Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Stop Error 8E - Possible Virus


  • This topic is locked This topic is locked
28 replies to this topic

#1 Reko23

Reko23

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 05 November 2012 - 05:47 AM

Hi,

I am trying to help a co-worker with his laptop computer... he does not have a recover disc for Vista... I am hoping to get around that because the computer is about 5 years old and I don't want him to throw money at this problem... I'm not sure this computer is worth it.

Upon start up, the Compac laptop will get to the point where it asks for the password... but when you type the password in, the BSOD comes up with an 0x0000008E stop error... but it is wierd because if you wait a few minutes before typing the password in, it will also pop up with the BSOD and the 8E error.

I ran the memory test and it does not show any problems. It has plenty of hard drive space too. I did the File system check and that comes back good too.

I have run several scanners like Malwarebytes in safe mode, and dozens of virus's have been quarentined, but I still can not log on in anything but safe mode.

Safe mode will run all day, no problem.

I have tried system restore, but not one of the restore points are any good.

The only other thing I can think of is to buy a Vista system disk and reload the operating system. Problem is, I'm not sure if that will work and I don't want to waste his money on an old operating system for an old computer when you can get a new one better than this for $300.

Any help will be appreciated.

Here are my logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-19.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 12/29/2008 12:10:50 PM
System Uptime: 11/4/2012 4:23:16 AM (0 hours ago)
.
Motherboard: Wistron | | 3612
Processor: Intel® Pentium® Dual CPU T3400 @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 222 GiB total, 145.591 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 10.8 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Activation Assistant for the 2007 Microsoft Office suites
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.1.0)
Adobe Shockwave Player
aiofw
aioocr
aioprnt
aioscnnr
American Adventure
Apple Application Support
Ask Toolbar
Atheros Driver Installation Program
CCScore
center
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conexant HD Audio
Coupon Printer for Windows
CouponBar
CyberLink DVD Suite
ESSBrwr
ESSCDBK
ESScore
ESSgui
ESSini
ESSPCD
ESSPDock
ESSTOOLS
essvatgt
ESU for Microsoft Vista
Fast Browser Search (My Web Tattoo)
fflink
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
HDAUDIO Soft Data Fax Modem with SmartCP
Help_CTR
helptut
helpug
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Doc Viewer
HP DVD Play 3.7
HP Games
HP Help and Support
HP Quick Launch Buttons 6.40 H2
HP Total Care Advisor
HP Update
HP User Guides 0118
HP Wireless Assistant
HPAsset component for HP Active Support Library
HPNetworkAssistant
HPTCSSetup
Intel® Graphics Media Accelerator Driver
Java Auto Updater
Java™ 6 Update 23
Java™ 6 Update 7
Juno Preloader
kgcbaby
kgchday
kgchlwn
kgcinvt
kgckids
kgcmove
kgcvday
Kodak EasyShare software
ksdip
LabelPrint
Lexmark Z2400 Series
LightScribe System Software 1.14.17.1
Masque IGT Slots Wolf Run
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Live Search Toolbar
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Works
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal
netbrdg
NetWaiting
Norton Internet Security
OfotoXMI
OGA Notifier 2.0.0048.0
Power2Go
PowerDirector
Primo
QuickTime
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek USB 2.0 Card Reader
Runtime
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
SFR
SHASTA
skin0001
SKINXSDK
Spelling Dictionaries Support For Adobe Reader 9
staticcr
Synaptics Pointing Device Driver
The Weather Channel Desktop 6
The Weather Channel Toolbar
tooltips
Unity Web Player
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
Upromise TurboSaver (remove only)
VPRINTOL
WIRELESS
Yahoo! BrowserPlus 2.9.8
.
==== End Of File ===========================

...and...

DDS (Ver_2012-10-19.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16421
Run by Kim at 4:32:02 on 2012-11-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.1335 [GMT -5:00]
.
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Kim\Downloads\nuancepdf_d165400.exe
C:\Users\Kim\Downloads\nuancepdf_d165400.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
BHO: <No Name>: {01489D7E-69A5-4740-9F0E-F66D246E1F8d} -
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
BHO: TTB000000 Class: {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} -
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.8.0.41\IPSBHO.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} -
BHO: DCA BHO: {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} -
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Upromise TurboSaver: {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} -
BHO: {F0626A63-410B-45E2-99A1-3F2475B2D695} - <orphaned>
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} -
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: Upromise TurboSaver: {06E58E5E-F8CB-4049-991E-A41C03BD419E} -
TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} -
TB: CouponBar: {5BED3930-2E9E-76D8-BACC-80DF2188D455} -
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
uRun: [Norton Download Manager{NIS202019-SHPD-FSD31014}] c:\users\public\downloads\norton\{nis202019-shpd-fsd31014}\setup.exe /m
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [lxdqmon.exe] "c:\program files\lexmark z2400 series\lxdqmon.exe"
mRun: [lxdqamon] "c:\program files\lexmark z2400 series\lxdqamon.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [GoogleUpdate] c:\users\kim\appdata\local\google\googleupdate\Googleupdt32.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {06E58E5E-F8CB-4049-991E-A41C03BD419E} - {06E58E5E-F8CB-4049-991E-A41C03BD419E} -
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 24.247.24.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2} : DHCPNameServer = 172.168.20.1
TCP: Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7} : DHCPNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.0.41\CoIEPlg.dll
Notify: igfxcui - igfxdev.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008000.029\SymEFA.sys [2010-1-27 310320]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008000.029\BHDrvx86.sys [2010-1-27 259632]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008000.029\cchpx86.sys [2010-1-27 482432]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100604.004\IDSvix86.sys [2010-6-8 344112]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca2cc0c81ab950;Google Update Service (gupdate1ca2cc0c81ab950);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S2 KodakSvc;Kodak AiO Device Service;c:\program files\kodak\printer\center\KodakSvc.exe [2008-2-28 18944]
S2 lxdq_device;lxdq_device;c:\windows\system32\lxdqcoms.exe -service --> c:\windows\system32\lxdqcoms.exe -service [?]
S2 lxdqCATSCustConnectService;lxdqCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdqserv.exe [2007-12-4 98984]
S2 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.8.0.41\ccSvcHst.exe [2010-1-27 117640]
S2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\sminst\BLService.exe [2008-10-23 365952]
S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-3 133104]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
S3 SYMNDISV;Symantec Network Filter Driver;c:\windows\system32\drivers\nis\1008000.029\symndisv.sys [2010-1-27 48688]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-11-04 05:40:56 -------- d-sh--w- C:\$RECYCLE.BIN
2012-11-04 05:40:53 -------- d-----w- c:\users\kim\appdata\local\temp
2012-11-04 00:51:37 123904 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-11-04 00:06:46 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-03 01:25:49 -------- d-----w- c:\windows\pss
2012-11-03 00:26:09 -------- d-----w- c:\program files\ESET
2012-11-02 23:55:33 98816 ----a-w- c:\windows\sed.exe
2012-11-02 23:55:33 256000 ----a-w- c:\windows\PEV.exe
2012-11-02 23:55:33 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M ====================
.
2012-09-29 23:54:26 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 08:36:14 54016 ----a-w- c:\windows\system32\drivers\tsqgdjls.sys
.
============= FINISH: 4:33:45.23 ===============

...ans...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-11-04 11:46:51
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250320AS rev.HP07
Running: 9gedn8eh.exe; Driver: C:\Users\Kim\AppData\Local\Temp\uwldqpow.sys


---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Kim\AppData\Local\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\iexplore.exe[264] kernel32.dll!CreateThread 76A1CB2E 5 Bytes JMP 71A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!SetWindowsHookExW 756D87AD 5 Bytes JMP 71AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!CallNextHookEx 756D8E3B 5 Bytes JMP 71AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!UnhookWindowsHookEx 756D98DB 5 Bytes JMP 71AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!EnableWindow 756DCD8B 5 Bytes JMP 71AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DefWindowProcA 756DDB88 7 Bytes JMP 71A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!CreateWindowExA 756DDC2A 2 Bytes JMP 71A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!CreateWindowExA + 3 756DDC2D 2 Bytes [3A, FC] {CMP BH, AH}
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!CreateWindowExW 756E1305 5 Bytes JMP 71ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DefWindowProcW 756F03B4 7 Bytes JMP 71AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxParamW 757010B0 5 Bytes JMP 71A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxIndirectParamW 75702EF5 5 Bytes JMP 71C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxParamA 75718152 5 Bytes JMP 71C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!DialogBoxIndirectParamA 7571847D 5 Bytes JMP 71C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxIndirectA 7572D4D9 5 Bytes JMP 71C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxIndirectW 7572D5D3 5 Bytes JMP 71C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxExA 7572D639 5 Bytes JMP 71C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] USER32.dll!MessageBoxExW 7572D65D 5 Bytes JMP 71C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[264] ole32.dll!OleLoadFromStream 759C1E80 5 Bytes JMP 71C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] kernel32.dll!CreateThread 76A1CB2E 5 Bytes JMP 71A771CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!SetWindowsHookExW 756D87AD 5 Bytes JMP 71AB204C C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!CallNextHookEx 756D8E3B 5 Bytes JMP 71AD7A4F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!UnhookWindowsHookEx 756D98DB 5 Bytes JMP 71AFEA08 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!EnableWindow 756DCD8B 5 Bytes JMP 71AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DefWindowProcA 756DDB88 7 Bytes JMP 71A793F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!CreateWindowExA 756DDC2A 2 Bytes JMP 71A83223 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!CreateWindowExA + 3 756DDC2D 2 Bytes [3A, FC] {CMP BH, AH}
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!CreateWindowExW 756E1305 5 Bytes JMP 71ADFE2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DefWindowProcW 756F03B4 7 Bytes JMP 71AD7AB2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxParamW 757010B0 5 Bytes JMP 71A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxIndirectParamW 75702EF5 5 Bytes JMP 71C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxParamA 75718152 5 Bytes JMP 71C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!DialogBoxIndirectParamA 7571847D 5 Bytes JMP 71C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxIndirectA 7572D4D9 5 Bytes JMP 71C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxIndirectW 7572D5D3 5 Bytes JMP 71C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxExA 7572D639 5 Bytes JMP 71C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] USER32.dll!MessageBoxExW 7572D65D 5 Bytes JMP 71C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[964] ole32.dll!OleLoadFromStream 759C1E80 5 Bytes JMP 71C06676 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!EnableWindow 756DCD8B 5 Bytes JMP 71AB98BC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxParamW 757010B0 5 Bytes JMP 71A115E3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxIndirectParamW 75702EF5 5 Bytes JMP 71C05E8E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxParamA 75718152 5 Bytes JMP 71C05E29 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!DialogBoxIndirectParamA 7571847D 5 Bytes JMP 71C05EF3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxIndirectA 7572D4D9 5 Bytes JMP 71C05DB0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxIndirectW 7572D5D3 5 Bytes JMP 71C05D37 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxExA 7572D639 5 Bytes JMP 71C05CD3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[1880] USER32.dll!MessageBoxExW 7572D65D 5 Bytes JMP 71C05C6F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Control@SystemStartOptions /NOEXECUTE=OPTIN
Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 644
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Configuration Manager@BackupCount 2
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management@ExistingPageFiles \??\C:\pagefile.sys?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 727
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 329776101
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@VideoInitTime 15
Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID fd39c1d0-b1d2-43f8-9e2d-738d84b
Reg HKLM\SYSTEM\CurrentControlSet\Control\TimeZoneInformation@ActiveTimeBias 240
Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@ReadyBootPlanUsage 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\Ecache\Parameters@LastBootStatus 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1156
Reg HKLM\SYSTEM\CurrentControlSet\Services\SynTP\Parameters@DetectTimeMS 1043
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters@DhcpNameServer 10.0.0.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@DhcpIPAddress 10.0.0.2
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@DhcpServer 10.0.0.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@LeaseObtainedTime 1316041161
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@T1 1316084361
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@T2 1316116761
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@LeaseTerminatesTime 1316127561
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@DhcpNameServer 10.0.0.1
Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}@DhcpDefaultGateway 10.0.0.1?
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Counter 7992
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Last Help 7993
Reg HKLM\SYSTEM\CurrentControlSet\Services\WmiApRpl\Performance@Object List 7798 7804 7816 7826 7836 7856 7900 7910 7948 7954 7970 7978
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Reliability@LastRestoreId {715041B3-F140-4A25-81FD-84B9BF1B446E}?????????????????????????
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce@*Restore C:\Windows\system32\rstrui.exe /RUNONCE
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Counter 7992
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib@Last Help 7993

---- EOF - GMER 1.0.15 ----

Thank you for your help.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 05 November 2012 - 09:25 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 06 November 2012 - 06:12 PM

Thank you, Gringo, for helping me out!

I can only start the computer in safe mode.

I ran all three programs you suggested and have attached the logs.

I still get the 8E stop error BSOD and the computer will only boot in safe mode.


Here is the log from Security Scan:

Results of screen317's Security Check version 0.99.54
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java™ 6 Update 23
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader X 10.1.0 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 1 %
````````````````````End of Log``````````````````````

Here is the log from ADWCleaner:

# AdwCleaner v2.007 - Logfile created 11/05/2012 at 21:58:12
# Updated 06/11/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Kim - KIM-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Kim\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Search Guard Plus Updater
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DBBBC528-9C8C-4051-9187-ED6F01A457C9}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{DD7C44CC-0F60-4FD9-A38F-5CF30D698AC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\CptUrlPassthru.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-api.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dca-bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{60260024-AA48-4A2F-84DA-2C2DCB24AAD0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{91C18ED5-5E1C-4AE5-A148-A861DE8C8E16}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor
Key Deleted : HKLM\SOFTWARE\Classes\CptUrlPassthru.hxxpMonitor.1
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca
Key Deleted : HKLM\SOFTWARE\Classes\dcabho.Dca.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{15527BF5-9729-49DC-889C-9F956983154C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F2CF666-0EC7-418E-B86A-459AD43BCAB1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A1F1ECD3-4806-44C6-A869-F0DADF11C57C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD05B915-F77B-474A-9D42-9FEEAF5475C4}
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbAx.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.HbInfoBand.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButton.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.IEButtonA.1
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl
Key Deleted : HKLM\SOFTWARE\Classes\ShoppingReport2.RprtCtrl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3007394
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{7BAB653D-88FB-4F60-AFC2-8E6FD59FAFF3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A57F7191-1E7F-4852-BAAF-F80A43E2687A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C8758BC4-4581-48C7-BA38-C1A650477AE9}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D44FD6F0-9746-484E-B5C4-C66688393872}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Guard Plus Updater
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TBSB07183.TBSB07183Toolbar
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.1] : icon_url ={"backup":{"_version":1,"homepage":true,"homepage_is_newtabpage":false,"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={93E257ED-C9FE-44B0-B728-B67F7BB34AC2}&mid=871d25ab9e2c47d0b126586b7cc23a3b-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=ft011&pr=sa&d=2012-05-27 12:03:11&v=11.1.1.7&sap=hp"]}},"browser":{"check_default_browser":false,"ntp":{"promo_image_remaining":0,"promo_line_remaining":0},"window_placement":{"bottom":728,"left":10,"maximized":true,"right":1060,"top":10,"work_area_bottom":740,"work_area_left":0,"work_area_right":1366,"work_area_top":0}},"countryid_at_install":21843,"default_search_provider":{"enabled":true,"encodings":"UTF-8","hxxp://www.google.com/favicon.ico","id":"2","instant_url":"{google:baseURL}webhp?{google:RLZ}sourceid=chrome-instant&{google:instantFieldTrialGroupParameter}ie={inputEncoding}&ion=1{searchTerms}&nord=1","keyword":"google.com","name":"Google","prepopulate_id":"1","search_url":"{google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}","suggest_url":"{google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}"},"distribution":{"create_all_shortcuts":true,"do_not_launch_chrome":true,"import_history":false,"import_search_engine":false,"make_chrome_default":false,"show_welcome_page":true,"skip_first_run_ui":true,"verbose_logging":false},"dns_prefetching":{"host_referral_list":[2,["hxxp://www.google.com/",["hxxp://ssl.gstatic.com/",2.27338020,"hxxp://www.google.com/",3.264340799999999]]],"startup_list":[1,"hxxp://ssl.gstatic.com/","hxxp://www.google.com/"]},"download":{"directory_upgrade":true,"extensions_to_open":""},"extensions":{"autoupdate":{"last_check":"12916620102888800","next_check":"12968017499613200"},"chrome_url_overrides":{"bookmarks":["chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html"]},"settings":{"eibbdeochnkpikpemgpmgneobicgahne":{"allowFileAccess":true,"app_launcher_index":0,"incognito":true,"install_time":"12968017138169200","location":4,"path":"C:\\Users\\Kim\\Local Settings\\Application Data\\Google\\Chrome\\User Data\\Default\\Default\\mgohfcmiegdhponamoblcmfagmniogmg","state":1}}},"google":{"services":{"username":""}},"homepage":"hxxps://isearch.avg.com/?cid={93E257ED-C9FE-44B0-B728-B67F7BB34AC2}&mid=871d25ab9e2c47d0b126586b7cc23a3b-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=ft011&pr=sa&d=2012-05-27 12:03:11&v=11.1.1.7&sap=hp","homepage_is_newtabpage":false,"hxxp_throttling":{"enabled":true},"ntp":{"alt_logo_end":0.0,"alt_logo_start":0.0,"pref_version":3,"promo_build":0,"promo_closed":false,"promo_end":1323071940.0,"promo_group":72,"promo_group_max":0,"promo_group_timeslice":0,"promo_line":"<a href=\"hxxp://www.google.com/chromebook/index.html#utm_campaign=en&utm_source=en-ntp-holidays-na-us-bkws&utm_medium=ntp-holidays\">Get a Chromebook for the holidays</a>: the computer powered by Chrome.","promo_resource_cache_update":"1323543544.8742","promo_start":1321862280.0,"shown_sections":1,"tips_cache":{"current_tip":9,"topic_id":"24013"},"tips_cache_update":"1272145999.9448","tips_server":"hxxps://clients2.google.com/tools/service/npredir?r=chrometips_win&hl=en-US","web_resource_cache_update":"1298998045.1444"},"plugins":{"enabled_internal_pdf3":true,"enabled_nacl":true,"last_internal_directory":"C:\\Program Files\\Google\\Chrome\\Application\\15.0.874.121","plugins_list":[{"enabled":true,"name":"Shockwave Flash","path":"C:\\Program Files\\Google\\Chrome\\Application\\15.0.874.121\\gcswf32.dll","version":"11,1,102,55"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin2.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin3.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin4.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin5.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin6.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"QuickTime Plug-in 7.7","path":"C:\\Program Files\\QuickTime\\plugins\\npqtplugin7.dll","version":"7.7 (1680.34)"},{"enabled":true,"name":"Java Deployment Toolkit 6.0.290.11","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npdeployJava1.dll","version":"6.0.290.11"},{"enabled":true,"name":"Java™ Platform SE 6 U29","path":"C:\\Program Files\\Java\\jre6\\bin\\new_plugin\\npjp2.dll","version":"6.0.290.11"},{"enabled":false,"name":"Adobe Acrobat","path":"C:\\Program Files\\Adobe\\Reader 10.0\\Reader\\Browser\\nppdf32.dll","version":"10.1.1.33"},{"enabled":true,"name":"Silverlight Plug-In","path":"c:\\Program Files\\Microsoft Silverlight\\4.0.60831.0\\npctrl.dll","version":"4.0.60831.0"},{"enabled":true,"name":"Shockwave for Director","path":"C:\\Windows\\system32\\Adobe\\Director\\np32dsw.dll","version":"11.0r465"},{"enabled":true,"name":"Remoting Viewer","path":"internal-remoting-viewer","version":""},{"enabled":true,"name":"Native Client","path":"C:\\Program Files\\Google\\Chrome\\Application\\15.0.874.121\\ppGoogleNaClPluginChrome.dll","version":""},{"enabled":true,"name":"Chrome PDF Viewer","path":"C:\\Program Files\\Google\\Chrome\\Application\\15.0.874.121\\pdf.dll","version":""},{"enabled":true,"name":"Google Update","path":"C:\\Program Files\\Google\\Update\\1.3.21.79\\npGoogleUpdate3.dll","version":"1.3.21.79"},{"enabled":true,"name":"Unity Player","path":"C:\\Users\\Kim\\AppData\\LocalLow\\Unity\\WebPlayer\\loader\\npUnity3D32.dll","version":"2.6.1.31223"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8","path":"C:\\Users\\Kim\\AppData\\Local\\Yahoo!\\BrowserPlus\\2.9.8\\Plugins\\npybrowserplus_2.9.8.dll","version":"2,9,8,0"},{"enabled":true,"name":"Windows Presentation Foundation","path":"c:\\Windows\\Microsoft.NET\\Framework\\v3.5\\Windows Presentation Foundation\\NPWPF.dll","version":"3.5.30729.1 built by: SP"},{"enabled":true,"name":"Default Plug-in","path":"default_plugin","version":"1"},{"enabled":true,"name":"Flash"},{"enabled":true,"name":"QuickTime"},{"enabled":true,"name":"Java"},{"enabled":false,"name":"Adobe Acrobat"},{"enabled":true,"name":"Silverlight"},{"enabled":true,"name":"Shockwave"},{"enabled":true,"name":"Remoting Viewer"},{"enabled":true,"name":"Native Client"},{"enabled":true,"name":"Chrome PDF Viewer"},{"enabled":true,"name":"Google Update"},{"enabled":true,"name":"Unity Player"},{"enabled":true,"name":"BrowserPlus (from Yahoo!) v2.9.8"},{"enabled":true,"name":"Windows Presentation Foundation"},{"enabled":true,"name":"Default Plug-in"}]},"profile":{"content_settings":{"pref_version":1},"exited_cleanly":true,"id":"not-signed-in","name":"","nickname":""},"session":{"restore_on_startup":4,"urls_to_restore_on_startup":["hxxps://isearch.avg.com/?cid={93E257ED-C9FE-44B0-B728-B67F7BB34AC2}&mid=871d25ab9e2c47d0b126586b7cc23a3b-b0d4f81a8999f5981f04537c5ec8468fd5234593&lang=en&ds=ft011&pr=sa&d=2012-05-27 12:03:11&v=11.1.1.7&sap=hp"]},"tabs":{"use_compact_navigation_bar":false,"use_vertical_tabs":false}}

*************************

AdwCleaner[S1].txt - [14042 octets] - [05/11/2012 21:58:12]

########## EOF - C:\AdwCleaner[S1].txt - [14103 octets] ##########


Here is the log from RoqueCleaner... ACTUALLY 2 logs appeared on my desk top:

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Kim [Admin rights]
Mode : Scan -- Date : 11/05/2012 20:07:08

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 6 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : GoogleUpdate (C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe) -> FOUND
[RUN][SUSP PATH] HKUS\S-1-5-18[...]\Run : GoogleUpdate (C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++
--- User ---
[MBR] 28354b71dd900f50c0dbef5ee4f719ea
[BSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227327 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 465567744 | Size: 11144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_11052012_02d2007.txt >>
RKreport[1]_S_11052012_02d2007.txt

...here is the second log:

RogueKiller V8.2.2 [11/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Blog: http://tigzyrk.blogspot.com

Operating System: Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Safe mode with network support
User : Kim [Admin rights]
Mode : Remove -- Date : 11/05/2012 20:07:44

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[RUN][SUSP PATH] HKUS\.DEFAULT[...]\Run : GoogleUpdate (C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9250320AS ATA Device +++++
--- User ---
[MBR] 28354b71dd900f50c0dbef5ee4f719ea
[BSP] d70ba7ca57d24e7090480f3d24fce7fb : Toshiba tatooed MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 227327 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 465567744 | Size: 11144 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2]_D_11052012_02d2007.txt >>
RKreport[1]_S_11052012_02d2007.txt ; RKreport[2]_D_11052012_02d2007.txt


THANK YOU AGAIN for all of your help!

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 06 November 2012 - 10:23 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 07 November 2012 - 12:59 AM

Hi,

The ComboFix log is pasted below.
No change from previous problem.
Still BSOD.
Still can only log on in Safe Mode.



ComboFix 12-11-06.03 - Kim 11/06/2012 0:40.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.1484 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 05:48 . 2012-11-06 05:48 -------- d-----w- c:\users\Kim\AppData\Local\temp
2012-11-06 05:48 . 2012-11-06 05:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 00:51 . 2008-06-10 18:54 123904 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-11-04 00:51 . 2012-11-04 00:51 -------- d-----w- c:\users\Kim\AppData\Roaming\InstallShield
2012-11-04 00:06 . 2012-11-04 00:06 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-03 00:26 . 2012-11-03 00:26 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2012-08-08 02:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-08 08:36 . 2012-08-08 08:36 54016 ----a-w- c:\windows\system32\drivers\tsqgdjls.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NIS202019-SHPD-FSD31014}"="c:\users\Public\Downloads\Norton\{NIS202019-SHPD-FSD31014}\setup.exe" [2012-11-04 915400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2007-12-17 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2007-12-17 16040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 18:02]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 18:02]
.
2011-09-14 c:\windows\Tasks\HPCeeScheduleForKim.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{01489D7E-69A5-4740-9F0E-F66D246E1F8d} - c:\windows\system32\wscui32.dll
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKU-Default-Run-GoogleUpdate - c:\users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe
AddRemove-Coupon Printer for Windows4.0 - c:\program files\Coupons\uninstall.exe
AddRemove-Coupon Printer for Windows5.0.0.0 - c:\program files\Coupons\uninstall.exe
AddRemove-Google Chrome - c:\program files\Google\Chrome\Application\13.0.782.220\Installer\setup.exe
AddRemove-Lexmark Z2400 Series - c:\program files\Lexmark Z2400 Series\Install\x86\Uninst.exe
AddRemove-Upromise TurboSaver - c:\program files\Upromise\uninstall.exe
AddRemove-{0E327F60-8679-4C52-B0CB-772049D70358} - c:\program files\InstallShield Installation Information\{0E327F60-8679-4C52-B0CB-772049D70358}\setup.exe
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_4E7D715D860E20E1.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 00:48
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-06 00:50:36
ComboFix-quarantined-files.txt 2012-11-06 05:50
ComboFix2.txt 2012-11-04 05:40
.
Pre-Run: 156,301,750,272 bytes free
Post-Run: 156,262,776,832 bytes free
.
- - End Of File - - E6D13669D50CBB0088089988728A3B25

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 07 November 2012 - 01:18 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 07 November 2012 - 06:16 PM

Here are the logs from TDSSKiller.exe and aswMBR.exe

The BSOD 8E stop error still exists and I still only have Safe Mode to log on... this is looking like a difficult problem.

Thank you, again, for working with me.


13:51:58.0440 0600 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:51:58.0706 0600 ============================================================
13:51:58.0706 0600 Current date / time: 2012/11/06 13:51:58.0706
13:51:58.0706 0600 SystemInfo:
13:51:58.0706 0600
13:51:58.0706 0600 OS Version: 6.0.6002 ServicePack: 2.0
13:51:58.0706 0600 Product type: Workstation
13:51:58.0706 0600 ComputerName: KIM-PC
13:51:58.0706 0600 UserName: Kim
13:51:58.0706 0600 Windows directory: C:\Windows
13:51:58.0706 0600 System windows directory: C:\Windows
13:51:58.0706 0600 Processor architecture: Intel x86
13:51:58.0706 0600 Number of processors: 2
13:51:58.0706 0600 Page size: 0x1000
13:51:58.0706 0600 Boot type: Safe boot with network
13:51:58.0706 0600 ============================================================
13:51:58.0924 0600 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:51:58.0924 0600 ============================================================
13:51:58.0924 0600 \Device\Harddisk0\DR0:
13:51:58.0924 0600 MBR partitions:
13:51:58.0924 0600 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1BBFFFC1
13:51:58.0924 0600 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1BC00000, BlocksNum 0x15C4000
13:51:58.0924 0600 ============================================================
13:51:58.0955 0600 C: <-> \Device\Harddisk0\DR0\Partition1
13:51:59.0111 0600 D: <-> \Device\Harddisk0\DR0\Partition2
13:51:59.0111 0600 ============================================================
13:51:59.0111 0600 Initialize success
13:51:59.0111 0600 ============================================================
13:52:00.0234 0376 ============================================================
13:52:00.0234 0376 Scan started
13:52:00.0234 0376 Mode: Manual;
13:52:00.0234 0376 ============================================================
13:52:00.0437 0376 ================ Scan system memory ========================
13:52:00.0437 0376 System memory - ok
13:52:00.0437 0376 ================ Scan services =============================
13:52:00.0687 0376 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
13:52:00.0687 0376 ACPI - ok
13:52:00.0827 0376 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:52:00.0827 0376 AdobeARMservice - ok
13:52:00.0858 0376 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
13:52:00.0858 0376 adp94xx - ok
13:52:00.0874 0376 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
13:52:00.0874 0376 adpahci - ok
13:52:00.0874 0376 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
13:52:00.0890 0376 adpu160m - ok
13:52:00.0890 0376 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
13:52:00.0890 0376 adpu320 - ok
13:52:00.0921 0376 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
13:52:00.0921 0376 AeLookupSvc - ok
13:52:00.0952 0376 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
13:52:00.0952 0376 AFD - ok
13:52:00.0968 0376 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
13:52:00.0968 0376 agp440 - ok
13:52:00.0999 0376 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
13:52:00.0999 0376 aic78xx - ok
13:52:01.0014 0376 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
13:52:01.0014 0376 ALG - ok
13:52:01.0030 0376 [ 3D76FDA1A10ACC3DC84728F55C29B6D4 ] aliide C:\Windows\system32\drivers\aliide.sys
13:52:01.0030 0376 aliide - ok
13:52:01.0046 0376 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
13:52:01.0046 0376 amdagp - ok
13:52:01.0077 0376 [ 5B92E7839F5A1FBC1B39DE67758AD6F8 ] amdide C:\Windows\system32\drivers\amdide.sys
13:52:01.0077 0376 amdide - ok
13:52:01.0092 0376 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
13:52:01.0092 0376 AmdK7 - ok
13:52:01.0108 0376 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
13:52:01.0108 0376 AmdK8 - ok
13:52:01.0139 0376 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
13:52:01.0139 0376 Appinfo - ok
13:52:01.0155 0376 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
13:52:01.0155 0376 arc - ok
13:52:01.0155 0376 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
13:52:01.0155 0376 arcsas - ok
13:52:01.0186 0376 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
13:52:01.0186 0376 AsyncMac - ok
13:52:01.0264 0376 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
13:52:01.0264 0376 atapi - ok
13:52:01.0373 0376 [ C8BB2E935A5D195692140E795EA9AC14 ] athr C:\Windows\system32\DRIVERS\athr.sys
13:52:01.0373 0376 athr - ok
13:52:01.0451 0376 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
13:52:01.0451 0376 AudioEndpointBuilder - ok
13:52:01.0467 0376 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
13:52:01.0467 0376 Audiosrv - ok
13:52:01.0482 0376 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
13:52:01.0482 0376 Beep - ok
13:52:01.0560 0376 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
13:52:01.0560 0376 BFE - ok
13:52:01.0748 0376 [ 76154FA6A742C613B44BB636B1A7C057 ] BHDrvx86 C:\Windows\System32\Drivers\NIS\1008000.029\BHDrvx86.sys
13:52:01.0748 0376 BHDrvx86 - ok
13:52:01.0841 0376 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
13:52:01.0841 0376 BITS - ok
13:52:01.0872 0376 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
13:52:01.0872 0376 blbdrive - ok
13:52:01.0935 0376 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
13:52:01.0935 0376 bowser - ok
13:52:01.0950 0376 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
13:52:01.0950 0376 BrFiltLo - ok
13:52:01.0966 0376 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
13:52:01.0966 0376 BrFiltUp - ok
13:52:01.0982 0376 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
13:52:01.0997 0376 Browser - ok
13:52:02.0013 0376 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
13:52:02.0013 0376 Brserid - ok
13:52:02.0028 0376 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
13:52:02.0028 0376 BrSerWdm - ok
13:52:02.0060 0376 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
13:52:02.0060 0376 BrUsbMdm - ok
13:52:02.0091 0376 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
13:52:02.0091 0376 BrUsbSer - ok
13:52:02.0106 0376 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
13:52:02.0106 0376 BTHMODEM - ok
13:52:02.0184 0376 [ 8973FF34B83572D867B5B928905AD5AC ] ccHP C:\Windows\System32\Drivers\NIS\1008000.029\ccHPx86.sys
13:52:02.0184 0376 ccHP - ok
13:52:02.0216 0376 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
13:52:02.0216 0376 cdfs - ok
13:52:02.0294 0376 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
13:52:02.0294 0376 cdrom - ok
13:52:02.0356 0376 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
13:52:02.0356 0376 CertPropSvc - ok
13:52:02.0387 0376 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
13:52:02.0387 0376 circlass - ok
13:52:02.0434 0376 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
13:52:02.0450 0376 CLFS - ok
13:52:02.0528 0376 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:52:02.0528 0376 clr_optimization_v2.0.50727_32 - ok
13:52:02.0637 0376 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:52:02.0637 0376 clr_optimization_v4.0.30319_32 - ok
13:52:02.0668 0376 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
13:52:02.0668 0376 CmBatt - ok
13:52:02.0668 0376 [ D36372A6EA6805EFBE8884D10772313F ] cmdide C:\Windows\system32\drivers\cmdide.sys
13:52:02.0668 0376 cmdide - ok
13:52:02.0715 0376 [ 1ADF6F4852E7D7E2E8AC481BDB970586 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
13:52:02.0715 0376 CnxtHdAudService - ok
13:52:02.0746 0376 [ 7795F8CEBC284A426B53F541E538695F ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
13:52:02.0746 0376 Com4QLBEx - ok
13:52:02.0746 0376 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
13:52:02.0762 0376 Compbatt - ok
13:52:02.0762 0376 COMSysApp - ok
13:52:02.0762 0376 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
13:52:02.0762 0376 crcdisk - ok
13:52:02.0793 0376 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
13:52:02.0793 0376 Crusoe - ok
13:52:02.0871 0376 [ FB27772BEAF8E1D28CCD825C09DA939B ] CryptSvc C:\Windows\system32\cryptsvc.dll
13:52:02.0871 0376 CryptSvc - ok
13:52:02.0949 0376 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
13:52:02.0949 0376 DcomLaunch - ok
13:52:03.0058 0376 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
13:52:03.0058 0376 DfsC - ok
13:52:03.0120 0376 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
13:52:03.0136 0376 DFSR - ok
13:52:03.0261 0376 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
13:52:03.0261 0376 Dhcp - ok
13:52:03.0386 0376 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
13:52:03.0386 0376 disk - ok
13:52:03.0479 0376 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
13:52:03.0495 0376 Dnscache - ok
13:52:03.0573 0376 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
13:52:03.0573 0376 dot3svc - ok
13:52:03.0588 0376 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
13:52:03.0588 0376 DPS - ok
13:52:03.0620 0376 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
13:52:03.0620 0376 drmkaud - ok
13:52:03.0698 0376 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
13:52:03.0698 0376 DXGKrnl - ok
13:52:03.0729 0376 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
13:52:03.0729 0376 E1G60 - ok
13:52:03.0744 0376 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
13:52:03.0744 0376 EapHost - ok
13:52:03.0822 0376 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
13:52:03.0822 0376 Ecache - ok
13:52:03.0869 0376 [ 089296AEDB9B72B4916AC959752BDC89 ] eeCtrl C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
13:52:03.0869 0376 eeCtrl - ok
13:52:03.0916 0376 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
13:52:03.0916 0376 ehRecvr - ok
13:52:03.0947 0376 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
13:52:03.0947 0376 ehSched - ok
13:52:03.0963 0376 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
13:52:03.0963 0376 ehstart - ok
13:52:03.0994 0376 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
13:52:03.0994 0376 elxstor - ok
13:52:04.0088 0376 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
13:52:04.0088 0376 EMDMgmt - ok
13:52:04.0103 0376 EraserUtilRebootDrv - ok
13:52:04.0134 0376 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
13:52:04.0134 0376 ErrDev - ok
13:52:04.0166 0376 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
13:52:04.0166 0376 EventSystem - ok
13:52:04.0244 0376 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
13:52:04.0244 0376 exfat - ok
13:52:04.0259 0376 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
13:52:04.0259 0376 fastfat - ok
13:52:04.0290 0376 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
13:52:04.0290 0376 fdc - ok
13:52:04.0322 0376 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
13:52:04.0322 0376 fdPHost - ok
13:52:04.0322 0376 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
13:52:04.0322 0376 FDResPub - ok
13:52:04.0337 0376 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
13:52:04.0353 0376 FileInfo - ok
13:52:04.0368 0376 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
13:52:04.0368 0376 Filetrace - ok
13:52:04.0384 0376 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
13:52:04.0384 0376 flpydisk - ok
13:52:04.0431 0376 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
13:52:04.0431 0376 FltMgr - ok
13:52:04.0493 0376 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
13:52:04.0493 0376 FontCache - ok
13:52:04.0540 0376 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:52:04.0540 0376 FontCache3.0.0.0 - ok
13:52:04.0634 0376 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
13:52:04.0634 0376 Fs_Rec - ok
13:52:04.0665 0376 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
13:52:04.0665 0376 gagp30kx - ok
13:52:04.0743 0376 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
13:52:04.0743 0376 GameConsoleService - ok
13:52:04.0821 0376 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
13:52:04.0821 0376 gpsvc - ok
13:52:04.0868 0376 gupdate1ca2cc0c81ab950 - ok
13:52:04.0868 0376 gupdatem - ok
13:52:04.0883 0376 gusvc - ok
13:52:04.0914 0376 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
13:52:04.0914 0376 HdAudAddService - ok
13:52:04.0977 0376 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
13:52:04.0992 0376 HDAudBus - ok
13:52:05.0008 0376 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
13:52:05.0008 0376 HidBth - ok
13:52:05.0039 0376 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
13:52:05.0039 0376 HidIr - ok
13:52:05.0102 0376 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
13:52:05.0102 0376 hidserv - ok
13:52:05.0180 0376 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
13:52:05.0180 0376 HidUsb - ok
13:52:05.0211 0376 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
13:52:05.0211 0376 hkmsvc - ok
13:52:05.0258 0376 [ A19B0BB5A7EB6DF2DD4A0711D36955EE ] HP Health Check Service c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
13:52:05.0258 0376 HP Health Check Service - ok
13:52:05.0273 0376 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
13:52:05.0273 0376 HpCISSs - ok
13:52:05.0289 0376 [ 35956140E686D53BF676CF0C778880FC ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
13:52:05.0289 0376 HpqKbFiltr - ok
13:52:05.0320 0376 [ 1665C7121A026DF10C903DB9BC5E9D43 ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
13:52:05.0320 0376 hpqwmiex - ok
13:52:05.0367 0376 [ CC267848CB3508E72762BE65734E764D ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
13:52:05.0367 0376 HSF_DPV - ok
13:52:05.0398 0376 [ A2882945CC4B6E3E4E9E825590438888 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
13:52:05.0398 0376 HSXHWAZL - ok
13:52:05.0429 0376 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
13:52:05.0429 0376 HTTP - ok
13:52:05.0445 0376 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
13:52:05.0460 0376 i2omp - ok
13:52:05.0460 0376 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
13:52:05.0460 0376 i8042prt - ok
13:52:05.0492 0376 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
13:52:05.0492 0376 iaStorV - ok
13:52:05.0538 0376 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:52:05.0538 0376 IDriverT - ok
13:52:05.0616 0376 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:52:05.0632 0376 idsvc - ok
13:52:05.0710 0376 [ 2EDD3504457691A10328079DA011D0B8 ] IDSVix86 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20100604.004\IDSvix86.sys
13:52:05.0710 0376 IDSVix86 - ok
13:52:05.0975 0376 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
13:52:06.0038 0376 igfx - ok
13:52:06.0038 0376 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
13:52:06.0038 0376 iirsp - ok
13:52:06.0147 0376 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
13:52:06.0162 0376 IKEEXT - ok
13:52:06.0178 0376 [ C7E7E43CBD34D3B0A0156B51B917DFCC ] IntcHdmiAddService C:\Windows\system32\drivers\IntcHdmi.sys
13:52:06.0178 0376 IntcHdmiAddService - ok
13:52:06.0194 0376 [ DD512A049BD7B4BCE8A83554C5EFF2C1 ] intelide C:\Windows\system32\drivers\intelide.sys
13:52:06.0194 0376 intelide - ok
13:52:06.0225 0376 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
13:52:06.0225 0376 intelppm - ok
13:52:06.0240 0376 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
13:52:06.0240 0376 IPBusEnum - ok
13:52:06.0256 0376 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:52:06.0256 0376 IpFilterDriver - ok
13:52:06.0287 0376 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
13:52:06.0287 0376 iphlpsvc - ok
13:52:06.0303 0376 IpInIp - ok
13:52:06.0334 0376 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
13:52:06.0334 0376 IPMIDRV - ok
13:52:06.0350 0376 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
13:52:06.0350 0376 IPNAT - ok
13:52:06.0381 0376 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
13:52:06.0381 0376 IRENUM - ok
13:52:06.0412 0376 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
13:52:06.0412 0376 isapnp - ok
13:52:06.0474 0376 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
13:52:06.0474 0376 iScsiPrt - ok
13:52:06.0490 0376 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
13:52:06.0490 0376 iteatapi - ok
13:52:06.0490 0376 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
13:52:06.0506 0376 iteraid - ok
13:52:06.0506 0376 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
13:52:06.0506 0376 kbdclass - ok
13:52:06.0521 0376 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
13:52:06.0521 0376 kbdhid - ok
13:52:06.0599 0376 [ 3978F3540329E16C0AC3BCF677E5669F ] KeyIso C:\Windows\system32\lsass.exe
13:52:06.0599 0376 KeyIso - ok
13:52:06.0662 0376 [ 2B5EC87F403CF6D14E4C59469A31218D ] KodakSvc C:\Program Files\Kodak\printer\center\KodakSvc.exe
13:52:06.0662 0376 KodakSvc - ok
13:52:06.0693 0376 [ 86165728AF9BF72D6442A894FDFB4F8B ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
13:52:06.0693 0376 KSecDD - ok
13:52:06.0724 0376 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
13:52:06.0740 0376 KtmRm - ok
13:52:06.0818 0376 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
13:52:06.0818 0376 LanmanServer - ok
13:52:06.0896 0376 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
13:52:06.0896 0376 LanmanWorkstation - ok
13:52:06.0927 0376 [ ABF90FC5A127F481219B873C1B8DFC1C ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
13:52:06.0927 0376 LightScribeService - ok
13:52:06.0958 0376 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
13:52:06.0958 0376 lltdio - ok
13:52:06.0989 0376 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
13:52:06.0989 0376 lltdsvc - ok
13:52:07.0020 0376 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
13:52:07.0020 0376 lmhosts - ok
13:52:07.0036 0376 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
13:52:07.0036 0376 LSI_FC - ok
13:52:07.0036 0376 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
13:52:07.0052 0376 LSI_SAS - ok
13:52:07.0067 0376 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
13:52:07.0067 0376 LSI_SCSI - ok
13:52:07.0067 0376 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
13:52:07.0067 0376 luafv - ok
13:52:07.0176 0376 [ A330BD12F16FC484027B43EA72B5A5C4 ] lxdqCATSCustConnectService C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
13:52:07.0176 0376 lxdqCATSCustConnectService - ok
13:52:07.0176 0376 lxdq_device - ok
13:52:07.0208 0376 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
13:52:07.0208 0376 Mcx2Svc - ok
13:52:07.0239 0376 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
13:52:07.0239 0376 mdmxsdk - ok
13:52:07.0254 0376 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
13:52:07.0254 0376 megasas - ok
13:52:07.0286 0376 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
13:52:07.0286 0376 MegaSR - ok
13:52:07.0301 0376 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
13:52:07.0301 0376 MMCSS - ok
13:52:07.0317 0376 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
13:52:07.0317 0376 Modem - ok
13:52:07.0332 0376 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
13:52:07.0332 0376 monitor - ok
13:52:07.0348 0376 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
13:52:07.0348 0376 mouclass - ok
13:52:07.0364 0376 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
13:52:07.0364 0376 mouhid - ok
13:52:07.0379 0376 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
13:52:07.0379 0376 MountMgr - ok
13:52:07.0395 0376 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
13:52:07.0395 0376 mpio - ok
13:52:07.0410 0376 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
13:52:07.0410 0376 mpsdrv - ok
13:52:07.0488 0376 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
13:52:07.0488 0376 MpsSvc - ok
13:52:07.0504 0376 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
13:52:07.0504 0376 Mraid35x - ok
13:52:07.0566 0376 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
13:52:07.0566 0376 MRxDAV - ok
13:52:07.0644 0376 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
13:52:07.0644 0376 mrxsmb - ok
13:52:07.0722 0376 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:52:07.0722 0376 mrxsmb10 - ok
13:52:07.0738 0376 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:52:07.0738 0376 mrxsmb20 - ok
13:52:07.0816 0376 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
13:52:07.0816 0376 msahci - ok
13:52:07.0847 0376 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
13:52:07.0847 0376 msdsm - ok
13:52:07.0863 0376 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
13:52:07.0863 0376 MSDTC - ok
13:52:07.0894 0376 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
13:52:07.0894 0376 Msfs - ok
13:52:07.0910 0376 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
13:52:07.0910 0376 msisadrv - ok
13:52:07.0941 0376 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
13:52:07.0941 0376 MSiSCSI - ok
13:52:07.0941 0376 msiserver - ok
13:52:07.0956 0376 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
13:52:07.0956 0376 MSKSSRV - ok
13:52:07.0972 0376 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
13:52:07.0972 0376 MSPCLOCK - ok
13:52:07.0988 0376 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
13:52:07.0988 0376 MSPQM - ok
13:52:08.0050 0376 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
13:52:08.0050 0376 MsRPC - ok
13:52:08.0066 0376 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
13:52:08.0066 0376 mssmbios - ok
13:52:08.0081 0376 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
13:52:08.0081 0376 MSTEE - ok
13:52:08.0097 0376 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
13:52:08.0097 0376 Mup - ok
13:52:08.0144 0376 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
13:52:08.0144 0376 napagent - ok
13:52:08.0222 0376 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
13:52:08.0222 0376 NativeWifiP - ok
13:52:08.0268 0376 NAVENG - ok
13:52:08.0268 0376 NAVEX15 - ok
13:52:08.0362 0376 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
13:52:08.0362 0376 NDIS - ok
13:52:08.0393 0376 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
13:52:08.0393 0376 NdisTapi - ok
13:52:08.0393 0376 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
13:52:08.0393 0376 Ndisuio - ok
13:52:08.0518 0376 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
13:52:08.0518 0376 NdisWan - ok
13:52:08.0612 0376 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
13:52:08.0612 0376 NDProxy - ok
13:52:08.0658 0376 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
13:52:08.0658 0376 NetBIOS - ok
13:52:08.0768 0376 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
13:52:08.0768 0376 netbt - ok
13:52:08.0799 0376 [ 3978F3540329E16C0AC3BCF677E5669F ] Netlogon C:\Windows\system32\lsass.exe
13:52:08.0799 0376 Netlogon - ok
13:52:08.0830 0376 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
13:52:08.0830 0376 Netman - ok
13:52:08.0846 0376 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
13:52:08.0846 0376 netprofm - ok
13:52:08.0924 0376 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:52:08.0924 0376 NetTcpPortSharing - ok
13:52:09.0002 0376 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys
13:52:09.0017 0376 NETw3v32 - ok
13:52:09.0033 0376 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
13:52:09.0033 0376 nfrd960 - ok
13:52:09.0080 0376 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
13:52:09.0080 0376 NlaSvc - ok
13:52:09.0251 0376 [ EE215321E83BE72AB77B6627FD149EAE ] Norton Internet Security C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
13:52:09.0251 0376 Norton Internet Security - ok
13:52:09.0329 0376 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
13:52:09.0329 0376 Npfs - ok
13:52:09.0345 0376 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
13:52:09.0345 0376 nsi - ok
13:52:09.0360 0376 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
13:52:09.0360 0376 nsiproxy - ok
13:52:09.0454 0376 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
13:52:09.0470 0376 Ntfs - ok
13:52:09.0485 0376 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
13:52:09.0485 0376 ntrigdigi - ok
13:52:09.0501 0376 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
13:52:09.0501 0376 Null - ok
13:52:09.0516 0376 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
13:52:09.0516 0376 nvraid - ok
13:52:09.0516 0376 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
13:52:09.0516 0376 nvstor - ok
13:52:09.0548 0376 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
13:52:09.0548 0376 nv_agp - ok
13:52:09.0548 0376 NwlnkFlt - ok
13:52:09.0563 0376 NwlnkFwd - ok
13:52:09.0657 0376 [ 1F0E05DFF4F5A833168E49BE1256F002 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:52:09.0657 0376 odserv - ok
13:52:09.0688 0376 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
13:52:09.0688 0376 ohci1394 - ok
13:52:09.0719 0376 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:52:09.0719 0376 ose - ok
13:52:09.0782 0376 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
13:52:09.0782 0376 p2pimsvc - ok
13:52:09.0813 0376 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
13:52:09.0813 0376 p2psvc - ok
13:52:09.0844 0376 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
13:52:09.0844 0376 Parport - ok
13:52:09.0938 0376 [ 57389FA59A36D96B3EB09D0CB91E9CDC ] partmgr C:\Windows\system32\drivers\partmgr.sys
13:52:09.0938 0376 partmgr - ok
13:52:09.0953 0376 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
13:52:09.0953 0376 Parvdm - ok
13:52:09.0984 0376 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
13:52:10.0000 0376 PcaSvc - ok
13:52:10.0062 0376 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
13:52:10.0062 0376 pci - ok
13:52:10.0078 0376 [ 1D8B3D8DF8EB7FCF2F0AC02F9F947802 ] pciide C:\Windows\system32\drivers\pciide.sys
13:52:10.0078 0376 pciide - ok
13:52:10.0109 0376 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
13:52:10.0109 0376 pcmcia - ok
13:52:10.0156 0376 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
13:52:10.0156 0376 PEAUTH - ok
13:52:10.0234 0376 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
13:52:10.0250 0376 pla - ok
13:52:10.0328 0376 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
13:52:10.0328 0376 PlugPlay - ok
13:52:10.0359 0376 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
13:52:10.0359 0376 PNRPAutoReg - ok
13:52:10.0390 0376 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
13:52:10.0390 0376 PNRPsvc - ok
13:52:10.0484 0376 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
13:52:10.0484 0376 PolicyAgent - ok
13:52:10.0515 0376 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
13:52:10.0515 0376 PptpMiniport - ok
13:52:10.0530 0376 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
13:52:10.0530 0376 Processor - ok
13:52:10.0546 0376 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
13:52:10.0546 0376 ProfSvc - ok
13:52:10.0562 0376 [ 3978F3540329E16C0AC3BCF677E5669F ] ProtectedStorage C:\Windows\system32\lsass.exe
13:52:10.0562 0376 ProtectedStorage - ok
13:52:10.0640 0376 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
13:52:10.0640 0376 PSched - ok
13:52:10.0718 0376 [ 153D02480A0A2F45785522E814C634B6 ] PxHelp20 C:\Windows\system32\Drivers\PxHelp20.sys
13:52:10.0718 0376 PxHelp20 - ok
13:52:10.0749 0376 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
13:52:10.0749 0376 ql2300 - ok
13:52:10.0764 0376 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
13:52:10.0764 0376 ql40xx - ok
13:52:10.0796 0376 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
13:52:10.0796 0376 QWAVE - ok
13:52:10.0811 0376 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
13:52:10.0811 0376 QWAVEdrv - ok
13:52:10.0827 0376 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
13:52:10.0827 0376 RasAcd - ok
13:52:10.0842 0376 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
13:52:10.0842 0376 RasAuto - ok
13:52:10.0874 0376 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
13:52:10.0874 0376 Rasl2tp - ok
13:52:10.0952 0376 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
13:52:10.0952 0376 RasMan - ok
13:52:11.0014 0376 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
13:52:11.0014 0376 RasPppoe - ok
13:52:11.0030 0376 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
13:52:11.0030 0376 RasSstp - ok
13:52:11.0092 0376 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
13:52:11.0108 0376 rdbss - ok
13:52:11.0154 0376 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
13:52:11.0154 0376 RDPCDD - ok
13:52:11.0170 0376 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
13:52:11.0186 0376 rdpdr - ok
13:52:11.0186 0376 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
13:52:11.0186 0376 RDPENCDD - ok
13:52:11.0295 0376 [ 30BFBDFB7F95559EDE971F9DDB9A00BA ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
13:52:11.0295 0376 RDPWD - ok
13:52:11.0342 0376 [ 0D362785BEF9BDF5A6E1F4628D06716D ] Recovery Service for Windows C:\Program Files\SMINST\BLService.exe
13:52:11.0342 0376 Recovery Service for Windows - ok
13:52:11.0373 0376 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
13:52:11.0373 0376 RemoteAccess - ok
13:52:11.0451 0376 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
13:52:11.0451 0376 RemoteRegistry - ok
13:52:11.0513 0376 [ 805AE1F90C64758D19AAA001CF8CBA12 ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
13:52:11.0513 0376 RichVideo - ok
13:52:11.0513 0376 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
13:52:11.0513 0376 RpcLocator - ok
13:52:11.0544 0376 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
13:52:11.0544 0376 RpcSs - ok
13:52:11.0576 0376 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
13:52:11.0576 0376 rspndr - ok
13:52:11.0607 0376 [ 125C504A34D0A2E152517E342E7E432C ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
13:52:11.0607 0376 RTL8169 - ok
13:52:11.0638 0376 [ 08C3394391AB0AFF65D75AE65D4207E1 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
13:52:11.0638 0376 RTSTOR - ok
13:52:11.0654 0376 [ 3978F3540329E16C0AC3BCF677E5669F ] SamSs C:\Windows\system32\lsass.exe
13:52:11.0654 0376 SamSs - ok
13:52:11.0685 0376 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
13:52:11.0685 0376 sbp2port - ok
13:52:11.0747 0376 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
13:52:11.0763 0376 SCardSvr - ok
13:52:11.0825 0376 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
13:52:11.0841 0376 Schedule - ok
13:52:11.0903 0376 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
13:52:11.0903 0376 SCPolicySvc - ok
13:52:11.0934 0376 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
13:52:11.0934 0376 sdbus - ok
13:52:11.0966 0376 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
13:52:11.0966 0376 SDRSVC - ok
13:52:11.0981 0376 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
13:52:11.0981 0376 secdrv - ok
13:52:11.0997 0376 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
13:52:11.0997 0376 seclogon - ok
13:52:12.0012 0376 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
13:52:12.0012 0376 SENS - ok
13:52:12.0028 0376 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
13:52:12.0028 0376 Serenum - ok
13:52:12.0044 0376 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
13:52:12.0044 0376 Serial - ok
13:52:12.0075 0376 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
13:52:12.0075 0376 sermouse - ok
13:52:12.0106 0376 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
13:52:12.0106 0376 SessionEnv - ok
13:52:12.0122 0376 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
13:52:12.0122 0376 sffdisk - ok
13:52:12.0137 0376 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
13:52:12.0137 0376 sffp_mmc - ok
13:52:12.0153 0376 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
13:52:12.0168 0376 sffp_sd - ok
13:52:12.0184 0376 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
13:52:12.0184 0376 sfloppy - ok
13:52:12.0231 0376 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
13:52:12.0231 0376 SharedAccess - ok
13:52:12.0278 0376 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
13:52:12.0278 0376 ShellHWDetection - ok
13:52:12.0293 0376 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
13:52:12.0293 0376 sisagp - ok
13:52:12.0309 0376 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
13:52:12.0309 0376 SiSRaid2 - ok
13:52:12.0324 0376 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
13:52:12.0324 0376 SiSRaid4 - ok
13:52:12.0465 0376 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
13:52:12.0496 0376 slsvc - ok
13:52:12.0574 0376 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
13:52:12.0574 0376 SLUINotify - ok
13:52:12.0636 0376 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
13:52:12.0636 0376 Smb - ok
13:52:12.0668 0376 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
13:52:12.0668 0376 SNMPTRAP - ok
13:52:12.0714 0376 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
13:52:12.0714 0376 spldr - ok
13:52:12.0746 0376 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
13:52:12.0746 0376 Spooler - ok
13:52:12.0917 0376 [ E81F6CAEAB9AD5732E94C07C97866AA2 ] SRTSP C:\Windows\System32\Drivers\NIS\1008000.029\SRTSP.SYS
13:52:12.0933 0376 SRTSP - ok
13:52:12.0948 0376 [ E28DE499D942B08058BFFAC69D4122B6 ] SRTSPX C:\Windows\system32\drivers\NIS\1008000.029\SRTSPX.SYS
13:52:12.0948 0376 SRTSPX - ok
13:52:13.0011 0376 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
13:52:13.0011 0376 srv - ok
13:52:13.0042 0376 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
13:52:13.0042 0376 srv2 - ok
13:52:13.0073 0376 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
13:52:13.0073 0376 srvnet - ok
13:52:13.0104 0376 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
13:52:13.0104 0376 SSDPSRV - ok
13:52:13.0136 0376 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
13:52:13.0136 0376 SstpSvc - ok
13:52:13.0214 0376 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
13:52:13.0229 0376 stisvc - ok
13:52:13.0245 0376 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
13:52:13.0245 0376 swenum - ok
13:52:13.0260 0376 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
13:52:13.0276 0376 swprv - ok
13:52:13.0292 0376 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
13:52:13.0292 0376 Symc8xx - ok
13:52:13.0292 0376 SYMDNS - ok
13:52:13.0338 0376 [ D0885F6E24259A6C65E68D6AD749910A ] SymEFA C:\Windows\system32\drivers\NIS\1008000.029\SYMEFA.SYS
13:52:13.0338 0376 SymEFA - ok
13:52:13.0354 0376 [ A54FF04BD6E75DC4D8CB6F3E352635E0 ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
13:52:13.0354 0376 SymEvent - ok
13:52:13.0432 0376 [ 1E825026436C4EAC3E1A11D1E9C33F2C ] SYMFW C:\Windows\System32\Drivers\NIS\1008000.029\SYMFW.SYS
13:52:13.0432 0376 SYMFW - ok
13:52:13.0463 0376 [ 34F1C9D5DCC19DF1E824D6B73767B8AF ] SymIM C:\Windows\system32\DRIVERS\SymIMv.sys
13:52:13.0463 0376 SymIM - ok
13:52:13.0479 0376 [ DCBF73DA96CCE94933C8CC6EDED3C98B ] SYMNDISV C:\Windows\System32\Drivers\NIS\1008000.029\SYMNDISV.SYS
13:52:13.0479 0376 SYMNDISV - ok
13:52:13.0479 0376 SYMREDRV - ok
13:52:13.0510 0376 [ E4FA8BBB96E314E9508865DE1A767538 ] SYMTDI C:\Windows\System32\Drivers\NIS\1008000.029\SYMTDI.SYS
13:52:13.0510 0376 SYMTDI - ok
13:52:13.0526 0376 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
13:52:13.0526 0376 Sym_hi - ok
13:52:13.0541 0376 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
13:52:13.0541 0376 Sym_u3 - ok
13:52:13.0572 0376 [ 00B19F27858F56181EDB58B71A7C67A0 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
13:52:13.0588 0376 SynTP - ok
13:52:13.0666 0376 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
13:52:13.0666 0376 SysMain - ok
13:52:13.0682 0376 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
13:52:13.0697 0376 TabletInputService - ok
13:52:13.0853 0376 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
13:52:13.0853 0376 TapiSrv - ok
13:52:13.0884 0376 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
13:52:13.0884 0376 TBS - ok
13:52:14.0087 0376 [ 2756186E287139310997090797E0182B ] Tcpip C:\Windows\system32\drivers\tcpip.sys
13:52:14.0103 0376 Tcpip - ok
13:52:14.0181 0376 [ 2756186E287139310997090797E0182B ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
13:52:14.0196 0376 Tcpip6 - ok
13:52:14.0243 0376 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
13:52:14.0243 0376 tcpipreg - ok
13:52:14.0274 0376 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
13:52:14.0274 0376 TDPIPE - ok
13:52:14.0274 0376 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
13:52:14.0290 0376 TDTCP - ok
13:52:14.0352 0376 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
13:52:14.0352 0376 tdx - ok
13:52:14.0415 0376 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
13:52:14.0415 0376 TermDD - ok
13:52:14.0446 0376 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
13:52:14.0446 0376 TermService - ok
13:52:14.0462 0376 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
13:52:14.0477 0376 Themes - ok
13:52:14.0493 0376 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
13:52:14.0493 0376 THREADORDER - ok
13:52:14.0508 0376 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
13:52:14.0508 0376 TrkWks - ok
13:52:14.0571 0376 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
13:52:14.0571 0376 TrustedInstaller - ok
13:52:14.0618 0376 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
13:52:14.0618 0376 tssecsrv - ok
13:52:14.0649 0376 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
13:52:14.0649 0376 tunmp - ok
13:52:14.0664 0376 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
13:52:14.0680 0376 tunnel - ok
13:52:14.0711 0376 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
13:52:14.0711 0376 uagp35 - ok
13:52:14.0727 0376 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
13:52:14.0727 0376 udfs - ok
13:52:14.0774 0376 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
13:52:14.0774 0376 UI0Detect - ok
13:52:14.0805 0376 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
13:52:14.0805 0376 uliagpkx - ok
13:52:14.0820 0376 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
13:52:14.0820 0376 uliahci - ok
13:52:14.0836 0376 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
13:52:14.0836 0376 UlSata - ok
13:52:14.0867 0376 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
13:52:14.0867 0376 ulsata2 - ok
13:52:14.0867 0376 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
13:52:14.0883 0376 umbus - ok
13:52:14.0898 0376 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
13:52:14.0898 0376 upnphost - ok
13:52:14.0914 0376 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
13:52:14.0914 0376 usbccgp - ok
13:52:14.0945 0376 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
13:52:14.0945 0376 usbcir - ok
13:52:15.0023 0376 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
13:52:15.0023 0376 usbehci - ok
13:52:15.0039 0376 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
13:52:15.0039 0376 usbhub - ok
13:52:15.0054 0376 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
13:52:15.0070 0376 usbohci - ok
13:52:15.0101 0376 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
13:52:15.0101 0376 usbprint - ok
13:52:15.0132 0376 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
13:52:15.0132 0376 usbscan - ok
13:52:15.0210 0376 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:52:15.0210 0376 USBSTOR - ok
13:52:15.0242 0376 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
13:52:15.0242 0376 usbuhci - ok
13:52:15.0304 0376 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
13:52:15.0320 0376 UxSms - ok
13:52:15.0382 0376 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
13:52:15.0398 0376 vds - ok
13:52:15.0413 0376 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
13:52:15.0413 0376 vga - ok
13:52:15.0413 0376 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
13:52:15.0413 0376 VgaSave - ok
13:52:15.0444 0376 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
13:52:15.0444 0376 viaagp - ok
13:52:15.0460 0376 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
13:52:15.0460 0376 ViaC7 - ok
13:52:15.0476 0376 [ EA1AA6E3ABB3C194FEBA12A46DE8CF2C ] viaide C:\Windows\system32\drivers\viaide.sys
13:52:15.0476 0376 viaide - ok
13:52:15.0507 0376 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
13:52:15.0507 0376 volmgr - ok
13:52:15.0569 0376 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
13:52:15.0585 0376 volmgrx - ok
13:52:15.0600 0376 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
13:52:15.0600 0376 volsnap - ok
13:52:15.0647 0376 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
13:52:15.0647 0376 vsmraid - ok
13:52:15.0741 0376 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
13:52:15.0741 0376 VSS - ok
13:52:15.0834 0376 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
13:52:15.0834 0376 W32Time - ok
13:52:15.0850 0376 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
13:52:15.0866 0376 WacomPen - ok
13:52:15.0881 0376 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
13:52:15.0881 0376 Wanarp - ok
13:52:15.0897 0376 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
13:52:15.0897 0376 Wanarpv6 - ok
13:52:15.0912 0376 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
13:52:15.0912 0376 wcncsvc - ok
13:52:15.0944 0376 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
13:52:15.0944 0376 WcsPlugInService - ok
13:52:15.0959 0376 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
13:52:15.0959 0376 Wd - ok
13:52:15.0990 0376 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
13:52:15.0990 0376 Wdf01000 - ok
13:52:16.0006 0376 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
13:52:16.0006 0376 WdiServiceHost - ok
13:52:16.0006 0376 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
13:52:16.0022 0376 WdiSystemHost - ok
13:52:16.0100 0376 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
13:52:16.0100 0376 WebClient - ok
13:52:16.0178 0376 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
13:52:16.0178 0376 Wecsvc - ok
13:52:16.0209 0376 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
13:52:16.0209 0376 wercplsupport - ok
13:52:16.0302 0376 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
13:52:16.0302 0376 WerSvc - ok
13:52:16.0334 0376 [ 0ACD399F5DB3DF1B58903CF4949AB5A8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
13:52:16.0334 0376 winachsf - ok
13:52:16.0380 0376 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
13:52:16.0380 0376 WinDefend - ok
13:52:16.0380 0376 WinHttpAutoProxySvc - ok
13:52:16.0427 0376 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
13:52:16.0427 0376 Winmgmt - ok
13:52:16.0521 0376 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
13:52:16.0536 0376 WinRM - ok
13:52:16.0614 0376 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
13:52:16.0630 0376 Wlansvc - ok
13:52:16.0661 0376 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
13:52:16.0661 0376 WmiAcpi - ok
13:52:16.0724 0376 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
13:52:16.0724 0376 wmiApSrv - ok
13:52:16.0802 0376 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
13:52:16.0802 0376 WMPNetworkSvc - ok
13:52:16.0817 0376 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
13:52:16.0817 0376 WPCSvc - ok
13:52:16.0911 0376 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
13:52:16.0911 0376 WPDBusEnum - ok
13:52:16.0942 0376 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
13:52:16.0942 0376 WpdUsb - ok
13:52:17.0176 0376 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:52:17.0176 0376 WPFFontCache_v0400 - ok
13:52:17.0207 0376 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
13:52:17.0223 0376 ws2ifsl - ok
13:52:17.0301 0376 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
13:52:17.0301 0376 wscsvc - ok
13:52:17.0301 0376 WSearch - ok
13:52:17.0441 0376 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
13:52:17.0441 0376 wuauserv - ok
13:52:17.0457 0376 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
13:52:17.0457 0376 WUDFRd - ok
13:52:17.0488 0376 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
13:52:17.0488 0376 wudfsvc - ok
13:52:17.0519 0376 [ DAB33CFA9DD24251AAA389FF36B64D4B ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys
13:52:17.0519 0376 XAudio - ok
13:52:17.0535 0376 [ CD5F291A1161F15896D1A4D63DAFF5DF ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe
13:52:17.0535 0376 XAudioService - ok
13:52:17.0566 0376 [ 7D1F3B131D503EF43EE594B5A2B9B427 ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
13:52:17.0566 0376 yukonwlh - ok
13:52:17.0582 0376 ================ Scan global ===============================
13:52:17.0613 0376 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
13:52:17.0691 0376 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
13:52:17.0706 0376 [ 9A7A3BC8DC7E7ECABA2478CED4C38CBD ] C:\Windows\system32\winsrv.dll
13:52:17.0769 0376 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
13:52:17.0769 0376 [Global] - ok
13:52:17.0769 0376 ================ Scan MBR ==================================
13:52:17.0784 0376 [ 588AE8F0C685C02BA11F30D9CD7E61A0 ] \Device\Harddisk0\DR0
13:52:18.0128 0376 \Device\Harddisk0\DR0 - ok
13:52:18.0128 0376 ================ Scan VBR ==================================
13:52:18.0143 0376 [ 6899D59CBD8DA9402987FDBEABEA1D09 ] \Device\Harddisk0\DR0\Partition1
13:52:18.0143 0376 \Device\Harddisk0\DR0\Partition1 - ok
13:52:18.0143 0376 [ 3B767390B28040E360C4477AE4E1518F ] \Device\Harddisk0\DR0\Partition2
13:52:18.0159 0376 \Device\Harddisk0\DR0\Partition2 - ok
13:52:18.0159 0376 ============================================================
13:52:18.0159 0376 Scan finished
13:52:18.0159 0376 ============================================================
13:52:18.0159 1356 Detected object count: 0
13:52:18.0159 1356 Actual detected object count: 0


... and ...


MBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-11-06 13:53:20
-----------------------------
13:53:20.746 OS Version: Windows 6.0.6002 Service Pack 2
13:53:20.746 Number of processors: 2 586 0xF0D
13:53:20.746 ComputerName: KIM-PC UserName: Kim
13:53:21.635 Initialize success
13:54:02.055 AVAST engine defs: 12110701
13:55:01.538 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
13:55:01.538 Disk 0 Vendor: ST9250320AS HP07 Size: 238475MB BusType: 3
13:55:01.553 Disk 0 MBR read successfully
13:55:01.569 Disk 0 MBR scan
13:55:01.569 Disk 0 unknown MBR code
13:55:01.647 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 227327 MB offset 63
13:55:01.694 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11144 MB offset 465567744
13:55:01.709 Disk 0 scanning sectors +488390656
13:55:01.803 Disk 0 scanning C:\Windows\system32\drivers
13:55:17.028 Service scanning
13:55:45.639 Modules scanning
13:55:52.581 Disk 0 trace - called modules:
13:55:52.628 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
13:55:52.628 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x854d90b8]
13:55:52.628 3 CLASSPNP.SYS[805db8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85398b98]
13:55:53.423 AVAST engine scan C:\Windows
13:55:56.762 AVAST engine scan C:\Windows\system32
13:59:59.123 AVAST engine scan C:\Windows\system32\drivers
14:00:20.760 AVAST engine scan C:\Users\Kim
14:01:56.264 AVAST engine scan C:\ProgramData
14:05:46.130 Scan finished successfully
14:06:06.612 Disk 0 MBR has been saved successfully to "C:\Users\Kim\Desktop\MBR.dat"
14:06:06.628 The log file has been saved successfully to "C:\Users\Kim\Desktop\aswMBR.txt"

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 07 November 2012 - 07:34 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

File::
c:\windows\system32\drivers\tsqgdjls.sys

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 07 November 2012 - 10:30 PM

No change in computer. 8E error, must boot in Safe Mode.

Here is the ComboFix log:

ComboFix 12-11-06.03 - Kim 11/06/2012 12:07:48.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.1978.1477 [GMT -5:00]
Running from: c:\users\Kim\Desktop\ComboFix.exe
Command switches used :: c:\users\Kim\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Outdated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}
FW: Norton Internet Security *Disabled* {B0F2DB13-C654-2E74-30D4-99C9310F0F2E}
SP: Norton Internet Security *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\drivers\tsqgdjls.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\drivers\tsqgdjls.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-10-06 to 2012-11-06 )))))))))))))))))))))))))))))))
.
.
2012-11-06 17:17 . 2012-11-06 17:17 -------- d-----w- c:\users\Kim\AppData\Local\temp
2012-11-06 17:17 . 2012-11-06 17:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-04 00:51 . 2008-06-10 18:54 123904 ----a-w- c:\windows\system32\drivers\Rtlh86.sys
2012-11-04 00:51 . 2012-11-04 00:51 -------- d-----w- c:\users\Kim\AppData\Roaming\InstallShield
2012-11-04 00:06 . 2012-11-04 00:06 -------- d-----w- c:\program files\Microsoft SQL Server
2012-11-03 00:26 . 2012-11-03 00:26 -------- d-----w- c:\program files\ESET
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-29 23:54 . 2012-08-08 02:44 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{01489D7E-69A5-4740-9F0E-F66D246E1F8d}]
c:\windows\system32\wscui32.dll [BU]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
c:\program files\Ask.com\GenericAskToolbar.dll [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [BU]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Norton Download Manager{NIS202019-SHPD-FSD31014}"="c:\users\Public\Downloads\Norton\{NIS202019-SHPD-FSD31014}\setup.exe" [2012-11-04 915400]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
"UpdateLBPShortCut"="c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2008-02-15 1052672]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"lxdqmon.exe"="c:\program files\Lexmark Z2400 Series\lxdqmon.exe" [2007-12-17 656040]
"lxdqamon"="c:\program files\Lexmark Z2400 Series\lxdqamon.exe" [2007-12-17 16040]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-26 170520]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-02-18 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleUpdate"="c:\users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ECACHE
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 18:14 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 18:02]
.
2012-11-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-03 18:02]
.
2011-09-14 c:\windows\Tasks\HPCeeScheduleForKim.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/?ilc=1
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-06 12:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.8.0.41\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2012-11-06 12:19:06
ComboFix-quarantined-files.txt 2012-11-06 17:19
ComboFix2.txt 2012-11-06 05:50
ComboFix3.txt 2012-11-04 05:40
.
Pre-Run: 156,237,119,488 bytes free
Post-Run: 156,257,206,272 bytes free
.
- - End Of File - - CE8158D92C611AA8AB7D2B887AB06131

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 07 November 2012 - 11:28 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 08 November 2012 - 06:01 PM

Hi,

Here is the OTL log:

OTL logfile created on: 11/7/2012 5:50:30 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Kim\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.93 Gb Total Physical Memory | 1.50 Gb Available Physical Memory | 77.45% Memory free
2.10 Gb Paging File | 1.83 Gb Available in Paging File | 87.17% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 222.00 Gb Total Space | 145.60 Gb Free Space | 65.59% Space Free | Partition Type: NTFS
Drive D: | 10.88 Gb Total Space | 10.80 Gb Free Space | 99.24% Space Free | Partition Type: NTFS

Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kim\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========


========== Services (SafeList) ==========

SRV - (gusvc) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Norton Internet Security) -- C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe (Symantec Corporation)
SRV - (Recovery Service for Windows) -- C:\Program Files\SMINST\BLService.exe ()
SRV - (KodakSvc) -- C:\Program Files\Kodak\Printer\Center\KodakSvc.exe (Eastman Kodak Company)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (lxdq_device) -- C:\Windows\System32\lxdqcoms.exe ( )
SRV - (lxdqCATSCustConnectService) -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdqserv.exe ()


========== Driver Services (SafeList) ==========

DRV - (SYMREDRV) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMREDRV.SYS File not found
DRV - (SYMDNS) -- C:\Windows\System32\Drivers\NIS\1002000.007\SYMDNS.SYS File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100610.003\NAVEX15.SYS File not found
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20100610.003\NAVENG.SYS File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys File not found
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20100604.004\IDSvix86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (ccHP) -- C:\Windows\System32\drivers\NIS\1008000.029\cchpx86.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1008000.029\SymEFA.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1008000.029\srtsp.sys (Symantec Corporation)
DRV - (BHDrvx86) -- C:\Windows\System32\drivers\NIS\1008000.029\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDI) -- C:\Windows\System32\drivers\NIS\1008000.029\symtdi.sys (Symantec Corporation)
DRV - (SYMFW) -- C:\Windows\System32\drivers\NIS\1008000.029\symfw.sys (Symantec Corporation)
DRV - (SYMNDISV) -- C:\Windows\System32\drivers\NIS\1008000.029\symndisv.sys (Symantec Corporation)
DRV - (SRTSPX) -- C:\Windows\System32\drivers\NIS\1008000.029\srtspx.sys (Symantec Corporation)
DRV - (SymIM) -- C:\Windows\System32\drivers\SymIMV.sys (Symantec Corporation)
DRV - (IntcHdmiAddService) -- C:\Windows\System32\drivers\IntcHdmi.sys (Intel® Corporation)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation )
DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.)
DRV - (NETw3v32) -- C:\Windows\System32\drivers\NETw3v32.sys (Intel Corporation)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPNTDF
IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7E 9D 48 01 A5 69 40 47 9F 0E F6 6D 24 6E 1F 8D [binary data]
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7E 9D 48 01 A5 69 40 47 9F 0E F6 6D 24 6E 1F 8D [binary data]
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope =

IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\SOFTWARE\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 7E 9D 48 01 A5 69 40 47 9F 0E F6 6D 24 6E 1F 8D [binary data]
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes,DefaultScope = {9001ECE5-27F9-7260-292B-CF945347FC97}
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{3409D94C-3651-4994-BBAB-B522D90B774C}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=UTF-8&fr=freeze&type=W3i_DS,105,0_0,Search,20090208,0,0,0,0
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{6A28AFCB-D7B6-4628-8EA2-D66964A22F01}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=HPNTDF&pc=HPNTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{9001ECE5-27F9-7260-292B-CF945347FC97}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z129&form=ZGAIDF&install_date=20110912&iesrc={referrer:source}
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{CE3A3FD1-0A27-07DC-3FED-9D0FBEBC1CD0}: "URL" = http://www.bing.com/search?q={searchTerms}&pc=Z131&form=ZGAIDF&install_date=20110912&iesrc={referrer:source}
IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Kim\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Users\Kim\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\ [2012/06/17 18:49:38 | 000,000,000 | ---D | M]

[2010/12/16 07:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/28 06:03:12 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/26 08:02:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/07/17 04:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/07/02 10:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

========== Chrome ==========


O1 HOSTS File: ([2012/11/06 12:17:18 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Reg Error: Value error.) - {01489D7E-69A5-4740-9F0E-F66D246E1F8d} - C:\Windows\system32\wscui32.dll File not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Kim\AppData\Local\Temp\low\COUPON~1.DLL File not found
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll File not found
O2 - BHO: (Microsoft Live Search Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKLM\..\Toolbar: (Microsoft Live Search Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKLM\..\Toolbar: (The Weather Channel Toolbar) - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll ()
O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Kim\AppData\Local\Temp\low\CouponsBar.dll File not found
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company)
O4 - HKLM..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [lxdqamon] C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe ()
O4 - HKLM..\Run: [lxdqmon.exe] C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe ()
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDIRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe File not found
O4 - HKU\S-1-5-18..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe File not found
O4 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000..\Run: [Norton Download Manager{NIS202019-SHPD-FSD31014}] C:\Users\Public\Downloads\Norton\{NIS202019-SHPD-FSD31014}\setup.exe (Symantec Corporation)
O4 - HKLM..\RunOnceEx: [] File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([http] in Local intranet)
O15 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..Trusted Ranges: Range1 ([http] in Local intranet)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{705F09E2-C31B-4BE5-B8FD-B98333A1B7F2}: DhcpNameServer = 172.168.20.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B706EEBA-A49C-4DF6-BB8F-E025630EC6B7}: DhcpNameServer = 24.247.24.53 66.189.0.100 24.178.162.3
O18 - Protocol\Handler\symres {AA1061FE-6C41-421f-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\CoIEPlg.dll (Symantec Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/07 05:47:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2012/11/06 13:48:01 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Kim\Desktop\aswMBR.exe
[2012/11/06 13:47:46 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Kim\Desktop\tdsskiller.exe
[2012/11/06 12:19:09 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/11/06 12:19:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/11/06 12:19:08 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\temp
[2012/11/06 00:37:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/06 00:35:22 | 004,997,881 | R--- | C] (Swearware) -- C:\Users\Kim\Desktop\ComboFix.exe
[2012/11/05 21:46:36 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\LOGS
[2012/11/04 00:42:46 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2012/11/04 00:22:45 | 000,571,904 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumdx32.dll
[2012/11/04 00:22:44 | 011,040,256 | ---- | C] (Intel Corporation) -- C:\Windows\System32\ig4icd32.dll
[2012/11/04 00:22:44 | 004,411,904 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igd10umd32.dll
[2012/11/04 00:22:44 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtrk.lrc
[2012/11/04 00:22:44 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrhun.lrc
[2012/11/04 00:22:43 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrell.lrc
[2012/11/04 00:22:43 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsky.lrc
[2012/11/04 00:22:43 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrrus.lrc
[2012/11/04 00:22:43 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrsve.lrc
[2012/11/04 00:22:43 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrslv.lrc
[2012/11/04 00:22:43 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcsy.lrc
[2012/11/04 00:22:43 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrtha.lrc
[2012/11/04 00:22:42 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptg.lrc
[2012/11/04 00:22:42 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrplk.lrc
[2012/11/04 00:22:42 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnld.lrc
[2012/11/04 00:22:42 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrptb.lrc
[2012/11/04 00:22:42 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrnor.lrc
[2012/11/04 00:22:41 | 000,086,528 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfra.lrc
[2012/11/04 00:22:41 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrita.lrc
[2012/11/04 00:22:41 | 000,086,016 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdeu.lrc
[2012/11/04 00:22:41 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrfin.lrc
[2012/11/04 00:22:41 | 000,085,504 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrenu.lrc
[2012/11/04 00:22:41 | 000,084,992 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrdan.lrc
[2012/11/04 00:22:41 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrheb.lrc
[2012/11/04 00:22:41 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrkor.lrc
[2012/11/04 00:22:41 | 000,082,944 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrjpn.lrc
[2012/11/04 00:22:40 | 000,261,632 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxTMM.dll
[2012/11/04 00:22:40 | 000,084,480 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrara.lrc
[2012/11/04 00:22:40 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrcht.lrc
[2012/11/04 00:22:40 | 000,081,920 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxrchs.lrc
[2012/11/04 00:22:40 | 000,023,552 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxexps.dll
[2012/11/04 00:22:39 | 000,828,928 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxress.dll
[2012/11/04 00:22:39 | 000,194,560 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxpph.dll
[2012/11/04 00:22:39 | 000,130,048 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxdo.dll
[2012/11/04 00:22:39 | 000,115,200 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxcpl.cpl
[2012/11/04 00:22:38 | 000,094,720 | ---- | C] (Intel Corporation) -- C:\Windows\System32\hccutils.dll
[2012/11/04 00:22:38 | 000,057,344 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igfxsrvc.dll
[2012/11/04 00:22:37 | 004,967,424 | ---- | C] (Intel Corporation) -- C:\Windows\System32\igdumd32.dll
[2012/11/03 19:51:37 | 000,123,904 | ---- | C] (Realtek Corporation ) -- C:\Windows\System32\drivers\Rtlh86.sys
[2012/11/03 19:51:34 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\InstallShield
[2012/11/03 19:06:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server
[2012/11/02 20:25:49 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2012/11/02 19:26:09 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/11/02 18:55:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/02 18:55:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/02 18:55:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/02 15:41:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

========== Files - Modified Within 30 Days ==========

[2012/11/07 06:39:19 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/07 05:47:39 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Desktop\OTL.exe
[2012/11/07 05:44:56 | 000,606,420 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/07 05:44:56 | 000,104,430 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/07 05:44:31 | 000,001,356 | ---- | M] () -- C:\Users\Kim\AppData\Local\d3d9caps.dat
[2012/11/07 05:40:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/07 05:40:28 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2012/11/06 13:48:16 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Kim\Desktop\aswMBR.exe
[2012/11/06 13:47:46 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Kim\Desktop\tdsskiller.exe
[2012/11/06 12:17:18 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/06 00:35:22 | 004,997,881 | R--- | M] (Swearware) -- C:\Users\Kim\Desktop\ComboFix.exe
[2012/11/04 06:41:09 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/11/04 06:41:09 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/11/04 04:30:19 | 000,000,000 | ---- | M] () -- C:\Users\Kim\defogger_reenable
[2012/11/04 01:06:12 | 000,024,576 | ---- | M] () -- C:\Windows\System32\umstartup.etl
[2012/11/04 00:42:46 | 000,000,881 | ---- | M] () -- C:\Users\Kim\Desktop\Norton Download Manager.lnk
[2012/11/04 00:42:46 | 000,000,829 | ---- | M] () -- C:\Users\Kim\Desktop\Norton Installation Files.lnk
[2012/11/04 00:11:15 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/03 21:21:47 | 000,001,028 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\wklnhst.dat
[2012/11/03 15:44:21 | 000,002,243 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012/11/03 14:48:39 | 000,000,164 | ---- | M] () -- C:\Users\Kim\Documents\cc_20121103_154837.reg
[2012/11/03 14:48:29 | 000,000,976 | ---- | M] () -- C:\Users\Kim\Documents\cc_20121103_154826.reg
[2012/11/03 14:48:03 | 000,160,490 | ---- | M] () -- C:\Users\Kim\Documents\cc_20121103_154755.reg
[2012/11/02 16:35:31 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

========== Files Created - No Company Name ==========

[2012/11/04 06:41:09 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/11/04 06:41:09 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/11/04 04:30:19 | 000,000,000 | ---- | C] () -- C:\Users\Kim\defogger_reenable
[2012/11/04 00:42:46 | 000,000,881 | ---- | C] () -- C:\Users\Kim\Desktop\Norton Download Manager.lnk
[2012/11/04 00:42:46 | 000,000,829 | ---- | C] () -- C:\Users\Kim\Desktop\Norton Installation Files.lnk
[2012/11/04 00:22:38 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin
[2012/11/04 00:22:38 | 000,060,226 | ---- | C] () -- C:\Windows\System32\iglhxc32.vp
[2012/11/04 00:22:38 | 000,060,015 | ---- | C] () -- C:\Windows\System32\iglhxo32.vp
[2012/11/04 00:22:38 | 000,051,432 | ---- | C] () -- C:\Windows\System32\iglhxs32.vp
[2012/11/04 00:22:37 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin
[2012/11/03 15:34:33 | 000,002,243 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012/11/03 14:48:38 | 000,000,164 | ---- | C] () -- C:\Users\Kim\Documents\cc_20121103_154837.reg
[2012/11/03 14:48:27 | 000,000,976 | ---- | C] () -- C:\Users\Kim\Documents\cc_20121103_154826.reg
[2012/11/03 14:47:59 | 000,160,490 | ---- | C] () -- C:\Users\Kim\Documents\cc_20121103_154755.reg
[2012/11/02 18:55:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/02 18:55:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/02 18:55:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/02 18:55:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/02 18:55:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/06/17 14:54:25 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/09/15 09:04:25 | 000,001,048 | --S- | C] () -- C:\Users\Kim\AppData\Local\u1c1x8d031o
[2011/09/15 09:04:25 | 000,001,048 | --S- | C] () -- C:\ProgramData\u1c1x8d031o
[2010/12/29 17:13:41 | 000,085,504 | ---- | C] () -- C:\Users\Kim\Cover Letter.wps
[2010/04/20 20:26:20 | 005,853,391 | ---- | C] () -- C:\Users\Kim\School Stuff.zip
[2009/07/22 11:21:02 | 000,001,028 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\wklnhst.dat
[2009/03/30 13:07:50 | 000,024,064 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\UserTile.png
[2009/02/18 21:50:29 | 000,001,356 | ---- | C] () -- C:\Users\Kim\AppData\Local\d3d9caps.dat
[2009/02/08 16:45:27 | 000,009,728 | ---- | C] () -- C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/29 12:46:38 | 000,000,284 | ---- | C] () -- C:\ProgramData\hpqp.ini

========== ZeroAccess Check ==========

[2006/11/02 07:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011/01/21 11:35:22 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 01:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 01:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 09 November 2012 - 07:17 AM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: File not found
    O2 - BHO: (Reg Error: Value error.) - {01489D7E-69A5-4740-9F0E-F66D246E1F8d} - C:\Windows\system32\wscui32.dll File not found
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O2 - BHO: (TTB000000 Class) - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Kim\AppData\Local\Temp\low\COUPON~1.DLL File not found
    O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll File not found
    O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
    O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - No CLSID value found.
    O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O3 - HKLM\..\Toolbar: (CouponBar) - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Kim\AppData\Local\Temp\low\CouponsBar.dll File not found
    O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
    O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\ShellBrowser: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - No CLSID value found.
    O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\WebBrowser: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
    O3 - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll File not found
    O4 - HKLM..\Run: [] File not found
    O4 - HKU\.DEFAULT..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe File not found
    O4 - HKU\S-1-5-18..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe File not found
    O4 - HKLM..\RunOnceEx: [] File not found
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found
    O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
    O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll File not found
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
    IE - HKLM\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    IE - HKU\S-1-5-21-842962935-2745682638-1565733781-1000\..\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}: "URL" = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 09 November 2012 - 07:14 PM

No change.

BSOD 8E error.

I can only boot in safe mode.

Here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@canon.com/MycameraPlugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{01489D7E-69A5-4740-9F0E-F66D246E1F8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01489D7E-69A5-4740-9F0E-F66D246E1F8d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B49699FC-1665-4414-A1CB-C4A2A4A13EEC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EDC0F17F-F4B7-47e4-B73E-887FAEB376FA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0626A63-410B-45E2-99A1-3F2475B2D695}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{5BED3930-2E9E-76D8-BACC-80DF2188D455} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5BED3930-2E9E-76D8-BACC-80DF2188D455}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{1017A80C-6F09-4548-A84D-EDD6AC9525F0} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}\ not found.
Registry value HKEY_USERS\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{06E58E5E-F8CB-4049-991E-A41C03BD419E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Registry value HKEY_USERS\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleUpdate not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx\\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Google Sidewiki...\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{06E58E5E-F8CB-4049-991E-A41C03BD419E}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\Windows\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ not found.
Registry key HKEY_USERS\S-1-5-21-842962935-2745682638-1565733781-1000\Software\Microsoft\Internet Explorer\SearchScopes\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8214ADD5-AD05-4B67-BD93-C3BB6003BCCF}\ not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Kim\Desktop\cmd.bat deleted successfully.
C:\Users\Kim\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Kim
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Kim
->Flash cache emptied: 470 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 11082012_050229

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:47 PM

Posted 10 November 2012 - 02:13 AM

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

NOTE** Because of the cleanup process some of the programs I have listed may not be in add/remove anymore this is fine just move to the next item on the list.

You can remove these programs using add/remove or you can use the free uninstaller from Revo (it does allot better of a job

Programs to remove

Adobe Reader X (10.1.0)
Ask Toolbar
Coupon Printer for Windows
CouponBar
Fast Browser Search (My Web Tattoo)
Java™ 6 Update 23
Java™ 6 Update 7
Search Guard Plus (My Web Tattoo)
Search Guard Plus Updater (My Web Tattoo)
[/list]


  • Please download and install Revo Uninstaller Free
  • Double click Revo Uninstaller to run it.
  • From the list of programs double click on The Program to remove
  • When prompted if you want to uninstall click Yes.
  • Be sure the Moderate option is selected then click Next.
  • The program will run, If prompted again click Yes
  • when the built-in uninstaller is finished click on Next.
  • Once the program has searched for leftovers click Next.
  • Check/tick the bolded items only on the list then click Delete
  • when prompted click on Yes and then on next.
  • put a check on any folders that are found and select delete
  • when prompted select yes then on next
  • Once done click Finish.
.

Update Adobe Reader

Recently there have been vulnerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be careful not to install anything to do with AskBar.
[/list]
Install Java:

Please go here to install Java

  • click on the Free Java Download Button
  • click on Agree and start Free download
  • click on Run
  • click on run again
  • click on install
  • when install is complete click on close

Clean Out Temp Files

  • This small application you may want to keep and use once a week to keep the computer clean.

    Download CCleaner from here http://www.ccleaner.com/

  • Run the installer to install the application.
  • When it gives you the option to install Yahoo toolbar uncheck the box next to it.
  • Run CCleaner. (make sure under Windows tab all the boxes of Internet Explorer and Windows explorer are checked. Under System check Empty Recycle Bin and Temporary Files. Under Application tab all the boxes should be checked).
  • Click Run Cleaner.
  • Close CCleaner.


: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

If you have any problems running Hijackthis see NOTE** below (Host file not read, blank notepad ...)

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.


NOTE**
sometimes we have to run it like this To run HijackThis as an administrator, right-click HijackThis.exe
(located: C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe)<--32bit
(located: C:\Program Files(86)\Trend Micro\HiJackThis\HiJackThis.exe)<--64bit
and select to run as administrator

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Reko23

Reko23
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:47 PM

Posted 10 November 2012 - 01:29 PM

I uninstalled the programs listed... and a few others as long as I was at it like the extra toolbars and such.

When I was uninstalling, it tried to create a restore point... error... it said it could not create a restore point in safe mode. Basically, restore does not work, even the points listed do not work, as I noted at the beginning.

Also, I could not install Adobe or Java, it says not enough disk space.

Still getting 8E stop error.

Still can only log on in safe mode.

Here are the 2 Malwarebytes logs... I ran it three times... the third detected nothing, the first two found infections.

Also attached is the Hijackthis log:


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Kim :: KIM-PC [administrator]

11/8/2012 6:07:43 AM
mbam-log-2012-11-08 (06-07-43).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211764
Time elapsed: 5 minute(s), 8 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


...and...


Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.10.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Kim :: KIM-PC [administrator]

11/8/2012 7:55:52 AM
mbam-log-2012-11-08 (07-55-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211807
Time elapsed: 4 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 14
HKCR\Typelib\{B035BA6B-57CD-4F72-B545-65BE465FCAF6} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Typelib\{D44FD6F0-9746-484E-B5C4-C66688393872} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\Interface\{0EB3F101-224A-4B2B-9E5B-DF720857529C} (Adware.ShoppingReport2) -> Quarantined and deleted successfully.
HKCR\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbAx.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.HbInfoBand.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButton.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.IEButtonA.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKCR\ShoppingReport2.RprtCtrl.1 (Adware.ShopperReports) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\Kim\Downloads\nuancepdf_d165400.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully.

(end)


Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 4:23:00 AM, on 11/8/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Windows\helppane.exe
C:\Users\Kim\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/?ilc=1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {01489D7E-69A5-4740-9F0E-F66D246E1F8d} - C:\Windows\system32\wscui32.dll (file missing)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Kim\AppData\Local\Temp\low\COUPON~1.DLL (file missing)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\IPSBHO.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O2 - BHO: DCA - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (file missing)
O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (file missing)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing)
O2 - BHO: ToolHelper - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing)
O2 - BHO: (no name) - {F0626A63-410B-45E2-99A1-3F2475B2D695} - (no file)
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll (file missing)
O3 - Toolbar: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing)
O3 - Toolbar: The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\System32\TwcToolbarIe7.dll (file missing)
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (file missing)
O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Kim\AppData\Local\Temp\low\CouponsBar.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\Windows\system32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [lxdqmon.exe] "C:\Program Files\Lexmark Z2400 Series\lxdqmon.exe"
O4 - HKLM\..\Run: [lxdqamon] "C:\Program Files\Lexmark Z2400 Series\lxdqamon.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [GoogleUpdate] C:\Users\Kim\AppData\Local\Google\GoogleUpdate\Googleupdt32.exe (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (file missing)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: symres - {AA1061FE-6C41-421F-9344-69640C9732AB} - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\coIEPlg.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate1ca2cc0c81ab950) (gupdate1ca2cc0c81ab950) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Kodak AiO Device Service (KodakSvc) - Eastman Kodak Company - C:\Program Files\Kodak\printer\center\KodakSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxdqCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\W32X86\3\\lxdqserv.exe
O23 - Service: lxdq_device - - C:\Windows\system32\lxdqcoms.exe
O23 - Service: Norton Internet Security - Symantec Corporation - C:\Program Files\Norton Internet Security\Engine\16.8.0.41\ccSvcHst.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10325 bytes




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users