Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Home page redirected to a "DoSearch.com" page when IE opened


  • Please log in to reply
4 replies to this topic

#1 Jingoist

Jingoist

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 08 November 2013 - 03:36 PM

Home page redirected to dosearch.com and since that started happening I'm getting a bunch of pop-ups and ads telling me my browser needs to be updated for security reasons. I removed dosearch.com from my list of home pages in internet options but it still comes up when first going online. I have found info about it online but they are mostly web pages that offer a bunch of costly removal tools which makes me wonder if they are in on it.

 

I greatly appreciate your help. Below is the DDS.txt file and I have attached the ATTACH.txt file.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Jason at 12:02:12 on 2013-11-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3686.2056 [GMT -8:00]
.
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe
C:\windows\system32\atieclxx.exe
C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\windows\system32\CxAudMsg64.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\USB Camera\VM331_STI.EXE
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\windows\system32\taskhost.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\conhost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uDefault_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954
mStart Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954
mSearch Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954&type=default&q={searchTerms}
mDefault_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954
mDefault_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954&type=default&q={searchTerms}
mWinlogon: Userinit = userinit.exe
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\ipsbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: WordOv: {B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [AppEx Accelerator UI] C:\Program Files\AMD Quick Stream\AppexAcceleratorUI.exe -h
uRun: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "C:\Users\Jason\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Jason\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
mRun: [331BigDog] C:\Program Files (x86)\USB Camera\VM331_STI.EXE
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [UpdateP2GShortCut] "C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Lenovo\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\5.0"
mRun: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{3ED4043F-3CFC-47B0-8AA6-01EA856F14F9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{3ED4043F-3CFC-47B0-8AA6-01EA856F14F9}\2375942554335393 : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{3ED4043F-3CFC-47B0-8AA6-01EA856F14F9}\A43564143464 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6149C3FC-E876-4012-BA07-C0F770877633} : DHCPNameServer = 209.18.47.61 209.18.47.62
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
LSA: Notification Packages =  scecli EgisPwdFilter EgisDSPwdFilter EgisPLPwdFilter
mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954
x64-mSearch Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954&type=default&q={searchTerms}
x64-mDefault_Page_URL = hxxp://www.dosearches.com/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=hp&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954
x64-mDefault_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=amt&utm_campaign=rg&utm_content=ds&from=amt&uid=WDCXWD3200BPVT-24JJ5T0_WD-WX11E81N3011N3011&ts=1383811954&type=default&q={searchTerms}
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: EgisPBIE Class: {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
x64-Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\windows\System32\unregmp2.exe /ShowWMP
x64-mASetup: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - C:\windows\System32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI
x64-mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\windows\System32\Rundll32.exe C:\windows\System32\mscories.dll,Install
.
============= SERVICES / DRIVERS ===============
.
R0 amdsata;amdsata;C:\windows\System32\drivers\amdsata.sys [2011-6-6 73784]
R0 amdxata;amdxata;C:\windows\System32\drivers\amdxata.sys [2011-6-6 28728]
R0 CLFS;Common Log (CLFS);C:\windows\System32\clfs.sys [2009-7-13 367696]
R0 CNG;CNG;C:\windows\System32\drivers\cng.sys [2012-7-10 458704]
R0 fbfmon;fbfmon;C:\windows\System32\drivers\fbfmon.sys [2011-12-21 57952]
R0 FileInfo;File Information FS MiniFilter;C:\windows\System32\drivers\fileinfo.sys [2009-7-13 70224]
R0 fvevol;Bitlocker Drive Encryption Filter Driver;C:\windows\System32\drivers\fvevol.sys [2013-4-10 223752]
R0 hwpolicy;Hardware Policy Driver;C:\windows\System32\drivers\hwpolicy.sys [2010-11-20 14720]
R0 KSecPkg;KSecPkg;C:\windows\System32\drivers\ksecpkg.sys [2012-7-10 151920]
R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2011-12-21 39008]
R0 msahci;msahci;C:\windows\System32\drivers\msahci.sys [2010-11-20 31104]
R0 msisadrv;msisadrv;C:\windows\System32\drivers\msisadrv.sys [2009-7-13 15424]
R0 pcw;Performance Counters for Windows Driver;C:\windows\System32\drivers\pcw.sys [2009-7-13 50768]
R0 rdyboost;ReadyBoost;C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 spldr;Security Processor Loader Driver;C:\windows\System32\drivers\spldr.sys [2009-7-13 19008]
R0 SymDS;Symantec Data Store;C:\windows\System32\drivers\N360x64\1404000.028\SymDS64.sys [2013-7-11 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\windows\System32\drivers\N360x64\1404000.028\SymEFA64.sys [2013-7-11 1139800]
R0 vdrvroot;Microsoft Virtual Drive Enumerator Driver;C:\windows\System32\drivers\vdrvroot.sys [2009-7-13 36432]
R0 volmgr;Volume Manager Driver;C:\windows\System32\drivers\volmgr.sys [2010-11-20 71552]
R0 volmgrx;Dynamic Volume Manager;C:\windows\System32\drivers\volmgrx.sys [2010-11-20 363392]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\BASHDefs\20131101.003\BHDrvx64.sys [2013-11-7 1524824]
R1 blbdrive;blbdrive;C:\windows\System32\drivers\blbdrive.sys [2009-7-13 45056]
R1 BPntDrv;BPntDrv;C:\windows\System32\drivers\BPntDrv.sys [2011-12-21 13408]
R1 ccSet_MCLIENT;Norton Management Settings Manager;C:\windows\System32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys [2013-11-7 168096]
R1 ccSet_N360;Norton 360 Settings Manager;C:\windows\System32\drivers\N360x64\1404000.028\ccSetx64.sys [2013-7-11 169048]
R1 ctxusbm;Citrix USB Monitor Driver;C:\windows\System32\drivers\ctxusbm.sys [2009-9-8 87600]
R1 DfsC;DFS Namespace Client Driver;C:\windows\System32\drivers\dfsc.sys [2010-11-20 102400]
R1 discache;System Attribute Cache;C:\windows\System32\drivers\discache.sys [2009-7-13 40448]
R1 EgisTecFF;EgisTecFF;C:\windows\System32\drivers\EgisTecFF.sys [2011-12-21 55880]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\IPSDefs\20131107.001\IDSviA64.sys [2013-11-7 521816]
R1 mwlPSDFilter;mwlPSDFilter;C:\windows\System32\drivers\mwlPSDFilter.sys [2011-12-21 22912]
R1 mwlPSDNServ;mwlPSDNServ;C:\windows\System32\drivers\mwlPSDNserv.sys [2011-12-21 20328]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\windows\System32\drivers\mwlPSDVDisk.sys [2011-12-21 62584]
R1 nsiproxy;NSI proxy service driver.;C:\windows\System32\drivers\nsiproxy.sys [2009-7-13 24576]
R1 RDPENCDD;RDP Encoder Mirror Driver;C:\windows\System32\drivers\RDPENCDD.sys [2009-7-13 7680]
R1 RDPREFMP;Reflector Display Driver used to gain access to graphics data;C:\windows\System32\drivers\RDPREFMP.sys [2009-7-13 8192]
R1 SymIRON;Symantec Iron Driver;C:\windows\System32\drivers\N360x64\1404000.028\Ironx64.sys [2013-7-11 224416]
R1 SymNetS;Symantec Network Security WFP Driver;C:\windows\System32\drivers\N360x64\1404000.028\symnets.sys [2013-7-11 433752]
R1 tdx;NetIO Legacy TDI Support Driver;C:\windows\System32\drivers\tdx.sys [2010-11-20 119296]
R1 Wanarpv6;Remote Access IPv6 ARP Driver;C:\windows\System32\drivers\wanarp.sys [2010-11-20 88576]
R1 WfpLwf;WFP Lightweight Filter;C:\windows\System32\drivers\wfplwf.sys [2009-7-13 12800]
R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 240640]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-12-19 361984]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\drivers\appexDrv.sys [2013-1-16 202592]
R2 AudioEndpointBuilder;Windows Audio Endpoint Builder;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 BFE;Base Filtering Engine;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 CxAudMsg;Conexant Audio Message Service;C:\windows\System32\CxAudMsg64.exe [2011-12-21 198784]
R2 DPS;Diagnostic Policy Service;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 EgisTec Service Help;EgisTec Service Help;C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]
R2 EgisTec Service;EgisTec Service;C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]
R2 EgisTec Ticket Service;EgisTec Ticket Service;C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]
R2 fdPHost;Function Discovery Provider Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 FDResPub;Function Discovery Resource Publication;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
R2 FontCache;Windows Font Cache Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-7-22 219480]
R2 gpsvc;Group Policy Client;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 HomeGroupProvider;HomeGroup Provider;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
R2 IKEEXT;IKE and AuthIP IPsec Keying Modules;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 iphlpsvc;IP Helper;C:\windows\System32\svchost.exe -k NetSvcs [2009-7-13 27136]
R2 lltdio;Link-Layer Topology Discovery Mapper I/O Driver;C:\windows\System32\drivers\lltdio.sys [2009-7-13 60928]
R2 luafv;UAC File Virtualization;C:\windows\System32\drivers\luafv.sys [2009-7-13 113152]
R2 MCLIENT;Norton Management;C:\Program Files (x86)\Norton Management\Engine\3.2.0.19\ccSvcHst.exe [2013-11-7 143928]
R2 MpsSvc;Windows Firewall;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe [2013-7-11 144368]
R2 netprofm;Network List Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 NlaSvc;Network Location Awareness;C:\windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
R2 nsi;Network Store Interface Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
R2 PcaSvc;Program Compatibility Assistant Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 PEAUTH;PEAUTH;C:\windows\System32\drivers\PEAuth.sys [2009-7-13 651264]
R2 Power;Power;C:\windows\System32\svchost.exe -k DcomLaunch [2009-7-13 27136]
R2 ProfSvc;User Profile Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R2 RpcEptMapper;RPC Endpoint Mapper;C:\windows\System32\svchost.exe -k RPCSS [2009-7-13 27136]
R2 SysMain;Superfetch;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 tcpipreg;TCP/IP Registry Compatibility;C:\windows\System32\drivers\tcpipreg.sys [2012-11-15 45568]
R2 UxSms;Desktop Window Manager Session Manager;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R2 VaultSvc;Credential Manager;C:\windows\System32\lsass.exe [2012-1-25 31232]
R2 Wlansvc;WLAN AutoConfig;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]
R3 Appinfo;Application Information;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]
R3 bowser;Browser Support Driver;C:\windows\System32\drivers\bowser.sys [2012-1-23 90624]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\windows\System32\drivers\clwvd.sys [2011-1-28 31088]
R3 CompositeBus;Composite Bus Enumerator Driver;C:\windows\System32\drivers\CompositeBus.sys [2010-11-20 38912]
R3 DXGKrnl;LDDM Graphics Subsystem;C:\windows\System32\drivers\dxgkrnl.sys [2013-10-8 983488]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-8-30 140376]
R3 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);C:\windows\System32\drivers\FPSensor.sys [2011-4-21 36656]
R3 KeyIso;CNG Key Isolation;C:\windows\System32\lsass.exe [2012-1-25 31232]
R3 monitor;Microsoft Monitor Class Function Driver Service;C:\windows\System32\drivers\monitor.sys [2009-7-13 30208]
R3 mpsdrv;Windows Firewall Authorization Driver;C:\windows\System32\drivers\mpsdrv.sys [2009-7-13 77312]
R3 mrxsmb10;SMB 1.x MiniRedirector;C:\windows\System32\drivers\mrxsmb10.sys [2012-1-23 288768]
R3 mrxsmb20;SMB 2.0 MiniRedirector;C:\windows\System32\drivers\mrxsmb20.sys [2011-12-22 128000]
R3 NativeWifiP;NativeWiFi Filter;C:\windows\System32\drivers\nwifi.sys [2009-7-13 318976]
R3 NAVENG;NAVENG;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131107.032\eng64.sys [2013-11-8 126040]
R3 NAVEX15;NAVEX15;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.4.0.40\Definitions\VirusDefs\20131107.032\ex64.sys [2013-11-8 2099288]
R3 Point64;Microsoft IntelliPoint Filter Driver;C:\windows\System32\drivers\point64.sys [2011-8-1 45416]
R3 RasAgileVpn;WAN Miniport (IKEv2);C:\windows\System32\drivers\agilevpn.sys [2009-7-13 60416]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]
R3 srv2;Server SMB 2.xxx Driver;C:\windows\System32\drivers\srv2.sys [2011-12-22 410112]
R3 srvnet;srvnet;C:\windows\System32\drivers\srvnet.sys [2011-12-22 168448]
R3 tunnel;Microsoft Tunnel Miniport Adapter Driver;C:\windows\System32\drivers\tunnel.sys [2010-11-20 125440]
R3 umbus;UMBus Enumerator Driver;C:\windows\System32\drivers\umbus.sys [2010-11-20 48640]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2011-12-21 47232]
R3 vm331avs;Digital Camera 1;C:\windows\System32\drivers\vm331avs.sys [2011-12-21 250752]
R3 vmuvcflt;Vimicro USB Camera Filter;C:\windows\System32\drivers\vmuvcflt.sys [2011-12-21 8320]
R3 vwifibus;Virtual WiFi Bus Driver;C:\windows\System32\drivers\vwifibus.sys [2009-7-13 24576]
R3 WdiServiceHost;Diagnostic Service Host;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MMCSS;Multimedia Class Scheduler;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]
S2 sppsvc;Software Protection;C:\windows\System32\sppsvc.exe [2010-11-20 3524608]
S3 1394ohci;1394 OHCI Compliant Host Controller;C:\windows\System32\drivers\1394ohci.sys [2010-11-20 229888]
S3 AcpiPmi;ACPI Power Meter Driver;C:\windows\System32\drivers\acpipmi.sys [2010-11-20 12800]
S3 adp94xx;adp94xx;C:\windows\System32\drivers\adp94xx.sys [2009-6-10 491088]
S3 adpahci;adpahci;C:\windows\System32\drivers\adpahci.sys [2009-7-13 339536]
S3 amdiox64;AMD IO Driver;C:\windows\System32\drivers\amdiox64.sys [2013-1-10 46136]
S3 amdsbs;amdsbs;C:\windows\System32\drivers\amdsbs.sys [2009-6-10 194128]
S3 AppID;AppID Driver;C:\windows\System32\drivers\appid.sys [2010-11-20 61440]
S3 AppIDSvc;Application Identity;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 arcsas;arcsas;C:\windows\System32\drivers\arcsas.sys [2009-7-13 97856]
S3 AxInstSV;ActiveX Installer (AxInstSV);C:\windows\System32\svchost.exe -k AxInstSVGroup [2009-7-13 27136]
S3 b06bdrv;Broadcom NetXtreme II VBD;C:\windows\System32\drivers\bxvbda.sys [2009-6-10 468480]
S3 b57nd60a;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;C:\windows\System32\drivers\b57nd60a.sys [2009-6-10 270848]
S3 BDESVC;BitLocker Drive Encryption Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 BrFiltLo;Brother USB Mass-Storage Lower Filter Driver;C:\windows\System32\drivers\BrFiltLo.sys [2009-7-13 18432]
S3 BrFiltUp;Brother USB Mass-Storage Upper Filter Driver;C:\windows\System32\drivers\BrFiltUp.sys [2009-7-13 8704]
S3 Brserid;Brother MFC Serial Port Interface Driver (WDM);C:\windows\System32\drivers\BrSerId.sys [2009-7-13 286720]
S3 BrSerWdm;Brother WDM Serial driver;C:\windows\System32\drivers\BrSerWdm.sys [2009-7-13 47104]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;C:\windows\System32\drivers\BrUsbMdm.sys [2009-7-13 14976]
S3 CertPropSvc;Certificate Propagation;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 circlass;Consumer IR Devices;C:\windows\System32\drivers\circlass.sys [2009-7-13 45568]
S3 defragsvc;Disk Defragmenter;C:\windows\System32\svchost.exe -k defragsvc [2009-7-13 27136]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 ebdrv;Broadcom NetXtreme II 10 GigE VBD;C:\windows\System32\drivers\evbda.sys [2009-6-10 3286016]
S3 elxstor;elxstor;C:\windows\System32\drivers\elxstor.sys [2009-6-10 530496]
S3 Filetrace;Filetrace;C:\windows\System32\drivers\filetrace.sys [2009-7-13 34304]
S3 FsDepends;File System Dependency Minifilter;C:\windows\System32\drivers\fsdepends.sys [2009-7-13 55376]
S3 hcw85cir;Hauppauge Consumer Infrared Receiver;C:\windows\System32\drivers\hcw85cir.sys [2009-7-13 31232]
S3 HpSAMD;HpSAMD;C:\windows\System32\drivers\HpSAMD.sys [2010-11-20 78720]
S3 iaStorV;iaStorV;C:\windows\System32\drivers\iaStorV.sys [2011-12-22 410496]
S3 IPBusEnum;PnP-X IP Bus Enumerator;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 IPMIDRV;IPMIDRV;C:\windows\System32\drivers\IPMIDrv.sys [2010-11-20 78848]
S3 iScsiPrt;iScsiPort Driver;C:\windows\System32\drivers\msiscsi.sys [2010-11-20 273792]
S3 KtmRm;KtmRm for Distributed Transaction Coordinator;C:\windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation [2009-7-13 27136]
S3 lltdsvc;Link-Layer Topology Discovery Mapper;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 LSI_FC;LSI_FC;C:\windows\System32\drivers\lsi_fc.sys [2009-7-13 114752]
S3 LSI_SAS;LSI_SAS;C:\windows\System32\drivers\lsi_sas.sys [2009-7-13 106560]
S3 LSI_SAS2;LSI_SAS2;C:\windows\System32\drivers\lsi_sas2.sys [2009-7-13 65600]
S3 LSI_SCSI;LSI_SCSI;C:\windows\System32\drivers\lsi_scsi.sys [2009-7-13 115776]
S3 megasas;megasas;C:\windows\System32\drivers\megasas.sys [2009-6-10 35392]
S3 mpio;mpio;C:\windows\System32\drivers\mpio.sys [2010-11-20 155008]
S3 msdsm;msdsm;C:\windows\System32\drivers\msdsm.sys [2010-11-20 140672]
S3 mshidkmdf;Pass-through HID to KMDF Filter Driver;C:\windows\System32\drivers\mshidkmdf.sys [2009-7-13 8192]
S3 MSiSCSI;Microsoft iSCSI Initiator Service;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 MsRPC;MsRPC;C:\windows\System32\drivers\msrpc.sys [2010-11-20 366976]
S3 MTConfig;Microsoft Input Configuration Driver;C:\windows\System32\drivers\MTConfig.sys [2009-7-13 15360]
S3 NdisCap;NDIS Capture LightWeight Filter;C:\windows\System32\drivers\ndiscap.sys [2009-7-13 35328]
S3 nfrd960;nfrd960;C:\windows\System32\drivers\nfrd960.sys [2009-7-13 51264]
S3 nvstor;nvstor;C:\windows\System32\drivers\nvstor.sys [2011-12-22 166272]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2009-7-13 20992]
S3 pla;Performance Logs & Alerts;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S3 PNRPAutoReg;PNRP Machine Name Publication Service;C:\windows\System32\svchost.exe -k LocalServicePeerNet [2009-7-13 27136]
S3 ql2300;ql2300;C:\windows\System32\drivers\ql2300.sys [2009-6-10 1524816]
S3 ql40xx;ql40xx;C:\windows\System32\drivers\ql40xx.sys [2009-7-13 128592]
S3 rdpbus;Remote Desktop Device Redirector Bus Driver;C:\windows\System32\drivers\rdpbus.sys [2009-7-13 24064]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-12-21 307304]
S3 scfilter;Smart card PnP Class Filter Driver;C:\windows\System32\drivers\scfilter.sys [2010-11-20 29696]
S3 SCPolicySvc;Smart Card Removal Policy;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 SDRSVC;Windows Backup;C:\windows\System32\svchost.exe -k SDRSVC [2009-7-13 27136]
S3 SensrSvc;Adaptive Brightness;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 SessionEnv;Remote Desktop Configuration;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 sffp_mmc;SFF Storage Protocol Driver for MMC;C:\windows\System32\drivers\sffp_mmc.sys [2009-7-13 13824]
S3 SiSRaid4;SiSRaid4;C:\windows\System32\drivers\sisraid4.sys [2009-7-13 80464]
S3 Smb;Message-oriented TCP/IP and TCP/IPv6 Protocol (SMB session);C:\windows\System32\drivers\smb.sys [2009-7-13 93184]
S3 sppuinotify;SPP Notification Service;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 stexstor;stexstor;C:\windows\System32\drivers\stexstor.sys [2009-7-13 24656]
S3 TabletInputService;Tablet PC Input Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TBS;TPM Base Services;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 THREADORDER;Thread Ordering Server;C:\windows\System32\svchost.exe -k LocalService [2009-7-13 27136]
S3 TrustedInstaller;Windows Modules Installer;C:\Windows\servicing\TrustedInstaller.exe [2010-11-20 194048]
S3 tssecsrv;Remote Desktop Services Security Filter Driver;C:\windows\System32\drivers\tssecsrv.sys [2013-8-14 39936]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 UI0Detect;Interactive Services Detection;C:\windows\System32\UI0Detect.exe [2009-7-13 40960]
S3 uliagpkx;Uli AGP Bus Filter;C:\windows\System32\drivers\ULIAGPKX.SYS [2009-7-13 64592]
S3 usbcir;eHome Infrared Receiver (USBCIR);C:\windows\System32\drivers\usbcir.sys [2013-10-8 100864]
S3 vhdmp;vhdmp;C:\windows\System32\drivers\vhdmp.sys [2010-11-20 215936]
S3 vsmraid;vsmraid;C:\windows\System32\drivers\vsmraid.sys [2009-6-10 161872]
S3 WacomPen;Wacom Serial Pen HID Driver;C:\windows\System32\drivers\wacompen.sys [2009-7-13 27776]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2012-1-25 1255736]
S3 wbengine;Block Level Backup Engine Service;C:\windows\System32\wbengine.exe [2010-11-20 1504256]
S3 WbioSrvc;Windows Biometric Service;C:\windows\System32\svchost.exe -k WbioSvcGroup [2009-7-13 27136]
S3 wcncsvc;Windows Connect Now - Config Registrar;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S3 WcsPlugInService;Windows Color System;C:\windows\System32\svchost.exe -k wcssvc [2009-7-13 27136]
S3 Wd;Wd;C:\windows\System32\drivers\wd.sys [2009-7-13 21056]
S3 WdiSystemHost;Diagnostic System Host;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 Wecsvc;Windows Event Collector;C:\windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 wercplsupport;Problem Reports and Solutions Control Panel Support;C:\windows\System32\svchost.exe -k netsvcs [2009-7-13 27136]
S3 WerSvc;Windows Error Reporting Service;C:\windows\System32\svchost.exe -k WerSvcGroup [2009-7-13 27136]
S3 WIMMount;WIMMount;C:\windows\System32\drivers\wimmount.sys [2009-7-13 22096]
S3 WinDefend;Windows Defender;C:\windows\System32\svchost.exe -k secsvcs [2009-7-13 27136]
S3 WinRM;Windows Remote Management (WS-Management);C:\windows\System32\svchost.exe -k NetworkService [2009-7-13 27136]
S3 WPCSvc;Parental Controls;C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted [2009-7-13 27136]
S3 WPDBusEnum;Portable Device Enumerator Service;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]
S3 WwanSvc;WWAN AutoConfig;C:\windows\System32\svchost.exe -k LocalServiceNoNetwork [2009-7-13 27136]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-7-13 89920]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S4 HomeGroupListener;HomeGroup Listener;C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S4 Mcx2Svc;Media Center Extender Service;C:\windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2009-7-13 27136]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-07 23:40:12 168096 ----a-r- C:\windows\System32\drivers\MCLIENTx64\0302000.013\ccSetx64.sys
2013-11-07 23:40:05 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64\0302000.013
2013-11-07 23:40:05 -------- d-----w- C:\windows\System32\drivers\MCLIENTx64
2013-11-07 23:40:05 -------- d-----w- C:\Program Files (x86)\Norton Management
2013-11-07 08:16:16 -------- d-----w- C:\Users\Jason\AppData\Local\WordOv
2013-11-07 08:15:11 -------- d-----w- C:\ProgramData\eSafe
2013-11-07 08:15:11 -------- d-----w- C:\ProgramData\eSafe
2013-11-07 08:11:23 -------- d-----w- C:\Users\Jason\AppData\Roaming\ExpressFiles
2013-11-07 08:11:23 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2013-11-05 10:00:50 -------- d-----w- C:\ProgramData\Stardock
2013-11-05 10:00:50 -------- d-----w- C:\ProgramData\Stardock
2013-11-05 10:00:50 -------- d-----w- C:\ProgramData\Ironclad Games
2013-11-05 10:00:50 -------- d-----w- C:\ProgramData\Ironclad Games
2013-10-30 08:03:49 -------- d-----w- C:\ProgramData\Oracle
2013-10-30 08:03:49 -------- d-----w- C:\ProgramData\Oracle
2013-10-30 08:02:44 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
.
==================== Find3M  ====================
.
2013-10-09 01:33:23 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 01:33:23 692616 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-09-22 23:28:06 1767936 ----a-w- C:\windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\windows\SysWow64\iesysprep.dll
2013-09-22 22:55:10 2241024 ----a-w- C:\windows\System32\wininet.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2013-09-21 03:30:24 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\windows\SysWow64\mswsock.dll
2013-09-04 12:12:11 343040 ----a-w- C:\windows\System32\drivers\usbhub.sys
2013-09-04 12:11:51 325120 ----a-w- C:\windows\System32\drivers\usbport.sys
2013-09-04 12:11:49 99840 ----a-w- C:\windows\System32\drivers\usbccgp.sys
2013-09-04 12:11:43 52736 ----a-w- C:\windows\System32\drivers\usbehci.sys
2013-09-04 12:11:43 30720 ----a-w- C:\windows\System32\drivers\usbuhci.sys
2013-09-04 12:11:42 25600 ----a-w- C:\windows\System32\drivers\usbohci.sys
2013-09-04 12:11:40 7808 ----a-w- C:\windows\System32\drivers\usbd.sys
2013-08-29 02:17:48 5549504 ----a-w- C:\windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\windows\System32\scavengeui.dll
.
============= FINISH: 12:03:20.11 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:16 AM

Posted 08 November 2013 - 05:22 PM

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Re run DDS and post the new report.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 Jingoist

Jingoist
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 12 November 2013 - 04:32 PM

Thank you for your help. I ran the three tools as you instructed, here are the reports. When I last opened IE it did not redirect to DOSearches.com, so it seems to have been fixed....so far.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Jason on Tue 11/12/2013 at 12:00:12.18
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL

 

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_directx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_directx_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_directx_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_directx_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}

 

~~~ Files

Successfully deleted: [File] "C:\users\default user\start menu\programs\startup\best buy pc app.lnk"
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk
Successfully disinfected: [Shortcut] C:\Users\Jason\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

 

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\best buy pc app"
Successfully deleted: [Folder] "C:\ProgramData\esafe"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\Users\Jason\appdata\local\best buy pc app"

 

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/12/2013 at 12:21:46.56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

# AdwCleaner v3.012 - Report created 12/11/2013 at 12:42:16
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jason - JASON-LAPTOP-PC
# Running from : C:\Users\Jason\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Users\Jason\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
File Deleted : C:\windows\System32\Tasks\Express FilesUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\InstalledThirdPartyPrograms
Key Deleted : HKLM\Software\dosearchessoftware
Key Deleted : HKLM\Software\ExpressFiles
Key Deleted : [x64] HKLM\SOFTWARE\InstalledThirdPartyPrograms

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Jason\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : search_url
Deleted : keyword

*************************

AdwCleaner[R0].txt - [4279 octets] - [12/11/2013 12:40:20]
AdwCleaner[S0].txt - [2809 octets] - [12/11/2013 12:42:16]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2869 octets] ##########

 

 

 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.11.12.13

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Jason :: JASON-LAPTOP-PC [administrator]

11/12/2013 1:01:27 PM
mbam-log-2013-11-12 (13-01-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 228372
Time elapsed: 8 minute(s), 29 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,812 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:01:16 AM

Posted 12 November 2013 - 06:21 PM

Congratulations.

 

Run AdwCleaner and uninstall.

 

Except for Malwarebytes Antimalware, manually remove any other tool used.

 

Here are some suggestions.
 

  • Always keep your JAVA updated. Older versions will make your computer vulnerable.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft.  To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article    by Miekiemoes.

Best wishes! :hello:
 


Edited by JSntgRvr, 12 November 2013 - 06:21 PM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 Jingoist

Jingoist
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 12 November 2013 - 07:33 PM

Thank you sir!






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users