVCO
15:04:38.0702 2588 UserName: Helene
15:04:38.0702 2588 Windows directory: C:\Windows
15:04:38.0702 2588 System windows directory: C:\Windows
15:04:38.0702 2588 Running under WOW64
15:04:38.0702 2588 Processor architecture: Intel x64
15:04:38.0702 2588 Number of processors: 4
15:04:38.0702 2588 Page size: 0x1000
15:04:38.0702 2588 Boot type: Normal boot
15:04:38.0702 2588 ============================================================
15:04:39.0497 2588 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:04:39.0497 2588 Drive \Device\Harddisk2\DR2 - Size: 0x79280000 (1.89 Gb), SectorSize: 0x200, Cylinders: 0xF7, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
15:04:39.0513 2588 ============================================================
15:04:39.0513 2588 \Device\Harddisk0\DR0:
15:04:39.0513 2588 MBR partitions:
15:04:39.0513 2588 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
15:04:39.0513 2588 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000
15:04:39.0513 2588 \Device\Harddisk2\DR2:
15:04:39.0513 2588 MBR partitions:
15:04:39.0513 2588 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0xF9, BlocksNum 0x3C8907
15:04:39.0513 2588 ============================================================
15:04:39.0544 2588 C: <-> \Device\Harddisk0\DR0\Partition2
15:04:39.0544 2588 ============================================================
15:04:39.0544 2588 Initialize success
15:04:39.0544 2588 ============================================================
15:04:47.0157 4108 ============================================================
15:04:47.0157 4108 Scan started
15:04:47.0157 4108 Mode: Manual;
15:04:47.0157 4108 ============================================================
15:04:47.0469 4108 ================ Scan system memory ========================
15:04:47.0469 4108 System memory - ok
15:04:47.0469 4108 ================ Scan services =============================
15:04:47.0563 4108 [ 7D9D615201A483D6FA99491C2E655A5A ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
15:04:47.0563 4108 !SASCORE - ok
15:04:47.0703 4108 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
15:04:47.0703 4108 1394ohci - ok
15:04:47.0750 4108 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:04:47.0750 4108 ACDaemon - ok
15:04:47.0781 4108 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
15:04:47.0797 4108 ACPI - ok
15:04:47.0812 4108 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
15:04:47.0828 4108 AcpiPmi - ok
15:04:47.0906 4108 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
15:04:47.0906 4108 AdobeARMservice - ok
15:04:48.0015 4108 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:04:48.0015 4108 AdobeFlashPlayerUpdateSvc - ok
15:04:48.0062 4108 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
15:04:48.0077 4108 adp94xx - ok
15:04:48.0109 4108 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
15:04:48.0109 4108 adpahci - ok
15:04:48.0124 4108 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
15:04:48.0124 4108 adpu320 - ok
15:04:48.0155 4108 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
15:04:48.0155 4108 AeLookupSvc - ok
15:04:48.0202 4108 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
15:04:48.0202 4108 AFD - ok
15:04:48.0233 4108 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
15:04:48.0233 4108 agp440 - ok
15:04:48.0249 4108 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
15:04:48.0249 4108 ALG - ok
15:04:48.0280 4108 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
15:04:48.0280 4108 aliide - ok
15:04:48.0296 4108 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
15:04:48.0296 4108 amdide - ok
15:04:48.0311 4108 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
15:04:48.0311 4108 AmdK8 - ok
15:04:48.0327 4108 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
15:04:48.0327 4108 AmdPPM - ok
15:04:48.0358 4108 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
15:04:48.0358 4108 amdsata - ok
15:04:48.0374 4108 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
15:04:48.0374 4108 amdsbs - ok
15:04:48.0389 4108 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
15:04:48.0389 4108 amdxata - ok
15:04:48.0421 4108 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
15:04:48.0421 4108 AppID - ok
15:04:48.0436 4108 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
15:04:48.0436 4108 AppIDSvc - ok
15:04:48.0483 4108 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
15:04:48.0483 4108 Appinfo - ok
15:04:48.0499 4108 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
15:04:48.0499 4108 arc - ok
15:04:48.0514 4108 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
15:04:48.0514 4108 arcsas - ok
15:04:48.0530 4108 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
15:04:48.0530 4108 AsyncMac - ok
15:04:48.0561 4108 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
15:04:48.0561 4108 atapi - ok
15:04:48.0608 4108 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
15:04:48.0623 4108 AudioEndpointBuilder - ok
15:04:48.0639 4108 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
15:04:48.0639 4108 AudioSrv - ok
15:04:48.0670 4108 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
15:04:48.0670 4108 AxInstSV - ok
15:04:48.0701 4108 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
15:04:48.0701 4108 b06bdrv - ok
15:04:48.0748 4108 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
15:04:48.0748 4108 b57nd60a - ok
15:04:48.0764 4108 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
15:04:48.0764 4108 BDESVC - ok
15:04:48.0764 4108 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
15:04:48.0764 4108 Beep - ok
15:04:48.0826 4108 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
15:04:48.0842 4108 BFE - ok
15:04:48.0889 4108 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
15:04:48.0920 4108 BITS - ok
15:04:48.0951 4108 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
15:04:48.0951 4108 blbdrive - ok
15:04:48.0982 4108 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
15:04:48.0982 4108 bowser - ok
15:04:48.0998 4108 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
15:04:48.0998 4108 BrFiltLo - ok
15:04:49.0013 4108 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
15:04:49.0013 4108 BrFiltUp - ok
15:04:49.0060 4108 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
15:04:49.0060 4108 BridgeMP - ok
15:04:49.0107 4108 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
15:04:49.0107 4108 Browser - ok
15:04:49.0138 4108 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
15:04:49.0138 4108 Brserid - ok
15:04:49.0154 4108 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
15:04:49.0154 4108 BrSerWdm - ok
15:04:49.0169 4108 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
15:04:49.0169 4108 BrUsbMdm - ok
15:04:49.0169 4108 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
15:04:49.0169 4108 BrUsbSer - ok
15:04:49.0185 4108 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
15:04:49.0185 4108 BTHMODEM - ok
15:04:49.0216 4108 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
15:04:49.0216 4108 bthserv - ok
15:04:49.0232 4108 catchme - ok
15:04:49.0247 4108 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
15:04:49.0247 4108 cdfs - ok
15:04:49.0279 4108 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
15:04:49.0279 4108 cdrom - ok
15:04:49.0310 4108 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
15:04:49.0310 4108 CertPropSvc - ok
15:04:49.0341 4108 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
15:04:49.0341 4108 circlass - ok
15:04:49.0435 4108 [ 6C99DE57C87D6F3EE85998A7E49F7BF9 ] CLDTVHNService C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
15:04:49.0435 4108 CLDTVHNService - ok
15:04:49.0450 4108 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
15:04:49.0466 4108 CLFS - ok
15:04:49.0513 4108 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:04:49.0513 4108 clr_optimization_v2.0.50727_32 - ok
15:04:49.0544 4108 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:04:49.0544 4108 clr_optimization_v2.0.50727_64 - ok
15:04:49.0622 4108 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:04:49.0622 4108 clr_optimization_v4.0.30319_32 - ok
15:04:49.0653 4108 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:04:49.0653 4108 clr_optimization_v4.0.30319_64 - ok
15:04:49.0669 4108 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
15:04:49.0669 4108 CmBatt - ok
15:04:49.0700 4108 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
15:04:49.0700 4108 cmdide - ok
15:04:49.0747 4108 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
15:04:49.0747 4108 CNG - ok
15:04:49.0747 4108 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
15:04:49.0762 4108 Compbatt - ok
15:04:49.0793 4108 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
15:04:49.0793 4108 CompositeBus - ok
15:04:49.0809 4108 COMSysApp - ok
15:04:49.0825 4108 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
15:04:49.0825 4108 crcdisk - ok
15:04:49.0871 4108 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
15:04:49.0871 4108 CryptSvc - ok
15:04:49.0903 4108 [ E0DA1A61814C330FDBE89DD15AF57FAE ] CXPLRCAP C:\Windows\system32\drivers\CxPlrCap.sys
15:04:49.0918 4108 CXPLRCAP - ok
15:04:49.0965 4108 [ DB0459AFD124CE5CCB649E33F95D715F ] dc3d C:\Windows\system32\DRIVERS\dc3d.sys
15:04:49.0965 4108 dc3d - ok
15:04:49.0996 4108 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
15:04:50.0012 4108 DcomLaunch - ok
15:04:50.0027 4108 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
15:04:50.0027 4108 defragsvc - ok
15:04:50.0059 4108 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
15:04:50.0074 4108 DfsC - ok
15:04:50.0105 4108 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
15:04:50.0105 4108 Dhcp - ok
15:04:50.0121 4108 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
15:04:50.0121 4108 discache - ok
15:04:50.0137 4108 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
15:04:50.0137 4108 Disk - ok
15:04:50.0168 4108 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
15:04:50.0168 4108 Dnscache - ok
15:04:50.0199 4108 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
15:04:50.0199 4108 dot3svc - ok
15:04:50.0246 4108 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
15:04:50.0246 4108 Dot4 - ok
15:04:50.0293 4108 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\drivers\Dot4Prt.sys
15:04:50.0293 4108 Dot4Print - ok
15:04:50.0293 4108 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
15:04:50.0293 4108 dot4usb - ok
15:04:50.0324 4108 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
15:04:50.0324 4108 DPS - ok
15:04:50.0339 4108 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
15:04:50.0339 4108 drmkaud - ok
15:04:50.0371 4108 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
15:04:50.0386 4108 DXGKrnl - ok
15:04:50.0433 4108 [ 936072E519A0B66E71307713967170C1 ] Dyyno Launcher C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
15:04:50.0449 4108 Dyyno Launcher - ok
15:04:50.0480 4108 [ 04DDDEA79B9E616F50B9132752F656FC ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
15:04:50.0480 4108 e1kexpress - ok
15:04:50.0495 4108 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
15:04:50.0495 4108 EapHost - ok
15:04:50.0573 4108 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
15:04:50.0636 4108 ebdrv - ok
15:04:50.0683 4108 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
15:04:50.0683 4108 EFS - ok
15:04:50.0714 4108 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
15:04:50.0729 4108 ehRecvr - ok
15:04:50.0745 4108 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
15:04:50.0745 4108 ehSched - ok
15:04:50.0776 4108 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
15:04:50.0776 4108 elxstor - ok
15:04:50.0807 4108 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
15:04:50.0807 4108 ErrDev - ok
15:04:50.0823 4108 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
15:04:50.0839 4108 EventSystem - ok
15:04:50.0854 4108 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
15:04:50.0870 4108 exfat - ok
15:04:50.0885 4108 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
15:04:50.0885 4108 fastfat - ok
15:04:50.0917 4108 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
15:04:50.0948 4108 Fax - ok
15:04:50.0948 4108 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
15:04:50.0948 4108 fdc - ok
15:04:50.0963 4108 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
15:04:50.0963 4108 fdPHost - ok
15:04:50.0979 4108 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
15:04:50.0979 4108 FDResPub - ok
15:04:50.0995 4108 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
15:04:50.0995 4108 FileInfo - ok
15:04:50.0995 4108 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
15:04:50.0995 4108 Filetrace - ok
15:04:51.0010 4108 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
15:04:51.0010 4108 flpydisk - ok
15:04:51.0041 4108 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
15:04:51.0041 4108 FltMgr - ok
15:04:51.0088 4108 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
15:04:51.0119 4108 FontCache - ok
15:04:51.0151 4108 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:04:51.0166 4108 FontCache3.0.0.0 - ok
15:04:51.0166 4108 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
15:04:51.0166 4108 FsDepends - ok
15:04:51.0213 4108 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
15:04:51.0213 4108 Fs_Rec - ok
15:04:51.0244 4108 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
15:04:51.0244 4108 fvevol - ok
15:04:51.0275 4108 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
15:04:51.0275 4108 gagp30kx - ok
15:04:51.0322 4108 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
15:04:51.0338 4108 gpsvc - ok
15:04:51.0369 4108 [ 1E6438D4EA6E1174A3B3B1EDC4DE660B ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
15:04:51.0369 4108 hamachi - ok
15:04:51.0463 4108 [ 21D24138B736983F6E23823E092E9428 ] Hamachi2Svc C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
15:04:51.0494 4108 Hamachi2Svc - ok
15:04:51.0509 4108 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
15:04:51.0509 4108 hcw85cir - ok
15:04:51.0556 4108 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
15:04:51.0556 4108 HdAudAddService - ok
15:04:51.0572 4108 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
15:04:51.0572 4108 HDAudBus - ok
15:04:51.0587 4108 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
15:04:51.0587 4108 HidBatt - ok
15:04:51.0603 4108 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
15:04:51.0603 4108 HidBth - ok
15:04:51.0619 4108 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
15:04:51.0619 4108 HidIr - ok
15:04:51.0650 4108 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
15:04:51.0650 4108 hidserv - ok
15:04:51.0681 4108 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
15:04:51.0681 4108 HidUsb - ok
15:04:51.0712 4108 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
15:04:51.0712 4108 hkmsvc - ok
15:04:51.0759 4108 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
15:04:51.0759 4108 HomeGroupListener - ok
15:04:51.0790 4108 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
15:04:51.0806 4108 HomeGroupProvider - ok
15:04:51.0915 4108 [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08 C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqcxs08.dll
15:04:51.0915 4108 hpqcxs08 - ok
15:04:51.0931 4108 [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqddsvc.dll
15:04:51.0931 4108 hpqddsvc - ok
15:04:51.0977 4108 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
15:04:51.0977 4108 HpSAMD - ok
15:04:52.0024 4108 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
15:04:52.0055 4108 HTTP - ok
15:04:52.0102 4108 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
15:04:52.0102 4108 hwpolicy - ok
15:04:52.0133 4108 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
15:04:52.0133 4108 i8042prt - ok
15:04:52.0149 4108 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
15:04:52.0149 4108 iaStorV - ok
15:04:52.0180 4108 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:04:52.0196 4108 idsvc - ok
15:04:52.0227 4108 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
15:04:52.0227 4108 iirsp - ok
15:04:52.0243 4108 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
15:04:52.0274 4108 IKEEXT - ok
15:04:52.0336 4108 [ 3111A658416DC464BA1E48E3B2169952 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
15:04:52.0336 4108 IntcAzAudAddService - ok
15:04:52.0352 4108 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
15:04:52.0352 4108 intelide - ok
15:04:52.0367 4108 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
15:04:52.0367 4108 intelppm - ok
15:04:52.0414 4108 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
15:04:52.0414 4108 IPBusEnum - ok
15:04:52.0445 4108 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
15:04:52.0445 4108 IpFilterDriver - ok
15:04:52.0492 4108 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
15:04:52.0508 4108 iphlpsvc - ok
15:04:52.0523 4108 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
15:04:52.0523 4108 IPMIDRV - ok
15:04:52.0539 4108 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
15:04:52.0539 4108 IPNAT - ok
15:04:52.0539 4108 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
15:04:52.0555 4108 IRENUM - ok
15:04:52.0570 4108 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
15:04:52.0570 4108 isapnp - ok
15:04:52.0586 4108 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
15:04:52.0586 4108 iScsiPrt - ok
15:04:52.0601 4108 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
15:04:52.0601 4108 kbdclass - ok
15:04:52.0617 4108 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
15:04:52.0617 4108 kbdhid - ok
15:04:52.0633 4108 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
15:04:52.0633 4108 KeyIso - ok
15:04:52.0664 4108 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
15:04:52.0664 4108 KSecDD - ok
15:04:52.0695 4108 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
15:04:52.0695 4108 KSecPkg - ok
15:04:52.0711 4108 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
15:04:52.0711 4108 ksthunk - ok
15:04:52.0742 4108 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
15:04:52.0742 4108 KtmRm - ok
15:04:52.0773 4108 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
15:04:52.0789 4108 LanmanServer - ok
15:04:52.0820 4108 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
15:04:52.0820 4108 LanmanWorkstation - ok
15:04:52.0913 4108 [ FCBDCC6F1801E32244235608E1277752 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
15:04:52.0913 4108 LightScribeService - ok
15:04:52.0929 4108 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
15:04:52.0929 4108 lltdio - ok
15:04:52.0945 4108 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
15:04:52.0945 4108 lltdsvc - ok
15:04:52.0960 4108 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
15:04:52.0960 4108 lmhosts - ok
15:04:52.0976 4108 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
15:04:52.0991 4108 LSI_FC - ok
15:04:52.0991 4108 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
15:04:52.0991 4108 LSI_SAS - ok
15:04:53.0007 4108 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
15:04:53.0007 4108 LSI_SAS2 - ok
15:04:53.0023 4108 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
15:04:53.0023 4108 LSI_SCSI - ok
15:04:53.0038 4108 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
15:04:53.0038 4108 luafv - ok
15:04:53.0069 4108 [ 07389F6925E490D2DB7882110E99921C ] lvpepf64 C:\Windows\system32\DRIVERS\lv302a64.sys
15:04:53.0069 4108 lvpepf64 - ok
15:04:53.0101 4108 [ 7F0BA3A6E8996F15693C6B7D81DA049E ] LVRS64 C:\Windows\system32\DRIVERS\lvrs64.sys
15:04:53.0116 4108 LVRS64 - ok
15:04:53.0132 4108 [ 5C3FF68267A5D242EE79EE01B993D6CE ] LVUSBS64 C:\Windows\system32\drivers\LVUSBS64.sys
15:04:53.0132 4108 LVUSBS64 - ok
15:04:53.0163 4108 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
15:04:53.0163 4108 Mcx2Svc - ok
15:04:53.0179 4108 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
15:04:53.0179 4108 megasas - ok
15:04:53.0194 4108 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
15:04:53.0194 4108 MegaSR - ok
15:04:53.0225 4108 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
15:04:53.0225 4108 MMCSS - ok
15:04:53.0225 4108 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
15:04:53.0225 4108 Modem - ok
15:04:53.0257 4108 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
15:04:53.0257 4108 monitor - ok
15:04:53.0288 4108 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
15:04:53.0288 4108 mouclass - ok
15:04:53.0303 4108 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
15:04:53.0303 4108 mouhid - ok
15:04:53.0335 4108 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
15:04:53.0335 4108 mountmgr - ok
15:04:53.0397 4108 [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
15:04:53.0397 4108 MozillaMaintenance - ok
15:04:53.0428 4108 [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
15:04:53.0428 4108 MpFilter - ok
15:04:53.0444 4108 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
15:04:53.0459 4108 mpio - ok
15:04:53.0475 4108 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
15:04:53.0475 4108 mpsdrv - ok
15:04:53.0522 4108 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
15:04:53.0522 4108 MpsSvc - ok
15:04:53.0584 4108 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
15:04:53.0584 4108 MRxDAV - ok
15:04:53.0615 4108 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
15:04:53.0615 4108 mrxsmb - ok
15:04:53.0647 4108 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
15:04:53.0647 4108 mrxsmb10 - ok
15:04:53.0662 4108 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
15:04:53.0662 4108 mrxsmb20 - ok
15:04:53.0662 4108 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
15:04:53.0662 4108 msahci - ok
15:04:53.0693 4108 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
15:04:53.0709 4108 msdsm - ok
15:04:53.0709 4108 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
15:04:53.0725 4108 MSDTC - ok
15:04:53.0740 4108 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
15:04:53.0740 4108 Msfs - ok
15:04:53.0756 4108 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
15:04:53.0756 4108 mshidkmdf - ok
15:04:53.0787 4108 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
15:04:53.0787 4108 msisadrv - ok
15:04:53.0803 4108 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
15:04:53.0803 4108 MSiSCSI - ok
15:04:53.0818 4108 msiserver - ok
15:04:53.0834 4108 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
15:04:53.0834 4108 MSKSSRV - ok
15:04:53.0927 4108 [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
15:04:53.0927 4108 MsMpSvc - ok
15:04:53.0959 4108 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
15:04:53.0959 4108 MSPCLOCK - ok
15:04:53.0974 4108 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
15:04:53.0974 4108 MSPQM - ok
15:04:54.0005 4108 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
15:04:54.0005 4108 MsRPC - ok
15:04:54.0021 4108 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
15:04:54.0021 4108 mssmbios - ok
15:04:54.0037 4108 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
15:04:54.0037 4108 MSTEE - ok
15:04:54.0052 4108 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
15:04:54.0052 4108 MTConfig - ok
15:04:54.0068 4108 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
15:04:54.0068 4108 Mup - ok
15:04:54.0115 4108 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
15:04:54.0115 4108 napagent - ok
15:04:54.0146 4108 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
15:04:54.0146 4108 NativeWifiP - ok
15:04:54.0193 4108 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
15:04:54.0208 4108 NDIS - ok
15:04:54.0224 4108 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
15:04:54.0224 4108 NdisCap - ok
15:04:54.0239 4108 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
15:04:54.0239 4108 NdisTapi - ok
15:04:54.0271 4108 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
15:04:54.0271 4108 Ndisuio - ok
15:04:54.0302 4108 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
15:04:54.0302 4108 NdisWan - ok
15:04:54.0317 4108 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
15:04:54.0317 4108 NDProxy - ok
15:04:54.0427 4108 [ 5AA05F5CA4C6D3B5EC2CE1CDF6736270 ] Nero BackItUp Scheduler 3 C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
15:04:54.0427 4108 Nero BackItUp Scheduler 3 - ok
15:04:54.0473 4108 [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
15:04:54.0473 4108 Net Driver HPZ12 - ok
15:04:54.0489 4108 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
15:04:54.0489 4108 NetBIOS - ok
15:04:54.0520 4108 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
15:04:54.0536 4108 NetBT - ok
15:04:54.0551 4108 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
15:04:54.0551 4108 Netlogon - ok
15:04:54.0583 4108 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
15:04:54.0583 4108 Netman - ok
15:04:54.0629 4108 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
15:04:54.0645 4108 netprofm - ok
15:04:54.0661 4108 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:04:54.0661 4108 NetTcpPortSharing - ok
15:04:54.0692 4108 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
15:04:54.0692 4108 nfrd960 - ok
15:04:54.0723 4108 [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
15:04:54.0723 4108 NisDrv - ok
15:04:54.0770 4108 [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
15:04:54.0770 4108 NisSrv - ok
15:04:54.0801 4108 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
15:04:54.0801 4108 NlaSvc - ok
15:04:54.0817 4108 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
15:04:54.0817 4108 Npfs - ok
15:04:54.0832 4108 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
15:04:54.0832 4108 nsi - ok
15:04:54.0832 4108 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
15:04:54.0832 4108 nsiproxy - ok
15:04:54.0895 4108 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
15:04:54.0926 4108 Ntfs - ok
15:04:54.0973 4108 [ 10694A19236A6355741914C3737CF3A5 ] ntk_dtv C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys
15:04:54.0973 4108 ntk_dtv - ok
15:04:55.0019 4108 [ D4012918D3A3847B44B888D56BC095D6 ] NuidFltr C:\Windows\system32\DRIVERS\NuidFltr.sys
15:04:55.0019 4108 NuidFltr - ok
15:04:55.0035 4108 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
15:04:55.0035 4108 Null - ok
15:04:55.0269 4108 [ 325520227CC568052AE1D7AD49D90951 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
15:04:55.0316 4108 nvlddmkm - ok
15:04:55.0347 4108 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
15:04:55.0347 4108 nvraid - ok
15:04:55.0378 4108 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
15:04:55.0378 4108 nvstor - ok
15:04:55.0425 4108 [ 4DFFB8DDBA4A0E8222E0E8D2CD590803 ] nvsvc C:\Windows\system32\nvvsvc.exe
15:04:55.0441 4108 nvsvc - ok
15:04:55.0472 4108 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
15:04:55.0472 4108 nv_agp - ok
15:04:55.0534 4108 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
15:04:55.0550 4108 odserv - ok
15:04:55.0565 4108 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
15:04:55.0565 4108 ohci1394 - ok
15:04:55.0597 4108 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
15:04:55.0597 4108 ose - ok
15:04:55.0628 4108 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
15:04:55.0628 4108 p2pimsvc - ok
15:04:55.0643 4108 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
15:04:55.0659 4108 p2psvc - ok
15:04:55.0659 4108 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
15:04:55.0659 4108 Parport - ok
15:04:55.0690 4108 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
15:04:55.0690 4108 partmgr - ok
15:04:55.0706 4108 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
15:04:55.0706 4108 PcaSvc - ok
15:04:55.0721 4108 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
15:04:55.0721 4108 pci - ok
15:04:55.0753 4108 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
15:04:55.0753 4108 pciide - ok
15:04:55.0768 4108 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
15:04:55.0768 4108 pcmcia - ok
15:04:55.0768 4108 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
15:04:55.0784 4108 pcw - ok
15:04:55.0784 4108 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
15:04:55.0799 4108 PEAUTH - ok
15:04:55.0877 4108 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
15:04:55.0877 4108 PerfHost - ok
15:04:55.0987 4108 [ 087A343DFC337F37723DD7912DE6B6CD ] PID_PEPI C:\Windows\system32\DRIVERS\LV302V64.SYS
15:04:56.0018 4108 PID_PEPI - ok
15:04:56.0065 4108 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
15:04:56.0096 4108 pla - ok
15:04:56.0127 4108 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\SysWOW64\IoctlSvc.exe
15:04:56.0127 4108 PLFlash DeviceIoControl Service - ok
15:04:56.0189 4108 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
15:04:56.0205 4108 PlugPlay - ok
15:04:56.0267 4108 [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
15:04:56.0267 4108 Pml Driver HPZ12 - ok
15:04:56.0283 4108 PnkBstrA - ok
15:04:56.0283 4108 PnkBstrB - ok
15:04:56.0299 4108 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
15:04:56.0299 4108 PNRPAutoReg - ok
15:04:56.0314 4108 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
15:04:56.0330 4108 PNRPsvc - ok
15:04:56.0345 4108 [ A6D06378F37BDBA0C0019294C2AABBD0 ] Point64 C:\Windows\system32\DRIVERS\point64k.sys
15:04:56.0361 4108 Point64 - ok
15:04:56.0392 4108 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
15:04:56.0408 4108 PolicyAgent - ok
15:04:56.0439 4108 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
15:04:56.0439 4108 Power - ok
15:04:56.0470 4108 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
15:04:56.0486 4108 PptpMiniport - ok
15:04:56.0501 4108 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
15:04:56.0501 4108 Processor - ok
15:04:56.0533 4108 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
15:04:56.0548 4108 ProfSvc - ok
15:04:56.0548 4108 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
15:04:56.0564 4108 ProtectedStorage - ok
15:04:56.0611 4108 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
15:04:56.0611 4108 Psched - ok
15:04:56.0626 4108 [ FB46E9A827A8799EBD7BFA9128C91F37 ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys
15:04:56.0626 4108 PSI - ok
15:04:56.0735 4108 [ 2631FC0676CC310B2E85FDE46B1560D9 ] QBCFMonitorService c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
15:04:56.0735 4108 QBCFMonitorService - ok
15:04:56.0767 4108 [ 6BEE1814470DC12FA20C53DFC3C97EBB ] QBFCService c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
15:04:56.0767 4108 QBFCService - ok
15:04:56.0813 4108 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
15:04:56.0829 4108 ql2300 - ok
15:04:56.0845 4108 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
15:04:56.0845 4108 ql40xx - ok
15:04:56.0876 4108 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
15:04:56.0876 4108 QWAVE - ok
15:04:56.0876 4108 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
15:04:56.0876 4108 QWAVEdrv - ok
15:04:56.0891 4108 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
15:04:56.0891 4108 RasAcd - ok
15:04:56.0907 4108 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
15:04:56.0907 4108 RasAgileVpn - ok
15:04:56.0923 4108 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
15:04:56.0923 4108 RasAuto - ok
15:04:56.0954 4108 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
15:04:56.0954 4108 Rasl2tp - ok
15:04:57.0001 4108 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
15:04:57.0016 4108 RasMan - ok
15:04:57.0032 4108 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
15:04:57.0032 4108 RasPppoe - ok
15:04:57.0047 4108 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
15:04:57.0047 4108 RasSstp - ok
15:04:57.0079 4108 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
15:04:57.0094 4108 rdbss - ok
15:04:57.0094 4108 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
15:04:57.0094 4108 rdpbus - ok
15:04:57.0110 4108 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
15:04:57.0110 4108 RDPCDD - ok
15:04:57.0110 4108 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
15:04:57.0110 4108 RDPENCDD - ok
15:04:57.0125 4108 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
15:04:57.0125 4108 RDPREFMP - ok
15:04:57.0157 4108 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
15:04:57.0157 4108 RDPWD - ok
15:04:57.0188 4108 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
15:04:57.0188 4108 rdyboost - ok
15:04:57.0219 4108 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
15:04:57.0219 4108 RemoteAccess - ok
15:04:57.0219 4108 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
15:04:57.0219 4108 RemoteRegistry - ok
15:04:57.0281 4108 [ 9C3AC71A9934B884FAC567A8807E9C4D ] Revoflt C:\Windows\system32\DRIVERS\revoflt.sys
15:04:57.0281 4108 Revoflt - ok
15:04:57.0297 4108 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
15:04:57.0297 4108 RpcEptMapper - ok
15:04:57.0313 4108 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
15:04:57.0313 4108 RpcLocator - ok
15:04:57.0344 4108 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
15:04:57.0359 4108 RpcSs - ok
15:04:57.0359 4108 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
15:04:57.0359 4108 rspndr - ok
15:04:57.0375 4108 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
15:04:57.0375 4108 SamSs - ok
15:04:57.0437 4108 [ 3289766038DB2CB14D07DC84392138D5 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
15:04:57.0437 4108 SASDIFSV - ok
15:04:57.0437 4108 [ 58A38E75F3316A83C23DF6173D41F2B5 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
15:04:57.0437 4108 SASKUTIL - ok
15:04:57.0469 4108 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
15:04:57.0469 4108 sbp2port - ok
15:04:57.0547 4108 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
15:04:57.0562 4108 SBSDWSCService - ok
15:04:57.0562 4108 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
15:04:57.0562 4108 SCardSvr - ok
15:04:57.0593 4108 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
15:04:57.0593 4108 scfilter - ok
15:04:57.0656 4108 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
15:04:57.0671 4108 Schedule - ok
15:04:57.0718 4108 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
15:04:57.0718 4108 SCPolicySvc - ok
15:04:57.0749 4108 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
15:04:57.0749 4108 SDRSVC - ok
15:04:57.0765 4108 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
15:04:57.0765 4108 secdrv - ok
15:04:57.0796 4108 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
15:04:57.0796 4108 seclogon - ok
15:04:57.0859 4108 [ 9044795E9D1A912D5F1B8DF6211850FD ] Secunia PSI Agent C:\Program Files (x86)\Secunia\PSI\PSIA.exe
15:04:57.0890 4108 Secunia PSI Agent - ok
15:04:57.0921 4108 [ 8B1A72E4FB63A9C068B08E1F9B70482A ] Secunia Update Agent C:\Program Files (x86)\Secunia\PSI\sua.exe
15:04:57.0937 4108 Secunia Update Agent - ok
15:04:57.0952 4108 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
15:04:57.0968 4108 SENS - ok
15:04:57.0968 4108 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
15:04:57.0968 4108 SensrSvc - ok
15:04:57.0983 4108 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
15:04:57.0983 4108 Serenum - ok
15:04:57.0999 4108 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
15:04:57.0999 4108 Serial - ok
15:04:58.0046 4108 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
15:04:58.0046 4108 sermouse - ok
15:04:58.0077 4108 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
15:04:58.0077 4108 SessionEnv - ok
15:04:58.0124 4108 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
15:04:58.0124 4108 sffdisk - ok
15:04:58.0124 4108 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
15:04:58.0124 4108 sffp_mmc - ok
15:04:58.0139 4108 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
15:04:58.0139 4108 sffp_sd - ok
15:04:58.0155 4108 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
15:04:58.0155 4108 sfloppy - ok
15:04:58.0171 4108 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
15:04:58.0186 4108 SharedAccess - ok
15:04:58.0217 4108 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
15:04:58.0233 4108 ShellHWDetection - ok
15:04:58.0233 4108 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
15:04:58.0233 4108 SiSRaid2 - ok
15:04:58.0249 4108 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
15:04:58.0249 4108 SiSRaid4 - ok
15:04:58.0280 4108 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
15:04:58.0280 4108 Smb - ok
15:04:58.0311 4108 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
15:04:58.0311 4108 SNMPTRAP - ok
15:04:58.0342 4108 [ 5F9785E7535F8F602CB294A54962C9E7 ] speedfan C:\Windows\syswow64\speedfan.sys
15:04:58.0342 4108 speedfan - ok
15:04:58.0358 4108 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
15:04:58.0358 4108 spldr - ok
15:04:58.0389 4108 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
15:04:58.0420 4108 Spooler - ok
15:04:58.0514 4108 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
15:04:58.0576 4108 sppsvc - ok
15:04:58.0592 4108 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
15:04:58.0592 4108 sppuinotify - ok
15:04:58.0623 4108 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
15:04:58.0623 4108 srv - ok
15:04:58.0654 4108 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
15:04:58.0654 4108 srv2 - ok
15:04:58.0670 4108 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
15:04:58.0670 4108 srvnet - ok
15:04:58.0685 4108 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
15:04:58.0685 4108 SSDPSRV - ok
15:04:58.0701 4108 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
15:04:58.0701 4108 SstpSvc - ok
15:04:58.0717 4108 Steam Client Service - ok
15:04:58.0732 4108 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
15:04:58.0732 4108 stexstor - ok
15:04:58.0779 4108 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
15:04:58.0795 4108 stisvc - ok
15:04:58.0826 4108 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
15:04:58.0826 4108 swenum - ok
15:04:58.0857 4108 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
15:04:58.0857 4108 swprv - ok
15:04:58.0919 4108 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
15:04:58.0966 4108 SysMain - ok
15:04:58.0997 4108 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
15:04:59.0013 4108 TabletInputService - ok
15:04:59.0044 4108 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
15:04:59.0044 4108 TapiSrv - ok
15:04:59.0060 4108 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
15:04:59.0060 4108 TBS - ok
15:04:59.0138 4108 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
15:04:59.0169 4108 Tcpip - ok
15:04:59.0200 4108 [ ACB82BDA8F46C84F465C1AFA517DC4B9 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
15:04:59.0200 4108 TCPIP6 - ok
15:04:59.0247 4108 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
15:04:59.0247 4108 tcpipreg - ok
15:04:59.0263 4108 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
15:04:59.0263 4108 TDPIPE - ok
15:04:59.0294 4108 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
15:04:59.0294 4108 TDTCP - ok
15:04:59.0325 4108 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
15:04:59.0325 4108 tdx - ok
15:04:59.0450 4108 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
15:04:59.0465 4108 TeamViewer7 - ok
15:04:59.0497 4108 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
15:04:59.0497 4108 TermDD - ok
15:04:59.0543 4108 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
15:04:59.0559 4108 TermService - ok
15:04:59.0575 4108 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
15:04:59.0575 4108 Themes - ok
15:04:59.0590 4108 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
15:04:59.0590 4108 THREADORDER - ok
15:04:59.0590 4108 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
15:04:59.0590 4108 TrkWks - ok
15:04:59.0637 4108 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
15:04:59.0637 4108 TrustedInstaller - ok
15:04:59.0668 4108 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
15:04:59.0668 4108 tssecsrv - ok
15:04:59.0699 4108 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
15:04:59.0699 4108 TsUsbFlt - ok
15:04:59.0746 4108 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
15:04:59.0746 4108 tunnel - ok
15:04:59.0762 4108 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
15:04:59.0762 4108 uagp35 - ok
15:04:59.0793 4108 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
15:04:59.0793 4108 udfs - ok
15:04:59.0824 4108 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
15:04:59.0824 4108 UI0Detect - ok
15:04:59.0840 4108 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
15:04:59.0840 4108 uliagpkx - ok
15:04:59.0871 4108 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
15:04:59.0871 4108 umbus - ok
15:04:59.0887 4108 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
15:04:59.0887 4108 UmPass - ok
15:04:59.0918 4108 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
15:04:59.0918 4108 upnphost - ok
15:04:59.0933 4108 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
15:04:59.0933 4108 usbaudio - ok
15:04:59.0949 4108 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
15:04:59.0949 4108 usbccgp - ok
15:04:59.0980 4108 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
15:04:59.0980 4108 usbcir - ok
15:05:00.0011 4108 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
15:05:00.0011 4108 usbehci - ok
15:05:00.0027 4108 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
15:05:00.0027 4108 usbhub - ok
15:05:00.0043 4108 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
15:05:00.0043 4108 usbohci - ok
15:05:00.0058 4108 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
15:05:00.0058 4108 usbprint - ok
15:05:00.0105 4108 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
15:05:00.0105 4108 usbscan - ok
15:05:00.0105 4108 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
15:05:00.0121 4108 USBSTOR - ok
15:05:00.0121 4108 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
15:05:00.0121 4108 usbuhci - ok
15:05:00.0167 4108 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
15:05:00.0167 4108 usbvideo - ok
15:05:00.0183 4108 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
15:05:00.0183 4108 UxSms - ok
15:05:00.0183 4108 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
15:05:00.0183 4108 VaultSvc - ok
15:05:00.0199 4108 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
15:05:00.0199 4108 vdrvroot - ok
15:05:00.0230 4108 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
15:05:00.0245 4108 vds - ok
15:05:00.0292 4108 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
15:05:00.0292 4108 vga - ok
15:05:00.0292 4108 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
15:05:00.0308 4108 VgaSave - ok
15:05:00.0323 4108 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
15:05:00.0323 4108 vhdmp - ok
15:05:00.0355 4108 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
15:05:00.0355 4108 viaide - ok
15:05:00.0355 4108 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
15:05:00.0355 4108 volmgr - ok
15:05:00.0386 4108 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
15:05:00.0401 4108 volmgrx - ok
15:05:00.0433 4108 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
15:05:00.0433 4108 volsnap - ok
15:05:00.0448 4108 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
15:05:00.0448 4108 vsmraid - ok
15:05:00.0495 4108 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
15:05:00.0526 4108 VSS - ok
15:05:00.0542 4108 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
15:05:00.0542 4108 vwifibus - ok
15:05:00.0557 4108 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
15:05:00.0573 4108 W32Time - ok
15:05:00.0573 4108 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
15:05:00.0573 4108 WacomPen - ok
15:05:00.0589 4108 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
15:05:00.0589 4108 WANARP - ok
15:05:00.0589 4108 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
15:05:00.0589 4108 Wanarpv6 - ok
15:05:00.0651 4108 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
15:05:00.0682 4108 WatAdminSvc - ok
15:05:00.0745 4108 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
15:05:00.0776 4108 wbengine - ok
15:05:00.0791 4108 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
15:05:00.0791 4108 WbioSrvc - ok
15:05:00.0823 4108 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
15:05:00.0838 4108 wcncsvc - ok
15:05:00.0854 4108 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
15:05:00.0854 4108 WcsPlugInService - ok
15:05:00.0869 4108 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
15:05:00.0869 4108 Wd - ok
15:05:00.0885 4108 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
15:05:00.0901 4108 Wdf01000 - ok
15:05:00.0916 4108 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
15:05:00.0916 4108 WdiServiceHost - ok
15:05:00.0932 4108 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
15:05:00.0932 4108 WdiSystemHost - ok
15:05:00.0963 4108 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
15:05:00.0963 4108 WebClient - ok
15:05:00.0979 4108 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
15:05:00.0979 4108 Wecsvc - ok
15:05:00.0994 4108 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
15:05:00.0994 4108 wercplsupport - ok
15:05:01.0010 4108 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
15:05:01.0025 4108 WerSvc - ok
15:05:01.0025 4108 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
15:05:01.0025 4108 WfpLwf - ok
15:05:01.0041 4108 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
15:05:01.0041 4108 WIMMount - ok
15:05:01.0041 4108 WinDefend - ok
15:05:01.0057 4108 WinHttpAutoProxySvc - ok
15:05:01.0088 4108 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
15:05:01.0088 4108 Winmgmt - ok
15:05:01.0150 4108 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
15:05:01.0181 4108 WinRM - ok
15:05:01.0228 4108 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
15:05:01.0228 4108 WinUsb - ok
15:05:01.0259 4108 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
15:05:01.0275 4108 Wlansvc - ok
15:05:01.0384 4108 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
15:05:01.0415 4108 wlidsvc - ok
15:05:01.0447 4108 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
15:05:01.0447 4108 WmiAcpi - ok
15:05:01.0462 4108 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
15:05:01.0462 4108 wmiApSrv - ok
15:05:01.0478 4108 WMPNetworkSvc - ok
15:05:01.0493 4108 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
15:05:01.0493 4108 WPCSvc - ok
15:05:01.0525 4108 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
15:05:01.0525 4108 WPDBusEnum - ok
15:05:01.0540 4108 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
15:05:01.0540 4108 ws2ifsl - ok
15:05:01.0540 4108 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
15:05:01.0540 4108 wscsvc - ok
15:05:01.0587 4108 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
15:05:01.0587 4108 WSDPrintDevice - ok
15:05:01.0587 4108 WSearch - ok
15:05:01.0649 4108 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
15:05:01.0696 4108 wuauserv - ok
15:05:01.0727 4108 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
15:05:01.0727 4108 WudfPf - ok
15:05:01.0774 4108 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
15:05:01.0774 4108 WUDFRd - ok
15:05:01.0805 4108 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
15:05:01.0805 4108 wudfsvc - ok
15:05:01.0821 4108 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
15:05:01.0821 4108 WwanSvc - ok
15:05:01.0837 4108 ================ Scan global ===============================
15:05:01.0852 4108 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
15:05:01.0883 4108 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:05:01.0899 4108 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
15:05:01.0915 4108 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
15:05:01.0946 4108 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
15:05:01.0946 4108 [Global] - ok
15:05:01.0946 4108 ================ Scan MBR ==================================
15:05:01.0961 4108 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:05:02.0195 4108 \Device\Harddisk0\DR0 - ok
15:05:10.0276 4108 ================ Scan VBR ==================================
15:05:10.0292 4108 [ 6F8894E96743BF6F0305338B4878DFD8 ] \Device\Harddisk0\DR0\Partition1
15:05:10.0292 4108 \Device\Harddisk0\DR0\Partition1 - ok
15:05:10.0307 4108 [ AFED74DB1E9554807E4834117DC3AD64 ] \Device\Harddisk0\DR0\Partition2
15:05:10.0307 4108 \Device\Harddisk0\DR0\Partition2 - ok
15:05:10.0307 4108 ============================================================
15:05:10.0307 4108 Scan finished
15:05:10.0307 4108 ============================================================
15:05:10.0323 3600 Detected object count: 0
15:05:10.0323 3600 Actual detected object count: 0


aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-08-25 15:07:05
-----------------------------
15:07:05.514 OS Version: Windows x64 6.1.7601 Service Pack 1
15:07:05.514 Number of processors: 4 586 0x1E05
15:07:05.514 ComputerName: KEVCO UserName:
15:07:06.684 Initialize success
15:11:04.364 AVAST engine defs: 12082501
15:13:11.504 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-3
15:13:11.504 Disk 0 Vendor: WDC_WD5000AAKS-00A7B2 01.03B01 Size: 476940MB BusType: 3
15:13:11.520 Disk 0 MBR read successfully
15:13:11.520 Disk 0 MBR scan
15:13:11.535 Disk 0 Windows 7 default MBR code
15:13:11.535 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
15:13:11.551 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 476838 MB offset 206848
15:13:11.566 Disk 0 scanning C:\Windows\system32\drivers
15:13:19.257 Service scanning
15:13:36.215 Modules scanning
15:13:36.215 Disk 0 trace - called modules:
15:13:36.231 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
15:13:36.231 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004a57060]
15:13:36.746 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa80047e8580]
15:13:36.746 5 ACPI.sys[fffff88000eea7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-3[0xfffffa80047f5060]
15:13:38.384 AVAST engine scan C:\Windows
15:13:41.909 AVAST engine scan C:\Windows\system32
15:15:37.584 AVAST engine scan C:\Windows\system32\drivers
15:15:47.037 AVAST engine scan C:\Users\Helene
15:22:53.278 AVAST engine scan C:\ProgramData
15:25:13.506 Scan finished successfully
15:26:22.989 Disk 0 MBR has been saved successfully to "C:\Users\Helene\Desktop\MBR.dat"
15:26:22.989 The log file has been saved successfully to "C:\Users\Helene\Desktop\aswMBR.txt"

Thanks.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 03:12 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 August 2012 - 03:47 PM

OTL logfile created on: 8/25/2012 4:23:15 PM - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Helene\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.99 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 50.90% Memory free
7.98 Gb Paging File | 5.57 Gb Available in Paging File | 69.77% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465.66 Gb Total Space | 297.92 Gb Free Space | 63.98% Space Free | Partition Type: NTFS

Computer Name: KEVCO | User Name: Helene | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Helene\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - c:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
PRC - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe ()
PRC - C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe (Creative Home)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
PRC - C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
PRC - C:\Program Files (x86)\HP2\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
PRC - C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)
PRC - C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe (MySoftware, Inc.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV:64bit: - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV:64bit: - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Dyyno Launcher) -- C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ACDaemon) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (hpqcxs08) -- C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.)
SRV - (hpqddsvc) -- C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqddsvc.dll (Hewlett-Packard Co.)
SRV - (CLDTVHNService) -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe ()
SRV - (QBFCService) -- c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (PLFlash DeviceIoControl Service) -- C:\Windows\SysWOW64\IoctlSvc.exe (Prolific Technology Inc.)


========== Driver Services (SafeList) ==========

DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\saskutil64.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (CXPLRCAP) -- C:\Windows\SysNative\drivers\CxPlrCap.sys (Conexant Systems, Inc.)
DRV:64bit: - (Revoflt) -- C:\Windows\SysNative\drivers\revoflt.sys (VS Revo Group)
DRV:64bit: - (dc3d) -- C:\Windows\SysNative\drivers\dc3d.sys (Microsoft Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (e1kexpress) -- C:\Windows\SysNative\drivers\e1k62x64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64k.sys (Microsoft Corporation)
DRV:64bit: - (NuidFltr) -- C:\Windows\SysNative\drivers\nuidfltr.sys (Microsoft Corporation)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV - (ntk_dtv) -- C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\ntk_dtv_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ig
IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 72 0E 45 4F 7F CD 01 [binary data]
IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\SearchScopes,DefaultScope = {2E9E6CF1-837D-4B2C-9047-7307132BBB72}
IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\SearchScopes\{2E9E6CF1-837D-4B2C-9047-7307132BBB72}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.google.com/ig?hl=en"
FF - prefs.js..extensions.enabledItems: foxmarks@kei.com:3.9.7
FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Helene\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Helene\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/21 11:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/21 01:31:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/08/21 01:31:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/02/21 11:31:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}: C:\Users\Helene\AppData\Local\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}\ [2012/08/16 13:23:52 | 000,000,000 | ---D | M]

[2009/12/13 20:03:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helene\AppData\Roaming\Mozilla\Extensions
[2012/08/18 11:55:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\extensions
[2011/08/25 08:49:36 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012/08/18 11:55:17 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\extensions\foxmarks@kei.com
[2010/01/29 18:28:13 | 000,002,217 | ---- | M] () -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\askcom.xml
[2009/12/26 19:46:56 | 000,000,939 | ---- | M] () -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\dictionary.xml
[2010/01/29 18:28:52 | 000,002,073 | ---- | M] () -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\dogpile.xml
[2009/12/26 19:46:49 | 000,002,935 | ---- | M] () -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\google-dictionary.xml
[2012/08/21 01:25:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/04/09 13:37:59 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2012/08/21 01:25:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/08/16 13:23:52 | 000,000,000 | ---D | M] (Mozilla Safe Browsing) -- C:\USERS\HELENE\APPDATA\LOCAL\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}
[1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\USERS\HELENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BKBZY0AF.DEFAULT\EXTENSIONS\ZYOAZZLNEY@ZYOAZZLNEY.ORG.XPI
[2012/07/28 09:10:27 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/11/19 17:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npCouponPrinter.dll
[2009/11/19 17:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/21 17:51:21 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/21 17:51:20 | 000,002,040 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Helene\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Helene\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Helene\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.6 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\Helene\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: QUAKE LIVE (Enabled) = C:\ProgramData\id Software\QuakeLive\npquakezero.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Helene\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - Extension: No name found = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkeidgmehkdjmpjodpjkepolokanalkm\3\
CHR - Extension: YouTube = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: No name found = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0\
CHR - Extension: No name found = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl\1.0\
CHR - Extension: No name found = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk\1.0\
CHR - Extension: No name found = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2\
CHR - Extension: Gmail = C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/08/25 14:21:39 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
O2 - BHO: (HP Print Enhancer) - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP2\Digital Imaging\smart web printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP2\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O3 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
O3 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4:64bit: - HKLM..\Run: [ftmps] rundll32.exe "C:\Users\Helene\AppData\Roaming\ftmps.dll",CreateInfoWindow File not found
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [macrat] "C:\Windows\System32\rundll32.exe" "C:\Users\Helene\AppData\Roaming\macrat.dll",read_end File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files (x86)\HP2\HP Software Update\hpwuSchd2.exe (Hewlett-Packard)
O4 - HKLM..\Run: [hpqSRMon] C:\Program Files (x86)\HP2\Digital Imaging\bin\HpqSRmon.exe (Hewlett-Packard)
O4 - HKLM..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe (Intuit Inc. All rights reserved.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickFinder Scheduler] C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE (Novell, Inc., c/o Corel Corporation Limited)
O4 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000..\Run: [Dyyno Launcher] C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe ()
O4 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000..\Run: [Spotify Web Helper] C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP2\Digital Imaging\smart web printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.5.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F094FA7-C64F-4A2B-93BC-18327601E78F}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\intu-help-qb3 {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/25 16:22:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Helene\Desktop\OTL.exe
[2012/08/25 15:06:58 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Helene\Desktop\aswMBR(1).exe
[2012/08/25 15:04:26 | 002,211,928 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Helene\Desktop\tdsskiller(2).exe
[2012/08/25 14:41:26 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/25 14:23:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/08/25 13:10:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/25 13:10:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/25 13:10:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/25 13:09:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/25 13:09:48 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/25 13:07:31 | 004,738,846 | R--- | C] (Swearware) -- C:\Users\Helene\Desktop\ComboFix.exe
[2012/08/23 23:54:47 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Helene\Desktop\dds.com
[2012/08/22 22:54:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/08/22 09:57:21 | 000,000,000 | ---D | C] -- C:\Program Files\Web Publish
[2012/08/21 01:49:35 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
[2012/08/21 01:49:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sophos
[2012/08/21 01:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/08/21 01:30:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012/08/21 01:30:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012/08/21 01:25:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe
[2012/08/20 23:21:18 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\Macromedia
[2012/08/20 23:20:54 | 000,696,520 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/18 19:49:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Sophos
[2012/08/18 14:21:33 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\Secunia PSI
[2012/08/18 14:21:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2012/08/18 14:16:06 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Roaming\SUPERAntiSpyware.com
[2012/08/18 14:15:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/08/18 14:15:49 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/08/18 14:15:49 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/08/18 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\Helene\temp
[2012/08/18 12:48:20 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Roaming\TeamViewer
[2012/08/18 12:22:10 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\LogMeIn Hamachi
[2012/08/18 12:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012/08/18 12:21:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012/08/16 13:23:52 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{2AD82794-E7C7-11E1-8270-B8AC6F996F26}
[2012/08/15 10:03:02 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/08/15 10:03:02 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/08/15 10:03:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/08/15 10:03:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/08/15 10:03:00 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/08/15 10:03:00 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/08/15 10:03:00 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/08/15 10:03:00 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/08/15 10:02:59 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/08/15 10:02:59 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/08/15 10:02:59 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/08/15 10:02:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/08/15 10:02:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/08/14 22:42:04 | 000,503,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\srcore.dll
[2012/08/14 22:42:01 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2012/08/14 22:42:01 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2012/08/14 22:42:01 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\splwow64.exe
[2012/08/14 22:41:46 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netapi32.dll
[2012/08/14 22:41:46 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\browcli.dll
[2012/08/14 22:41:46 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\browcli.dll
[2012/08/14 22:41:42 | 000,956,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\localspl.dll
[2012/08/14 11:56:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/08/14 11:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012/08/14 11:55:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2012/08/13 00:44:36 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Roaming\Malwarebytes
[2012/08/13 00:44:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/13 00:44:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/13 00:44:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/13 00:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/13 00:15:00 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{DE126B12-75A3-452E-A1F8-068D1D68380D}
[2012/08/13 00:14:27 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{7DD715AB-4D45-496E-9483-3408F1D21F45}
[2012/08/10 02:19:11 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\Garmin
[2012/08/10 02:08:23 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{BC3D1D35-ABD1-47AA-9E86-7F3CF6F4D270}
[2012/08/10 02:07:33 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{C177742E-6D09-407F-9213-C7D16DBA053E}
[2012/08/07 16:14:01 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\Apple Computer
[2012/07/29 21:53:59 | 000,000,000 | ---D | C] -- C:\Users\Helene\AppData\Local\{2A6D4AC4-0EF5-4F69-93D9-39EDAB5C5CD7}
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/08/25 16:22:25 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Helene\Desktop\OTL.exe
[2012/08/25 16:06:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/25 15:54:00 | 000,000,912 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57964471-1374911142-2031730832-1000UA.job
[2012/08/25 15:26:22 | 000,000,512 | ---- | M] () -- C:\Users\Helene\Desktop\MBR.dat
[2012/08/25 15:06:12 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Helene\Desktop\aswMBR(1).exe
[2012/08/25 15:04:14 | 002,211,928 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Helene\Desktop\tdsskiller(2).exe
[2012/08/25 14:48:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 14:48:26 | 000,013,440 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/25 14:41:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/25 14:40:56 | 3213,479,936 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/25 14:21:39 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012/08/25 13:07:31 | 004,738,846 | R--- | M] (Swearware) -- C:\Users\Helene\Desktop\ComboFix.exe
[2012/08/25 12:58:00 | 000,881,581 | ---- | M] () -- C:\Users\Helene\Desktop\SecurityCheck.exe
[2012/08/25 09:53:44 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/08/25 09:53:44 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/08/25 09:48:18 | 000,729,944 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/08/25 09:48:18 | 000,626,290 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/08/25 09:48:18 | 000,107,566 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/08/24 09:09:02 | 000,000,512 | ---- | M] () -- C:\Users\Helene\Documents\MBR.dat
[2012/08/23 23:52:31 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Helene\Desktop\dds.com
[2012/08/23 19:54:00 | 000,000,860 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-57964471-1374911142-2031730832-1000Core.job
[2012/08/23 14:07:23 | 006,311,582 | ---- | M] () -- C:\Users\Helene\Documents\sendtoonenote.tif
[2012/08/23 00:37:04 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/22 13:15:10 | 000,000,090 | ---- | M] () -- C:\Windows\QBChanUtil_Trigger.ini
[2012/08/21 19:06:17 | 000,044,166 | ---- | M] () -- C:\Users\Helene\Documents\4gordon.wpd
[2012/08/21 02:17:07 | 000,002,560 | ---- | M] () -- C:\Windows\_MSRSTRT.EXE
[2012/08/21 01:49:35 | 000,003,211 | ---- | M] () -- C:\Users\Helene\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/21 01:32:48 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012/08/21 01:32:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012/08/21 01:32:48 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012/08/21 01:32:47 | 000,772,592 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012/08/21 01:32:47 | 000,687,600 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012/08/21 01:29:28 | 000,001,126 | ---- | M] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012/08/20 16:23:04 | 000,001,961 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/20 09:04:48 | 000,072,071 | ---- | M] () -- C:\Users\Helene\Documents\3gordon.wpd
[2012/08/20 08:55:15 | 000,062,175 | ---- | M] () -- C:\Users\Helene\Documents\rdesigns.wpd
[2012/08/20 08:31:06 | 000,404,623 | ---- | M] () -- C:\Users\Helene\Documents\LIST.WPD
[2012/08/18 12:21:28 | 000,000,926 | ---- | M] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/08/16 11:49:35 | 000,077,779 | ---- | M] () -- C:\Users\Helene\Documents\envelopes.wpd
[2012/08/15 10:34:04 | 000,635,680 | ---- | M] () -- C:\Users\Helene\Documents\BlueCrossBlueShieldGuestMembership--12-13.pdf
[2012/08/15 10:22:05 | 002,804,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/14 12:14:27 | 000,001,365 | ---- | M] () -- C:\Windows\wininit.ini
[2012/08/14 11:56:03 | 000,001,282 | ---- | M] () -- C:\Users\Helene\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/14 11:56:03 | 000,001,258 | ---- | M] () -- C:\Users\Helene\Desktop\Spybot - Search & Destroy.lnk
[2012/08/13 18:48:43 | 000,623,852 | ---- | M] () -- C:\Users\Helene\Documents\Camper Tires.pdf
[2012/08/10 01:11:15 | 000,038,627 | ---- | M] () -- C:\Users\Helene\Documents\campertires.wpd
[2012/08/02 10:40:51 | 000,046,229 | ---- | M] () -- C:\Users\Helene\Documents\1kraemer.wpd
[2012/08/02 10:07:30 | 000,048,594 | ---- | M] () -- C:\Users\Helene\Documents\kraemer.wpd
[2012/08/02 10:02:48 | 000,070,210 | ---- | M] () -- C:\Users\Helene\Documents\4olbrys.wpd
[2012/07/30 08:52:03 | 000,052,936 | ---- | M] () -- C:\Users\Helene\Documents\north.qpw
[2012/07/28 16:52:30 | 000,016,896 | ---- | M] () -- C:\Users\Helene\Documents\Camper.sig
[2012/07/28 15:20:30 | 000,016,423 | ---- | M] () -- C:\Users\Helene\Documents\deposit.qpw
[2012/07/28 15:17:54 | 000,376,625 | ---- | M] () -- C:\Users\Helene\Documents\QVC.pdf
[2012/07/28 13:05:41 | 000,058,451 | ---- | M] () -- C:\Users\Helene\Documents\1fahey.wpd
[2012/07/28 12:27:27 | 000,067,400 | ---- | M] () -- C:\Users\Helene\Documents\fahey.wpd
[2012/07/28 09:10:29 | 000,002,044 | ---- | M] () -- C:\Users\Helene\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2012/07/27 10:29:36 | 000,749,051 | ---- | M] () -- C:\Users\Helene\Documents\Oven Barbecued Chicken.pdf
[4 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/08/25 15:26:22 | 000,000,512 | ---- | C] () -- C:\Users\Helene\Desktop\MBR.dat
[2012/08/25 13:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/25 13:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/25 13:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/25 13:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/25 13:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/25 12:58:15 | 000,881,581 | ---- | C] () -- C:\Users\Helene\Desktop\SecurityCheck.exe
[2012/08/24 09:09:02 | 000,000,512 | ---- | C] () -- C:\Users\Helene\Documents\MBR.dat
[2012/08/23 00:37:04 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/21 02:17:07 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2012/08/21 01:49:35 | 000,003,211 | ---- | C] () -- C:\Users\Helene\Desktop\Sophos Virus Removal Tool.lnk
[2012/08/21 01:29:28 | 000,001,126 | ---- | C] () -- C:\Users\Public\Desktop\Foxit Reader 5.1.lnk
[2012/08/20 23:20:55 | 000,000,830 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/08/20 09:07:56 | 000,044,166 | ---- | C] () -- C:\Users\Helene\Documents\4gordon.wpd
[2012/08/20 08:31:35 | 000,072,071 | ---- | C] () -- C:\Users\Helene\Documents\3gordon.wpd
[2012/08/18 14:59:15 | 000,001,174 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/08/18 14:21:24 | 000,001,069 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2012/08/18 14:15:53 | 000,001,961 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/08/18 12:21:28 | 000,000,926 | ---- | C] () -- C:\Users\Public\Desktop\LogMeIn Hamachi.lnk
[2012/08/16 20:52:24 | 000,062,175 | ---- | C] () -- C:\Users\Helene\Documents\rdesigns.wpd
[2012/08/15 10:19:50 | 000,635,680 | ---- | C] () -- C:\Users\Helene\Documents\BlueCrossBlueShieldGuestMembership--12-13.pdf
[2012/08/14 12:14:23 | 000,001,365 | ---- | C] () -- C:\Windows\wininit.ini
[2012/08/14 11:56:03 | 000,001,282 | ---- | C] () -- C:\Users\Helene\Application Data\Microsoft\Internet Explorer\Quick Launch\Spybot - Search & Destroy.lnk
[2012/08/14 11:56:03 | 000,001,258 | ---- | C] () -- C:\Users\Helene\Desktop\Spybot - Search & Destroy.lnk
[2012/08/13 18:48:43 | 000,623,852 | ---- | C] () -- C:\Users\Helene\Documents\Camper Tires.pdf
[2012/08/09 23:30:52 | 000,038,627 | ---- | C] () -- C:\Users\Helene\Documents\campertires.wpd
[2012/08/02 10:09:42 | 000,046,229 | ---- | C] () -- C:\Users\Helene\Documents\1kraemer.wpd
[2012/07/28 16:29:21 | 000,016,896 | ---- | C] () -- C:\Users\Helene\Documents\Camper.sig
[2012/07/28 15:17:49 | 000,376,625 | ---- | C] () -- C:\Users\Helene\Documents\QVC.pdf
[2012/07/27 10:29:28 | 000,749,051 | ---- | C] () -- C:\Users\Helene\Documents\Oven Barbecued Chicken.pdf
[2012/05/18 12:52:29 | 000,003,374 | ---- | C] () -- C:\Users\Helene\AppData\Local\recently-used.xbel
[2012/05/18 12:41:54 | 000,000,600 | ---- | C] () -- C:\Users\Helene\AppData\Roaming\winscp.rnd
[2012/03/14 17:45:41 | 000,000,000 | ---- | C] () -- C:\Windows\Textart.INI
[2011/09/24 12:57:11 | 000,372,736 | ---- | C] () -- C:\Windows\SysWow64\GTTunerCard.dll
[2011/09/24 12:57:11 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ThumbExtract.dll
[2011/09/24 12:57:10 | 000,175,104 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011/08/26 12:03:50 | 005,601,222 | ---- | C] () -- C:\Users\Helene\KMS Statement Logo.bmp
[2011/06/08 09:48:07 | 000,001,207 | ---- | C] () -- C:\Users\Helene\My Documents - Shortcut.lnk
[2011/04/09 13:40:21 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/02/21 11:30:38 | 000,023,160 | ---- | C] () -- C:\Windows\hpqins15.dat
[2011/02/20 15:46:17 | 000,224,056 | ---- | C] () -- C:\Windows\hpwins19.dat
[2011/02/20 15:46:17 | 000,000,673 | ---- | C] () -- C:\Windows\hpwmdl19.dat
[2011/02/04 12:04:55 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/27 15:10:56 | 000,743,538 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010/05/13 22:49:08 | 000,132,528 | ---- | C] () -- C:\Users\Helene\AppData\Local\RAContactHistory.xml
[2010/03/12 02:31:13 | 000,007,597 | ---- | C] () -- C:\Users\Helene\AppData\Local\Resmon.ResmonCfg
[2010/01/19 02:44:47 | 000,004,608 | ---- | C] () -- C:\Users\Helene\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/20 21:56:09 | 000,000,677 | ---- | C] () -- C:\Users\Helene\Helene - Shortcut.lnk
[2009/12/14 01:09:31 | 000,061,678 | ---- | C] () -- C:\Users\Helene\AppData\Roaming\PFP110JPR.{PB
[2009/12/14 01:09:31 | 000,012,358 | ---- | C] () -- C:\Users\Helene\AppData\Roaming\PFP110JCM.{PB

========== Alternate Data Streams ==========

@Alternate Data Stream - 749 bytes -> C:\Users\Helene\Documents\Cash Boudreaux.eml:OECustomProperty
@Alternate Data Stream - 740 bytes -> C:\Users\Helene\Documents\Suggestion Please!.eml:OECustomProperty
@Alternate Data Stream - 720 bytes -> C:\Users\Helene\Documents\Re_ Suggestion Please!.eml:OECustomProperty
@Alternate Data Stream - 64 bytes -> C:\Users\Helene\Documents\Zombieland.avi:TOC.WMV
@Alternate Data Stream - 614 bytes -> C:\Users\Helene\Documents\Fw_ Suggestion Please!.eml:OECustomProperty
@Alternate Data Stream - 608 bytes -> C:\Users\Helene\Documents\Reply.eml:OECustomProperty

< End of report >

Thanks again.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 05:28 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - user.js - File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_271.dll File not found
    FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll File not found
    O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
    O3 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found.
    O3 - HKU\S-1-5-21-57964471-1374911142-2031730832-1000\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
    O4:64bit: - HKLM..\Run: [ftmps] rundll32.exe "C:\Users\Helene\AppData\Roaming\ftmps.dll",CreateInfoWindow File not found
    O4:64bit: - HKLM..\Run: [macrat] "C:\Windows\System32\rundll32.exe" "C:\Users\Helene\AppData\Roaming\macrat.dll",read_end File not found
    O8:64bit: - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
    O18:64bit: - Protocol\Handler\intu-help-qb3 - No CLSID value found
    O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
    O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
    O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
    O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
    O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
    O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    @Alternate Data Stream - 749 bytes -> C:\Users\Helene\Documents\Cash Boudreaux.eml:OECustomProperty
    @Alternate Data Stream - 740 bytes -> C:\Users\Helene\Documents\Suggestion Please!.eml:OECustomProperty
    @Alternate Data Stream - 720 bytes -> C:\Users\Helene\Documents\Re_ Suggestion Please!.eml:OECustomProperty
    @Alternate Data Stream - 64 bytes -> C:\Users\Helene\Documents\Zombieland.avi:TOC.WMV
    @Alternate Data Stream - 614 bytes -> C:\Users\Helene\Documents\Fw_ Suggestion Please!.eml:OECustomProperty
    @Alternate Data Stream - 608 bytes -> C:\Users\Helene\Documents\Reply.eml:OECustomProperty  
    FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:1.1.2
    FF - prefs.js..extensions.enabledItems: searchsettings@spigot.com:1.2.3
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.9.1.14019
    [2010/01/29 18:28:13 | 000,002,217 | ---- | M] () -- C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\askcom.xml
    [1832/11/29 00:37:17 | 000,004,804 | ---- | M] () (No name found) -- C:\USERS\HELENE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BKBZY0AF.DEFAULT\EXTENSIONS\ZYOAZZLNEY@ZYOAZZLNEY.ORG.XPI
    :Files
    C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa
    C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl
    C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk
    C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 August 2012 - 05:45 PM

========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry value HKEY_USERS\S-1-5-21-57964471-1374911142-2031730832-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_USERS\S-1-5-21-57964471-1374911142-2031730832-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ftmps deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\macrat deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Append Link Target to Existing PDF\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\intu-help-qb3\ deleted successfully.
File Protocol\Handler\intu-help-qb3 - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
File Protocol\Handler\skype-ie-addon-data - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
ADS C:\Users\Helene\Documents\Cash Boudreaux.eml:OECustomProperty deleted successfully.
ADS C:\Users\Helene\Documents\Suggestion Please!.eml:OECustomProperty deleted successfully.
ADS C:\Users\Helene\Documents\Re_ Suggestion Please!.eml:OECustomProperty deleted successfully.
ADS C:\Users\Helene\Documents\Zombieland.avi:TOC.WMV deleted successfully.
ADS C:\Users\Helene\Documents\Fw_ Suggestion Please!.eml:OECustomProperty deleted successfully.
ADS C:\Users\Helene\Documents\Reply.eml:OECustomProperty deleted successfully.
Prefs.js: pdfforge@mybrowserbar.com:1.1.2 removed from extensions.enabledItems
Prefs.js: searchsettings@spigot.com:1.2.3 removed from extensions.enabledItems
Prefs.js: toolbar@ask.com:3.9.1.14019 removed from extensions.enabledItems
C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\searchplugins\askcom.xml moved successfully.
C:\Users\Helene\AppData\Roaming\Mozilla\Firefox\Profiles\bkbzy0af.default\extensions\zyoazzlney@zyoazzlney.org.xpi moved successfully.
========== FILES ==========
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0\i folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa\1.0 folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhflopcljabdklmedgglmkihdnongdaa folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl\1.0\i folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl\1.0 folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\giigmfllkbnekpcfdckipcdkdpinhpgl folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk\1.0\i folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk\1.0 folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\khoppfeapecnfbjkbibiljlffnhlpndk folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2\i folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip\2 folder moved successfully.
C:\Users\Helene\AppData\Local\Google\Chrome\User Data\Default\Extensions\okmcbgkkeagngnijeiighgblfljbekip folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Helene\Desktop\cmd.bat deleted successfully.
C:\Users\Helene\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Helene
->Java cache emptied: 29140686 bytes

User: Kevin
->Java cache emptied: 0 bytes

User: OLD HOMEPC1

User: Public

Total Java Files Cleaned = 28.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56468 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Helene
->Flash cache emptied: 56979 bytes

User: Kevin
->Flash cache emptied: 56468 bytes

User: OLD HOMEPC1

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.58.1 log created on 08252012_184317


And I'm checking the redirecting stuff now.....
Seems to still be doing it in Chrome, not IE/Firefox it seems.

Edited by 7sunami, 25 August 2012 - 05:49 PM.


#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 05:57 PM

Greetings


I want you to uninstall chrome and if asked about user data or settings I want you to remove that also


restart the computer and reinstall chrome and check it out



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 25 August 2012 - 06:19 PM

Just followed that and Chrome seems fine... As do the rest of the browsers. Any other final checks I can run?

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 25 August 2012 - 08:44 PM

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidentally close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a log file button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the Analyze This button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 26 August 2012 - 11:26 AM

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.26.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Helene :: KEVCO [administrator]

8/26/2012 12:16:20 PM
mbam-log-2012-08-26 (12-16-20).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 227099
Time elapsed: 4 minute(s), 3 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:23:23 PM, on 8/26/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16448)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe
C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
C:\Program Files (x86)\HP2\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Users\Helene\Downloads\HijackThis(1).exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [QuickFinder Scheduler] "C:\Program Files (x86)\WordPerfect Office 11\Programs\QFSCHD110.EXE"
O4 - HKLM\..\Run: [Intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP2\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Dyyno Launcher] "C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\dyyno_launcher.exe" 30100 30101 30102 30103 30104
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP2\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: CLDTVHNService - Unknown owner - C:\Program Files (x86)\DirecTV\DirecTV\Kernel\DMP\CLDTVHNService.exe
O23 - Service: Dyyno Service (Dyyno Launcher) - Unknown owner - C:\Program Files (x86)\Dyyno\Dyyno Broadcaster\launcherd.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: QBCFMonitorService - Intuit - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - c:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files (x86)\Secunia\PSI\sua.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12409 bytes

Computer seems clean... no more redirecting. My mom (the normal user of the computer) hasn't had any problems.

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:56 PM

Posted 26 August 2012 - 04:14 PM

Greetings

These logs are looking very good, we are almost done!!! Just one more scan to go.

:Remove unneeded start-up entries:

This part of the fix is purely optional
These are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster.

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    • O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqSRMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP2\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Helene\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: Event Planner Reminder.lnk = C:\Program Files (x86)\Creative Home\Hallmark Card Studio 2011 Deluxe\Planner\PLNRnote.exe
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP2\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: MySoftware NewsFlash.lnk = C:\Program Files (x86)\Common Files\MySoftware\NewsFlsh.exe
  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

    NOTE**You can research each of those lines >here< and see if you want to keep them or not
    just copy the name between the brackets and paste into the search space
    O4 - HKLM\..\Run: [IntelliPoint]


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

Eset Online Scanner

**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as admin

Go Eset web page to run an online scanner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the Run ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the add/on to be installed
    • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • wait for the virus definitions to be downloaded
  • Wait for the scan to finish

When the scan is complete

  • If no threats were found
  • put a checkmark in "Uninstall application on close"
  • close program
  • report to me that nothing was found

  • If threats were found
  • click on "list of threats found"
  • click on "export to text file" and save it as ESET SCAN and save to the desktop
  • Click on back
  • put a checkmark in "Uninstall application on close"
  • click on finish
  • close program
  • copy and paste the report here


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 7sunami

7sunami
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:10:56 PM

Posted 26 August 2012 - 09:17 PM

I only took a few of the startup applications out... I know my mom uses quite a few of them.

Eset results:
C:\Users\Helene\Downloads\winscp437setup-sponsored.exe Win32/OpenCandy application




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users