Eth0s

Members
  • Content count

    13
  • Joined

  • Last visited

About Eth0s

  • Rank
    New Member
  1. Here are the plug-ins Plug-ins (16) Details Flash (3 files) - Version: 11.3.31.227 Shockwave Flash 11.3 r31 Name: Shockwave Flash Description: Shockwave Flash 11.3 r31 Version: 11.3.31.227 Location: C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.79\PepperFlash\pepflashplayer.dll Type: PPAPI (out-of-process) Disable MIME types: MIME type Description File extensions application/x-shockwave-flash Shockwave Flash .swf application/futuresplash FutureSplash Player .spl Name: Shockwave Flash Description: Shockwave Flash 11.3 r300 Version: 11,3,300,271 Location: C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.79\gcswf32.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-shockwave-flash Adobe Flash movie .swf application/futuresplash FutureSplash movie .spl Name: Shockwave Flash Description: Shockwave Flash 11.3 r300 Version: 11,3,300,270 Location: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-shockwave-flash Adobe Flash movie .swf application/futuresplash FutureSplash movie .spl Disable Always allowed Remoting Viewer Name: Remoting Viewer Version: Location: internal-remoting-viewer Type: PPAPI (in-process) Disable MIME types: MIME type Description File extensions application/vnd.chromium.remoting-viewer . Disable Always allowed Native Client Name: Native Client Version: Location: C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.79\ppGoogleNaClPluginChrome.dll Type: PPAPI (in-process) Disable MIME types: MIME type Description File extensions application/x-nacl Native Client Executable .nexe Disable Always allowed Chrome PDF Viewer Name: Chrome PDF Viewer Version: Location: C:\Users\Administrator\AppData\Local\Google\Chrome\Application\21.0.1180.79\pdf.dll Type: PPAPI (in-process) Disable MIME types: MIME type Description File extensions application/pdf Portable Document Format .pdf application/x-google-chrome-print-preview-pdf Portable Document Format .pdf Disable Always allowed Skype Click to Call - Version: 6.1.0.10441 Skype Click to Call for Chrome Name: Skype Click to Call Description: Skype Click to Call for Chrome Version: 6.1.0.10441 Location: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.1.0.10441_0\npSkypeChromePlugin.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-vnd.skype.click2call.chrome.5.7.0 Skype Click to Call Disable Always allowed Adobe Acrobat - Version: 10.1.3.23 Adobe PDF Plug-In For Firefox and Netscape 10.1.3 Name: Adobe Acrobat Description: Adobe PDF Plug-In For Firefox and Netscape 10.1.3 Version: 10.1.3.23 Location: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/pdf Acrobat Portable Document Format .pdf application/vnd.adobe.pdfxml Adobe PDF in XML Format .pdfxml application/vnd.adobe.x-mars Adobe PDF in XML Format .mars application/vnd.fdf Acrobat Forms Data Format .fdf application/vnd.adobe.xfdf XML Version of Acrobat Forms Data Format .xfdf application/vnd.adobe.xdp+xml Acrobat XML Data Package .xdp application/vnd.adobe.xfd+xml Adobe FormFlow99 Data File .xfd Disable Always allowed QuickTime (7 files) - Version: 7.6.9 (1680.9) The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/sdp SDP stream descriptor .sdp application/x-sdp SDP stream descriptor .sdp application/x-rtsp RTSP stream descriptor .rtsp .rts video/quicktime QuickTime Movie .mov .qt .mqv video/flc AutoDesk Animator (FLC) .flc .fli .cel audio/x-wav WAVE audio .wav .bwf audio/wav WAVE audio .wav .bwf Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll Type: NPAPI Disable MIME types: MIME type Description File extensions audio/aiff AIFF audio .aiff .aif .aifc .cdda audio/x-aiff AIFF audio .aiff .aif .aifc .cdda audio/basic uLaw/AU audio .au .snd .ulw audio/mid MIDI .mid .midi .smf .kar audio/x-midi MIDI .mid .midi .smf .kar audio/midi MIDI .mid .midi .smf .kar audio/vnd.qcelp QUALCOMM PureVoice audio .qcp Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll Type: NPAPI Disable MIME types: MIME type Description File extensions audio/x-gsm GSM audio .gsm audio/amr AMR audio .AMR audio/aac AAC audio .aac .adts audio/x-aac AAC audio .aac .adts audio/x-caf CAF audio .caf audio/ac3 AC3 audio .ac3 audio/x-ac3 AC3 audio .ac3 video/x-mpeg MPEG media .mpeg .mpg .m1s .m1v .m1a .m75 .m15 .mp2 .mpm .mpv .mpa Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll Type: NPAPI Disable MIME types: MIME type Description File extensions video/mpeg MPEG media .mpeg .mpg .m1s .m1v .m1a .m75 .m15 .mp2 .mpm .mpv .mpa audio/mpeg MPEG audio .mpeg .mpg .m1s .m1a .mp2 .mpm .mpa .m2a audio/x-mpeg MPEG audio .mpeg .mpg .m1s .m1a .mp2 .mpm .mpa .m2a video/3gpp 3GPP media .3gp .3gpp Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll Type: NPAPI Disable MIME types: MIME type Description File extensions audio/3gpp 3GPP media .3gp .3gpp video/3gpp2 3GPP2 media .3g2 .3gp2 audio/3gpp2 3GPP2 media .3g2 .3gp2 video/sd-video SD video .sdv application/x-mpeg AMC media .amc video/mp4 MPEG-4 media .mp4 audio/mp4 MPEG-4 media .mp4 audio/x-m4a AAC audio .m4a audio/x-m4p AAC audio (protected) .m4p audio/x-m4b AAC audio book .m4b Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll Type: NPAPI Disable MIME types: MIME type Description File extensions video/x-m4v Video (protected) .m4v image/x-macpaint MacPaint image .pntg .pnt .mac image/pict PICT image .pict .pic .pct image/x-pict PICT image .pict .pic .pct image/x-quicktime QuickTime image .qtif .qti image/x-sgi SGI image .sgi .rgb image/x-targa TGA image .targa .tga image/jp2 JPEG2000 image .jp2 Name: QuickTime Plug-in 7.6.9 Description: The QuickTime Plugin allows you to view a wide variety of multimedia content in Web pages. For more information, visit the QuickTime Web site. Version: 7.6.9 (1680.9) Location: C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll Type: NPAPI Disable MIME types: MIME type Description File extensions image/jpeg2000 JPEG2000 image .jp2 image/jpeg2000-image JPEG2000 image .jp2 image/x-jpeg2000-image JPEG2000 image .jp2 Disable Always allowed Microsoft Office (2 files) - Version: 14.0.4730.1010 Office Authorization plug-in for NPAPI browsers Name: Microsoft Office 2010 Description: Office Authorization plug-in for NPAPI browsers Version: 14.0.4730.1010 Location: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-msoffice14 14.0.4730.1010 .* Name: Microsoft Office 2010 Description: The plug-in allows you to open and edit files using Microsoft Office applications Version: 14.0.4761.1000 Location: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-sharepoint SharePoint Plug-in for Firefox Disable Always allowed DivX Player - Version: 1, 5, 0, 52 DivX Web Player version 1.5.0.52 Name: DivX Web Player Description: DivX Web Player version 1.5.0.52 Version: 1, 5, 0, 52 Location: C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll Type: NPAPI Disable MIME types: MIME type Description File extensions video/divx DivX Video Files .divx .div Disable Always allowed Google Update - Version: 1.3.21.115 Name: Google Update Version: 1.3.21.115 Location: C:\Users\Administrator\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-vnd.google.update3webcontrol.3 application/x-vnd.google.oneclickctrl.9 Disable Always allowed Pando Web Plugin - Version: 2.3.3.8 Name: Pando Web Plugin Version: 2.3.3.8 Location: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-pandoplugin This plug-in detects and launches Pando Media Booster Disable Always allowed RealPlayer (3 files) - Version: 15.0.4.53 RealPlayer LiveConnect-Enabled Plug-In Name: RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) Description: RealPlayer LiveConnect-Enabled Plug-In Version: 15.0.4.53 Location: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll Type: NPAPI Disable MIME types: MIME type Description File extensions audio/x-pn-realaudio-plugin RealPlayer as Plug-in .rpm Name: RealPlayer Download Plugin Version: 15.0.4.53 Location: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/vnd.rn-realplayer-javascript RealPlayer Download Plugin .rpj Name: RealPlayer HTML5VideoShim Plug-In (32-bit) Description: RealPlayer HTML5VideoShim Plug-In Version: 15.0.4.53 Location: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-rp-html5videoshim-plugin RealPlayer HTML5VideoShim Plug-In .rh5 Disable Always allowed RealJukebox NS Plugin - Version: 15.0.4.53 RealJukebox Netscape Plugin Name: RealJukebox NS Plugin Description: RealJukebox Netscape Plugin Version: 15.0.4.53 Location: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll Type: NPAPI Disable MIME types: MIME type Description File extensions none RealJukebox NS Plugin File .none Disable Always allowed RealNetworks Chrome Background Extension Plug-In (32-bit) - Version: 15.0.4.53 RealNetworks RealPlayer Chrome Background Extension Plug-In Name: RealNetworks Chrome Background Extension Plug-In (32-bit) Description: RealNetworks RealPlayer Chrome Background Extension Plug-In Version: 15.0.4.53 Location: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-rn-rpchromebgext-plugin RealNetworks RealPlayer Chrome Background Extension Plug-In .rpe Disable Always allowed Hulu Desktop - Version: 0.9.13.1 The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application. Name: Hulu Desktop Description: The Hulu Desktop Plugin allows Hulu.com to integrate with the Hulu Desktop application. Version: 0.9.13.1 Location: C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-hulu-desktop Hulu Desktop Plugin .hulu Disable Always allowed Silverlight - Version: 4.1.10329.0 Name: Silverlight Plug-In Version: 4.1.10329.0 Location: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll Type: NPAPI Disable MIME types: MIME type Description File extensions application/x-silverlight npctrl .scr application/x-silverlight-2 Everything else seems alright, should auto detect LAN settings be clicked?
  2. I deleted Firefox, Chrome is still redirecting me, usually always to Scour.com. IE has no redirect issues.
  3. Appreciate the dilligence MrC, I know you got your hands full with this Damn rootkit. Here is the log SystemLook 30.07.11 by jpshortstuff Log created at 16:33 on 14/08/2012 by Administrator Administrator - Elevation successful ========== Filefind ========== Searching for "user32.dll" C:\Windows\ERDNT\cache64\user32.dll --a---- 1008128 bytes [10:23 12/08/2012] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B C:\Windows\System32\user32.dll --a---- 1008128 bytes [03:22 10/06/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B C:\Windows\SysWOW64\user32.dll --a---- 857600 bytes [03:21 10/06/2011] [12:08 20/11/2010] 7FE01651B8F4804DE138B3C9CBAEE5D5 C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll --a---- 1008640 bytes [23:38 13/07/2009] [01:41 14/07/2009] 72D7B3EA16946E8F0CF7458150031CC6 C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll --a---- 1008128 bytes [03:22 10/06/2011] [13:27 20/11/2010] FE70103391A64039A921DBFFF9C7AB1B C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll --a---- 833024 bytes [23:24 13/07/2009] [01:11 14/07/2009] E8B0FFC209E504CB7E79FC24E6C085F0 C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll ------- 833024 bytes [03:21 10/06/2011] [12:08 20/11/2010] 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -= EOF =- .
  4. Here you go. ComboFix 12-08-13.01 - James 08/13/2012 22:46:26.4.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6846 [GMT -4:00] Running from: c:\users\James\Desktop\ComboFix.exe Command switches used :: c:\users\James\Desktop\CFScript.txt SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . . --------------- FCopy --------------- . c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll --> c:\windows\SysWOW64\user32.dll . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 02:54 . 2012-08-14 02:54 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-08-14 02:54 . 2012-08-14 02:54 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 00:45 . 2012-08-14 00:45 -------- d-----w- C:\FRST 2012-08-13 22:07 . 2012-08-13 22:07 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-08-13 22:00 . 2012-08-13 22:01 -------- d-----w- c:\program files\HitmanPro 2012-08-13 21:59 . 2012-08-13 22:07 -------- d-----w- c:\programdata\HitmanPro 2012-08-13 15:53 . 2012-08-13 15:53 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-13 15:24 . 2012-08-13 15:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-13 03:53 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AD53CF3-7E7D-4871-BBA5-979E1E38566F}\mpengine.dll 2012-08-13 03:53 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-08-13 00:45 . 2012-08-13 00:44 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-13 00:45 . 2012-08-13 00:44 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-13 00:45 . 2012-08-13 00:44 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-13 00:44 . 2012-08-13 00:44 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-13 00:44 . 2012-08-13 00:44 188912 ----a-w- c:\windows\system32\java.exe 2012-08-13 00:44 . 2012-08-13 00:44 -------- d-----w- c:\program files\Java 2012-08-12 16:32 . 2012-08-12 17:15 -------- d-----w- c:\users\James\DoctorWeb 2012-08-12 16:15 . 2012-08-12 16:15 -------- d-----w- c:\users\James\AppData\Roaming\RegClean 2012-08-12 16:08 . 2012-08-12 16:08 -------- d-----w- c:\program files (x86)\FixBrowserRedirect Registry Cleaner 2012-08-12 16:06 . 2012-08-12 16:06 -------- d-----w- c:\program files (x86)\RealNetworks 2012-08-12 11:56 . 2012-08-12 11:56 -------- d-----w- c:\program files (x86)\ESET 2012-08-12 03:49 . 2012-08-12 03:49 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-08-11 22:53 . 2012-08-11 22:53 2 --shatr- c:\windows\winstart.bat 2012-08-11 22:53 . 2012-08-11 23:04 -------- d-----w- c:\program files (x86)\UnHackMe 2012-08-11 22:25 . 2012-08-12 04:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-11 22:25 . 2012-08-11 22:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-11 22:12 . 2012-08-11 22:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-11 17:55 . 2012-08-11 17:55 -------- d-----w- c:\users\James\AppData\Local\visi_coupon 2012-08-11 16:38 . 2012-08-12 02:56 -------- d-----w- c:\users\James\AppData\Roaming\Etvydi 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\programdata\ATI 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\program files (x86)\AMD AVT 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-28 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-08 22:58 . 2011-11-20 09:22 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-08 22:58 . 2011-11-20 09:21 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-08 22:50 . 2011-11-20 09:21 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-08-08 22:50 . 2011-11-20 09:21 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-08-03 00:34 . 2012-04-24 19:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 00:34 . 2011-05-24 13:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-28 07:01 . 2011-05-29 21:58 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-05-25 20:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-20 20:31 . 2010-09-21 23:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-06-20 20:31 . 2010-09-21 23:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2010-11-08 18:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2010-11-08 18:16 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-02 22:19 . 2012-06-21 19:52 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 19:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 19:53 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 19:53 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 19:52 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 19:53 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 19:52 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-21 19:52 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-21 19:52 36864 ----a-w- c:\windows\system32\wuapp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-20 . 7FE01651B8F4804DE138B3C9CBAEE5D5 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((( SnapShot_2012-08-14_01.18.48 ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-24 11:26 . 2012-08-14 02:57 57966 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin - 2009-07-14 05:10 . 2012-08-14 00:12 37256 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 02:57 37256 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-24 12:08 . 2012-08-14 02:57 13442 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2808526443-654459566-126296548-1000_UserData.bin - 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-24 11:33 . 2012-08-14 02:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-24 11:33 . 2012-08-14 02:57 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-24 11:33 . 2012-08-14 01:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 02:57 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 02:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 02:57 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-14 02:55 . 2012-08-14 02:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-14 01:10 . 2012-08-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-14 01:10 . 2012-08-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-14 02:55 . 2012-08-14 02:55 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat - 2009-07-14 05:01 . 2012-08-14 01:10 494528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 02:54 494528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2011-06-08 05:54 . 2012-08-14 02:54 35236504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2808526443-654459566-126296548-1000-12288.dat - 2011-06-08 05:54 . 2012-08-14 01:10 35236504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2808526443-654459566-126296548-1000-12288.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-28 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] _uninst_29827324.lnk - c:\users\James\AppData\Local\Temp\_uninst_29827324.bat [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] [bU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-25 1255736] R3 X6va005;X6va005;c:\users\James\AppData\Local\Temp\005ABAC.tmp [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [2008-09-19 56320] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 00:34] . 2012-07-27 c:\windows\Tasks\HPCeeScheduleForJAMES-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-08-09 c:\windows\Tasks\HPCeeScheduleForJames.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 37de7dab-f017-4c50-9864-0fa4ed66fd7f.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5830d916-ed80-4518-b09b-f947fbea5bf6.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\f1hqejoe.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005] "ImagePath"="\??\c:\users\James\AppData\Local\Temp\005ABAC.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,03,b3,30,54,78,2e,4d,95,cf,55,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,03,b3,30,54,78,2e,4d,95,cf,55,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Internet Explorer\iexplore.exe c:\program files (x86)\Internet Explorer\iexplore.exe . ************************************************************************** . Completion time: 2012-08-13 23:00:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-14 03:00 ComboFix2.txt 2012-08-14 01:23 ComboFix3.txt 2012-08-13 03:38 . Pre-Run: 436,113,952,768 bytes free Post-Run: 435,817,861,120 bytes free . - - End Of File - - 0F62CAA1486AB29B3C4FDBC5D204F514
  5. 1/42 https://www.virustotal.com/file/a5ea1dd0fa85e97f4b96342a0383575cb1ce13bc3b63d32838e113e5bc4ec14d/analysis/1344909286/
  6. K here is the Combofix log. Just checked Firefox, still redirecting. ComboFix 12-08-13.01 - James 08/13/2012 21:00:11.3.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6683 [GMT -4:00] Running from: c:\users\James\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\bczvaaa.tmp c:\programdata\chwoaaa.tmp . . ((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 ))))))))))))))))))))))))))))))) . . 2012-08-14 01:09 . 2012-08-14 01:09 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp 2012-08-14 01:09 . 2012-08-14 01:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-08-14 00:45 . 2012-08-14 00:45 -------- d-----w- C:\FRST 2012-08-13 22:07 . 2012-08-13 22:07 12872 ----a-w- c:\windows\system32\bootdelete.exe 2012-08-13 22:00 . 2012-08-13 22:01 -------- d-----w- c:\program files\HitmanPro 2012-08-13 21:59 . 2012-08-13 22:07 -------- d-----w- c:\programdata\HitmanPro 2012-08-13 15:53 . 2012-08-13 15:53 -------- d-----w- c:\programdata\Kaspersky Lab 2012-08-13 15:24 . 2012-08-13 15:24 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-13 03:53 . 2012-07-16 06:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9AD53CF3-7E7D-4871-BBA5-979E1E38566F}\mpengine.dll 2012-08-13 03:53 . 2012-05-31 16:25 279656 ------w- c:\windows\system32\MpSigStub.exe 2012-08-13 00:45 . 2012-08-13 00:44 268784 ----a-w- c:\windows\system32\javaws.exe 2012-08-13 00:45 . 2012-08-13 00:44 955888 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-13 00:45 . 2012-08-13 00:44 839152 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-13 00:44 . 2012-08-13 00:44 189424 ----a-w- c:\windows\system32\javaw.exe 2012-08-13 00:44 . 2012-08-13 00:44 188912 ----a-w- c:\windows\system32\java.exe 2012-08-13 00:44 . 2012-08-13 00:44 -------- d-----w- c:\program files\Java 2012-08-12 16:32 . 2012-08-12 17:15 -------- d-----w- c:\users\James\DoctorWeb 2012-08-12 16:15 . 2012-08-12 16:15 -------- d-----w- c:\users\James\AppData\Roaming\RegClean 2012-08-12 16:08 . 2012-08-12 16:08 -------- d-----w- c:\program files (x86)\FixBrowserRedirect Registry Cleaner 2012-08-12 16:06 . 2012-08-12 16:06 -------- d-----w- c:\program files (x86)\RealNetworks 2012-08-12 11:56 . 2012-08-12 11:56 -------- d-----w- c:\program files (x86)\ESET 2012-08-12 03:49 . 2012-08-12 03:49 -------- d-sh--w- c:\windows\system32\%APPDATA% 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\users\James\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-08-11 23:17 . 2012-08-11 23:17 -------- d-----w- c:\programdata\SUPERAntiSpyware.com 2012-08-11 22:53 . 2012-08-11 22:53 2 --shatr- c:\windows\winstart.bat 2012-08-11 22:53 . 2012-08-11 23:04 -------- d-----w- c:\program files (x86)\UnHackMe 2012-08-11 22:25 . 2012-08-12 04:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy 2012-08-11 22:25 . 2012-08-11 22:27 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2012-08-11 22:12 . 2012-08-11 22:12 -------- d-sh--w- c:\windows\SysWow64\%APPDATA% 2012-08-11 17:55 . 2012-08-11 17:55 -------- d-----w- c:\users\James\AppData\Local\visi_coupon 2012-08-11 16:38 . 2012-08-12 02:56 -------- d-----w- c:\users\James\AppData\Roaming\Etvydi 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\programdata\ATI 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\program files (x86)\AMD AVT 2012-08-02 03:02 . 2012-08-02 03:02 -------- d-----w- c:\program files (x86)\AMD APP 2012-07-28 07:04 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-08 22:58 . 2011-11-20 09:22 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2012-08-08 22:58 . 2011-11-20 09:21 283416 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2012-08-08 22:50 . 2011-11-20 09:21 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-08-08 22:50 . 2011-11-20 09:21 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe 2012-08-03 00:34 . 2012-04-24 19:53 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-08-03 00:34 . 2011-05-24 13:57 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-28 07:01 . 2011-05-29 21:58 59701280 ----a-w- c:\windows\system32\MRT.exe 2012-07-03 17:46 . 2011-05-25 20:55 24904 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-20 20:31 . 2010-09-21 23:52 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll 2012-06-20 20:31 . 2010-09-21 23:52 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll 2012-06-11 18:59 . 2012-06-11 18:59 10248192 ----a-w- c:\windows\system32\drivers\atikmdag.sys 2012-06-11 18:35 . 2012-06-11 18:35 70144 ----a-w- c:\windows\system32\coinst_8.98.dll 2012-06-11 18:29 . 2012-06-11 18:29 24826368 ----a-w- c:\windows\system32\atio6axx.dll 2012-06-11 18:00 . 2012-06-11 18:00 20467712 ----a-w- c:\windows\SysWow64\atioglxx.dll 2012-06-11 17:50 . 2012-06-11 17:50 187392 ----a-w- c:\windows\system32\clinfo.exe 2012-06-11 17:50 . 2012-06-11 17:50 75264 ----a-w- c:\windows\system32\OpenVideo64.dll 2012-06-11 17:50 . 2012-06-11 17:50 65024 ----a-w- c:\windows\SysWow64\OpenVideo.dll 2012-06-11 17:50 . 2012-06-11 17:50 63488 ----a-w- c:\windows\system32\OVDecode64.dll 2012-06-11 17:50 . 2012-06-11 17:50 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll 2012-06-11 17:50 . 2012-06-11 17:50 16457728 ----a-w- c:\windows\system32\amdocl64.dll 2012-06-11 17:49 . 2012-06-11 17:49 13008896 ----a-w- c:\windows\SysWow64\amdocl.dll 2012-06-11 17:25 . 2012-06-11 17:25 163840 ----a-w- c:\windows\system32\atiapfxx.exe 2012-06-11 17:24 . 2012-06-11 17:24 924160 ----a-w- c:\windows\SysWow64\aticfx32.dll 2012-06-11 17:23 . 2012-06-11 17:23 1090560 ----a-w- c:\windows\system32\aticfx64.dll 2012-06-11 17:20 . 2012-06-11 17:20 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll 2012-06-11 17:19 . 2012-06-11 17:19 532992 ----a-w- c:\windows\system32\atieclxx.exe 2012-06-11 17:19 . 2012-06-11 17:19 239616 ----a-w- c:\windows\system32\atiesrxx.exe 2012-06-11 17:17 . 2012-06-11 17:17 120320 ----a-w- c:\windows\system32\atitmm64.dll 2012-06-11 17:17 . 2012-06-11 17:17 21504 ----a-w- c:\windows\system32\atimuixx.dll 2012-06-11 17:17 . 2012-06-11 17:17 59392 ----a-w- c:\windows\system32\atiedu64.dll 2012-06-11 17:17 . 2012-06-11 17:17 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll 2012-06-11 17:16 . 2012-06-11 17:16 6301696 ----a-w- c:\windows\SysWow64\atidxx32.dll 2012-06-11 17:01 . 2012-06-11 17:01 6914560 ----a-w- c:\windows\system32\atidxx64.dll 2012-06-11 16:51 . 2012-06-11 16:51 4246528 ----a-w- c:\windows\system32\atiumd6a.dll 2012-06-11 16:45 . 2012-06-11 16:45 51200 ----a-w- c:\windows\system32\aticalrt64.dll 2012-06-11 16:45 . 2012-06-11 16:45 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll 2012-06-11 16:45 . 2012-06-11 16:45 5480448 ----a-w- c:\windows\SysWow64\atiumdag.dll 2012-06-11 16:45 . 2012-06-11 16:45 44544 ----a-w- c:\windows\system32\aticalcl64.dll 2012-06-11 16:45 . 2012-06-11 16:45 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll 2012-06-11 16:45 . 2012-06-11 16:45 15703040 ----a-w- c:\windows\system32\aticaldd64.dll 2012-06-11 16:43 . 2012-06-11 16:43 4729344 ----a-w- c:\windows\SysWow64\atiumdva.dll 2012-06-11 16:40 . 2012-06-11 16:40 13277696 ----a-w- c:\windows\SysWow64\aticaldd.dll 2012-06-11 16:36 . 2012-06-11 16:36 6605824 ----a-w- c:\windows\system32\atiumd64.dll 2012-06-11 16:27 . 2012-06-11 16:27 539136 ----a-w- c:\windows\system32\atiadlxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 368640 ----a-w- c:\windows\SysWow64\atiadlxy.dll 2012-06-11 16:26 . 2012-06-11 16:26 17920 ----a-w- c:\windows\system32\atig6pxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 14848 ----a-w- c:\windows\system32\atiglpxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 41984 ----a-w- c:\windows\system32\atig6txx.dll 2012-06-11 16:26 . 2012-06-11 16:26 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll 2012-06-11 16:26 . 2012-06-11 16:26 367616 ----a-w- c:\windows\system32\drivers\atikmpag.sys 2012-06-11 16:25 . 2010-11-08 18:16 54784 ----a-w- c:\windows\system32\atiuxp64.dll 2012-06-11 16:25 . 2012-06-11 16:25 42496 ----a-w- c:\windows\SysWow64\atiuxpag.dll 2012-06-11 16:25 . 2012-06-11 16:25 45056 ----a-w- c:\windows\system32\atiu9p64.dll 2012-06-11 16:24 . 2010-11-08 18:16 32768 ----a-w- c:\windows\SysWow64\atiu9pag.dll 2012-06-11 16:24 . 2012-06-11 16:24 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\atimpc64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56320 ----a-w- c:\windows\system32\amdpcom64.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll 2012-06-11 16:23 . 2012-06-11 16:23 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll 2012-06-02 22:19 . 2012-06-21 19:52 38424 ----a-w- c:\windows\system32\wups.dll 2012-06-02 22:19 . 2012-06-21 19:53 2428952 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-02 22:19 . 2012-06-21 19:53 57880 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-02 22:19 . 2012-06-21 19:53 44056 ----a-w- c:\windows\system32\wups2.dll 2012-06-02 22:19 . 2012-06-21 19:52 701976 ----a-w- c:\windows\system32\wuapi.dll 2012-06-02 22:15 . 2012-06-21 19:53 2622464 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:15 . 2012-06-21 19:52 99840 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 19:19 . 2012-06-21 19:52 186752 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 19:15 . 2012-06-21 19:52 36864 ----a-w- c:\windows\system32\wuapp.exe . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2010-11-20 . 7FE01651B8F4804DE138B3C9CBAEE5D5 . 857600 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll [7] 2010-11-20 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [7] 2009-07-14 . E8B0FFC209E504CB7E79FC24E6C085F0 . 833024 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll . ((((((((((((((((((((((((((((( SnapShot@2012-08-13_03.33.24 ))))))))))))))))))))))))))))))))))))))))) . + 2012-08-13 22:41 . 2012-08-13 22:41 16896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{F63F5B62-E597-11E1-A02A-6431502D45F3}.dat + 2012-08-13 17:44 . 2012-08-13 17:44 25600 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{84B66B01-E56E-11E1-99A6-6431502D45F3}.dat + 2012-08-13 21:04 . 2012-08-13 21:06 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{70A57C15-E58A-11E1-A4EE-6431502D45F3}.dat + 2012-08-13 12:49 . 2012-08-13 12:50 35328 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{576E78AC-E545-11E1-98F8-6431502D45F3}.dat + 2012-08-13 12:11 . 2012-08-13 12:17 86528 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{0AC3DDD0-E540-11E1-98F8-6431502D45F3}.dat - 2012-08-11 17:39 . 2012-08-12 22:08 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-11 17:39 . 2012-08-13 23:37 81920 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat + 2012-08-11 17:39 . 2012-08-14 00:53 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat - 2012-08-11 17:39 . 2012-08-13 03:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Feeds Cache\index.dat + 2012-08-11 22:12 . 2012-08-14 00:53 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat - 2012-08-11 22:12 . 2012-08-12 20:26 16384 c:\windows\SysWOW64\%APPDATA%\Microsoft\Windows\IETldCache\index.dat + 2011-05-24 11:26 . 2012-08-14 00:12 57644 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin + 2009-07-14 05:10 . 2012-08-14 00:12 37256 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin + 2011-05-24 12:08 . 2012-08-14 00:12 13426 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2808526443-654459566-126296548-1000_UserData.bin + 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-24 11:33 . 2012-08-13 03:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-24 11:33 . 2012-08-13 03:25 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 01:13 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat - 2011-05-24 11:33 . 2012-08-13 03:25 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat - 2011-05-24 11:33 . 2012-08-13 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat + 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat - 2011-05-24 11:33 . 2012-08-13 03:25 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2011-05-24 11:33 . 2012-08-14 01:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat + 2012-08-13 22:41 . 2012-08-14 00:53 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\RecoveryStore.{FC3F0119-E597-11E1-A02A-6431502D45F3}.dat + 2012-08-14 00:53 . 2012-08-14 00:53 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Last Active\{79C09170-E5AA-11E1-86D2-6431502D45F3}.dat + 2012-08-13 22:41 . 2012-08-13 22:41 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{F63F5B61-E597-11E1-A02A-6431502D45F3}.dat + 2012-08-13 12:01 . 2012-08-13 12:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{AC3912DC-E53E-11E1-98F8-6431502D45F3}.dat + 2012-08-13 17:44 . 2012-08-13 17:44 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{84B66B00-E56E-11E1-99A6-6431502D45F3}.dat + 2012-08-13 21:04 . 2012-08-13 21:04 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{70A57C14-E58A-11E1-A4EE-6431502D45F3}.dat + 2012-08-13 18:26 . 2012-08-13 18:26 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{701A2E74-E574-11E1-99A6-6431502D45F3}.dat + 2012-08-13 18:55 . 2012-08-13 18:55 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{6F046C05-E578-11E1-99A6-6431502D45F3}.dat + 2012-08-13 18:19 . 2012-08-13 18:19 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5AF82285-E573-11E1-99A6-6431502D45F3}.dat + 2012-08-13 12:49 . 2012-08-13 12:50 5120 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{5AB6BE6C-E545-11E1-98F8-6431502D45F3}.dat + 2012-08-13 12:49 . 2012-08-13 12:49 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{576E78AB-E545-11E1-98F8-6431502D45F3}.dat + 2012-08-13 11:52 . 2012-08-13 11:52 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4AADC8A9-E53D-11E1-859D-6431502D45F3}.dat + 2012-08-13 16:01 . 2012-08-13 16:01 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{20D9DC83-E560-11E1-99A6-6431502D45F3}.dat + 2012-08-13 12:11 . 2012-08-13 12:11 3584 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{0AC3DDCF-E540-11E1-98F8-6431502D45F3}.dat + 2012-08-13 22:41 . 2012-08-13 22:41 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{FC3F0118-E597-11E1-A02A-6431502D45F3}.dat + 2012-08-13 18:26 . 2012-08-13 18:26 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{701A2E75-E574-11E1-99A6-6431502D45F3}.dat + 2012-08-13 12:50 . 2012-08-13 12:50 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{63D5E45D-E545-11E1-98F8-6431502D45F3}.dat + 2012-08-13 18:19 . 2012-08-13 18:19 9728 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{5AF82286-E573-11E1-99A6-6431502D45F3}.dat + 2012-08-13 16:01 . 2012-08-13 16:01 4096 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{20D9DC84-E560-11E1-99A6-6431502D45F3}.dat + 2012-08-14 01:10 . 2012-08-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 03:22 . 2012-08-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat - 2012-08-13 03:22 . 2012-08-13 03:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-14 01:10 . 2012-08-14 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat + 2012-08-11 17:39 . 2012-08-14 00:53 227328 c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar\cache.dat - 2012-08-11 17:39 . 2012-08-13 03:04 227328 c:\windows\SysWOW64\config\systemprofile\AppData\LocalLow\AskToolbar\cache.dat + 2012-08-13 12:01 . 2012-08-13 12:08 138240 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{AC3912DD-E53E-11E1-98F8-6431502D45F3}.dat + 2012-08-13 18:55 . 2012-08-13 19:00 185344 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{6F046C06-E578-11E1-99A6-6431502D45F3}.dat + 2012-08-13 11:52 . 2012-08-13 11:55 243200 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4AADC8AA-E53D-11E1-859D-6431502D45F3}.dat + 2009-07-14 02:36 . 2012-08-13 20:21 627066 c:\windows\system32\perfh009.dat + 2009-07-14 02:36 . 2012-08-13 20:21 107382 c:\windows\system32\perfc009.dat - 2009-07-14 05:01 . 2012-08-13 03:22 494528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat + 2009-07-14 05:01 . 2012-08-14 01:10 494528 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat - 2011-05-24 12:03 . 2012-08-13 03:07 3096504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-05-24 12:03 . 2012-08-14 01:10 3096504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat + 2011-06-08 05:54 . 2012-08-14 01:10 35236504 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2808526443-654459566-126296548-1000-12288.dat . -- Snapshot reset to current date -- . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-01-03 21:31 1514152 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2011-07-28 393216] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704] . c:\users\James\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Stardock ObjectDock.lnk - c:\program files (x86)\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176] _uninst_29827324.lnk - c:\users\James\AppData\Local\Temp\_uninst_29827324.bat [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) "EnableLUA"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoResolveTrack"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WB] [bU] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot] @="" . R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-03 250056] R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-25 1255736] R3 X6va005;X6va005;c:\users\James\AppData\Local\Temp\005ABAC.tmp [x] S0 amd_sata;amd_sata;c:\windows\system32\DRIVERS\amd_sata.sys [2010-08-13 75904] S0 amd_xata;amd_xata;c:\windows\system32\DRIVERS\amd_xata.sys [2010-08-13 38016] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928] S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368] S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616] S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-06-11 361984] S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888] S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2011-09-21 21992] S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560] S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-08-06 291896] S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264] S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-09-28 1119768] S2 RoxioNow Service;RoxioNow Service;c:\program files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-09-11 399344] S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368] S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136] S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760] S3 CamSuiteVAC;CamSuite Virtual Audio;c:\windows\system32\DRIVERS\CamSuiteVAC.sys [2008-09-19 56320] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-09-03 349800] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456] . . Contents of the 'Scheduled Tasks' folder . 2012-08-14 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-24 00:34] . 2012-07-27 c:\windows\Tasks\HPCeeScheduleForJAMES-HP$.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-08-09 c:\windows\Tasks\HPCeeScheduleForJames.job - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 06:15] . 2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 37de7dab-f017-4c50-9864-0fa4ed66fd7f.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . 2012-08-13 c:\windows\Tasks\SUPERAntiSpyware Scheduled Task 5830d916-ed80-4518-b09b-f947fbea5bf6.job - c:\program files\SUPERAntiSpyware\SASTask.exe [2011-05-04 17:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler] "{1984DD45-52CF-49cd-AB77-18F378FEA264}"= "c:\program files (x86)\Stardock\Fences\FencesMenu64.dll" [2010-06-22 253288] . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com/ IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 FF - ProfilePath - c:\users\James\AppData\Roaming\Mozilla\Firefox\Profiles\f1hqejoe.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) SafeBoot-55169080.sys WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher] "ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\X6va005] "ImagePath"="\??\c:\users\James\AppData\Local\Temp\005ABAC.tmp" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,03,b3,30,54,78,2e,4d,95,cf,55,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e2,03,b3,30,54,78,2e,4d,95,cf,55,\ . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.HTM" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.MHT" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice] @Denied: (2) (LocalSystem) "Progid"="IE.AssocFile.URL" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\windows\SysWOW64\PnkBstrA.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe . ************************************************************************** . Completion time: 2012-08-13 21:23:29 - machine was rebooted ComboFix-quarantined-files.txt 2012-08-14 01:23 ComboFix2.txt 2012-08-13 03:38 . Pre-Run: 436,082,995,200 bytes free Post-Run: 436,109,766,656 bytes free . - - End Of File - - 3597FD74785ABB0F262FC603CF6FD0CA
  7. TDSS came up clean last few times I ran it, but here you are. 20:24:30.0933 2312 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32 20:24:31.0261 2312 ============================================================ 20:24:31.0261 2312 Current date / time: 2012/08/13 20:24:31.0261 20:24:31.0261 2312 SystemInfo: 20:24:31.0261 2312 20:24:31.0261 2312 OS Version: 6.1.7601 ServicePack: 1.0 20:24:31.0261 2312 Product type: Workstation 20:24:31.0261 2312 ComputerName: JAMES-HP 20:24:31.0261 2312 UserName: James 20:24:31.0261 2312 Windows directory: C:\Windows 20:24:31.0261 2312 System windows directory: C:\Windows 20:24:31.0261 2312 Running under WOW64 20:24:31.0261 2312 Processor architecture: Intel x64 20:24:31.0261 2312 Number of processors: 4 20:24:31.0261 2312 Page size: 0x1000 20:24:31.0261 2312 Boot type: Normal boot 20:24:31.0261 2312 ============================================================ 20:24:32.0103 2312 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:24:32.0119 2312 Drive \Device\Harddisk1\DR1 - Size: 0xF0000000 (3.75 Gb), SectorSize: 0x200, Cylinders: 0x1E9, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 20:24:32.0134 2312 ============================================================ 20:24:32.0134 2312 \Device\Harddisk0\DR0: 20:24:32.0134 2312 MBR partitions: 20:24:32.0134 2312 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 20:24:32.0134 2312 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x55AAF000 20:24:32.0134 2312 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x55AE1800, BlocksNum 0x1A64000 20:24:32.0134 2312 \Device\Harddisk1\DR1: 20:24:32.0134 2312 MBR partitions: 20:24:32.0134 2312 \Device\Harddisk1\DR1\Partition0: MBR, Type 0xB, StartLBA 0x478, BlocksNum 0x77FB88 20:24:32.0134 2312 ============================================================ 20:24:32.0197 2312 C: <-> \Device\Harddisk0\DR0\Partition1 20:24:32.0228 2312 D: <-> \Device\Harddisk0\DR0\Partition2 20:24:32.0228 2312 ============================================================ 20:24:32.0228 2312 Initialize success 20:24:32.0228 2312 ============================================================ 20:24:47.0219 3112 ============================================================ 20:24:47.0219 3112 Scan started 20:24:47.0219 3112 Mode: Manual; SigCheck; TDLFS; 20:24:47.0219 3112 ============================================================ 20:24:47.0859 3112 !SASCORE (7d9d615201a483d6fa99491c2e655a5a) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE 20:24:47.0890 3112 !SASCORE - ok 20:24:48.0031 3112 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys 20:24:48.0062 3112 1394ohci - ok 20:24:48.0109 3112 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys 20:24:48.0124 3112 ACPI - ok 20:24:48.0140 3112 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys 20:24:48.0218 3112 AcpiPmi - ok 20:24:48.0421 3112 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:24:48.0421 3112 AdobeARMservice - ok 20:24:48.0577 3112 AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:24:48.0592 3112 AdobeFlashPlayerUpdateSvc - ok 20:24:48.0639 3112 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys 20:24:48.0655 3112 adp94xx - ok 20:24:48.0670 3112 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys 20:24:48.0686 3112 adpahci - ok 20:24:48.0686 3112 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys 20:24:48.0701 3112 adpu320 - ok 20:24:48.0733 3112 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll 20:24:48.0826 3112 AeLookupSvc - ok 20:24:48.0873 3112 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys 20:24:48.0935 3112 AFD - ok 20:24:48.0967 3112 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys 20:24:48.0982 3112 agp440 - ok 20:24:48.0998 3112 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe 20:24:49.0029 3112 ALG - ok 20:24:49.0045 3112 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys 20:24:49.0045 3112 aliide - ok 20:24:49.0091 3112 AMD External Events Utility (9c616ba191b80f5cd1a1b9553e107100) C:\Windows\system32\atiesrxx.exe 20:24:49.0185 3112 AMD External Events Utility - ok 20:24:49.0263 3112 AMD FUEL Service - ok 20:24:49.0279 3112 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys 20:24:49.0279 3112 amdide - ok 20:24:49.0310 3112 amdiox64 (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys 20:24:49.0325 3112 amdiox64 - ok 20:24:49.0357 3112 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys 20:24:49.0388 3112 AmdK8 - ok 20:24:49.0809 3112 amdkmdag (5165e83751b8ff40e5e4925996fcc506) C:\Windows\system32\DRIVERS\atikmdag.sys 20:24:50.0012 3112 amdkmdag - ok 20:24:50.0137 3112 amdkmdap (86ab3cf484260c4318f3a6e8b035f422) C:\Windows\system32\DRIVERS\atikmpag.sys 20:24:50.0168 3112 amdkmdap - ok 20:24:50.0183 3112 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys 20:24:50.0215 3112 AmdPPM - ok 20:24:50.0230 3112 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys 20:24:50.0246 3112 amdsata - ok 20:24:50.0261 3112 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys 20:24:50.0277 3112 amdsbs - ok 20:24:50.0308 3112 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys 20:24:50.0324 3112 amdxata - ok 20:24:50.0339 3112 amd_sata (8a2b4818215d8a6ff54dc3f0d63cbb2d) C:\Windows\system32\DRIVERS\amd_sata.sys 20:24:50.0339 3112 amd_sata - ok 20:24:50.0355 3112 amd_xata (a2d8977623e13591b15f6370c6cc37b0) C:\Windows\system32\DRIVERS\amd_xata.sys 20:24:50.0371 3112 amd_xata - ok 20:24:50.0464 3112 AODDriver4.01 (5b25d1a753cc3a3edb909bb759ac1098) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys 20:24:50.0464 3112 AODDriver4.01 - ok 20:24:50.0573 3112 AODService (419dfc4fcf642a3d8d9794c15fca92fd) C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe 20:24:50.0589 3112 AODService - ok 20:24:50.0605 3112 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys 20:24:50.0714 3112 AppID - ok 20:24:50.0745 3112 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll 20:24:50.0792 3112 AppIDSvc - ok 20:24:50.0823 3112 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll 20:24:50.0870 3112 Appinfo - ok 20:24:50.0885 3112 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys 20:24:50.0885 3112 arc - ok 20:24:50.0901 3112 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys 20:24:50.0901 3112 arcsas - ok 20:24:50.0917 3112 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys 20:24:50.0979 3112 AsyncMac - ok 20:24:51.0010 3112 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys 20:24:51.0026 3112 atapi - ok 20:24:51.0057 3112 AtiHDAudioService (24464b908e143d2561e9e452fee97309) C:\Windows\system32\drivers\AtihdW76.sys 20:24:51.0073 3112 AtiHDAudioService - ok 20:24:51.0104 3112 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\Windows\system32\DRIVERS\AtiPcie64.sys 20:24:51.0104 3112 AtiPcie - ok 20:24:51.0151 3112 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:24:51.0213 3112 AudioEndpointBuilder - ok 20:24:51.0229 3112 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll 20:24:51.0260 3112 AudioSrv - ok 20:24:51.0291 3112 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll 20:24:51.0353 3112 AxInstSV - ok 20:24:51.0385 3112 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys 20:24:51.0431 3112 b06bdrv - ok 20:24:51.0447 3112 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys 20:24:51.0478 3112 b57nd60a - ok 20:24:51.0509 3112 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll 20:24:51.0541 3112 BDESVC - ok 20:24:51.0556 3112 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys 20:24:51.0587 3112 Beep - ok 20:24:51.0665 3112 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll 20:24:51.0712 3112 BFE - ok 20:24:51.0728 3112 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys 20:24:51.0759 3112 blbdrive - ok 20:24:51.0790 3112 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys 20:24:51.0806 3112 bowser - ok 20:24:51.0806 3112 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys 20:24:51.0868 3112 BrFiltLo - ok 20:24:51.0868 3112 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys 20:24:51.0884 3112 BrFiltUp - ok 20:24:51.0899 3112 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys 20:24:51.0946 3112 BridgeMP - ok 20:24:51.0993 3112 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll 20:24:52.0024 3112 Browser - ok 20:24:52.0040 3112 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys 20:24:52.0071 3112 Brserid - ok 20:24:52.0087 3112 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys 20:24:52.0102 3112 BrSerWdm - ok 20:24:52.0102 3112 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys 20:24:52.0133 3112 BrUsbMdm - ok 20:24:52.0133 3112 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys 20:24:52.0149 3112 BrUsbSer - ok 20:24:52.0165 3112 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys 20:24:52.0180 3112 BTHMODEM - ok 20:24:52.0227 3112 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll 20:24:52.0274 3112 bthserv - ok 20:24:52.0305 3112 CamSuiteVAC (bcdb579f30335f20aaddc873aba669e8) C:\Windows\system32\DRIVERS\CamSuiteVAC.sys 20:24:52.0305 3112 CamSuiteVAC - ok 20:24:52.0305 3112 catchme - ok 20:24:52.0336 3112 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys 20:24:52.0383 3112 cdfs - ok 20:24:52.0430 3112 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys 20:24:52.0445 3112 cdrom - ok 20:24:52.0477 3112 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:24:52.0508 3112 CertPropSvc - ok 20:24:52.0508 3112 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys 20:24:52.0539 3112 circlass - ok 20:24:52.0570 3112 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys 20:24:52.0586 3112 CLFS - ok 20:24:52.0633 3112 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:24:52.0648 3112 clr_optimization_v2.0.50727_32 - ok 20:24:52.0679 3112 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:24:52.0679 3112 clr_optimization_v2.0.50727_64 - ok 20:24:52.0757 3112 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:24:52.0773 3112 clr_optimization_v4.0.30319_32 - ok 20:24:52.0820 3112 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:24:52.0835 3112 clr_optimization_v4.0.30319_64 - ok 20:24:52.0835 3112 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys 20:24:52.0851 3112 CmBatt - ok 20:24:52.0867 3112 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys 20:24:52.0867 3112 cmdide - ok 20:24:52.0913 3112 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys 20:24:52.0976 3112 CNG - ok 20:24:52.0991 3112 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys 20:24:52.0991 3112 Compbatt - ok 20:24:53.0023 3112 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys 20:24:53.0038 3112 CompositeBus - ok 20:24:53.0038 3112 COMSysApp - ok 20:24:53.0101 3112 cpuz135 (c08063f052308b6f5882482615387f30) C:\Windows\system32\drivers\cpuz135_x64.sys 20:24:53.0101 3112 cpuz135 - ok 20:24:53.0101 3112 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys 20:24:53.0116 3112 crcdisk - ok 20:24:53.0147 3112 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll 20:24:53.0179 3112 CryptSvc - ok 20:24:53.0225 3112 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:24:53.0272 3112 DcomLaunch - ok 20:24:53.0303 3112 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll 20:24:53.0350 3112 defragsvc - ok 20:24:53.0381 3112 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys 20:24:53.0413 3112 DfsC - ok 20:24:53.0444 3112 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll 20:24:53.0491 3112 Dhcp - ok 20:24:53.0506 3112 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys 20:24:53.0553 3112 discache - ok 20:24:53.0569 3112 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys 20:24:53.0584 3112 Disk - ok 20:24:53.0615 3112 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll 20:24:53.0662 3112 Dnscache - ok 20:24:53.0693 3112 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll 20:24:53.0725 3112 dot3svc - ok 20:24:53.0740 3112 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll 20:24:53.0787 3112 DPS - ok 20:24:53.0803 3112 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys 20:24:53.0818 3112 drmkaud - ok 20:24:53.0881 3112 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys 20:24:53.0896 3112 DXGKrnl - ok 20:24:53.0912 3112 EagleX64 - ok 20:24:53.0927 3112 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll 20:24:53.0959 3112 EapHost - ok 20:24:54.0099 3112 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys 20:24:54.0177 3112 ebdrv - ok 20:24:54.0271 3112 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe 20:24:54.0302 3112 EFS - ok 20:24:54.0364 3112 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe 20:24:54.0427 3112 ehRecvr - ok 20:24:54.0458 3112 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe 20:24:54.0473 3112 ehSched - ok 20:24:54.0520 3112 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys 20:24:54.0536 3112 elxstor - ok 20:24:54.0567 3112 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys 20:24:54.0583 3112 ErrDev - ok 20:24:54.0629 3112 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll 20:24:54.0676 3112 EventSystem - ok 20:24:54.0692 3112 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys 20:24:54.0739 3112 exfat - ok 20:24:54.0754 3112 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys 20:24:54.0785 3112 fastfat - ok 20:24:54.0848 3112 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe 20:24:54.0895 3112 Fax - ok 20:24:54.0926 3112 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys 20:24:54.0941 3112 fdc - ok 20:24:54.0957 3112 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll 20:24:54.0988 3112 fdPHost - ok 20:24:55.0004 3112 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll 20:24:55.0035 3112 FDResPub - ok 20:24:55.0066 3112 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys 20:24:55.0066 3112 FileInfo - ok 20:24:55.0082 3112 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys 20:24:55.0113 3112 Filetrace - ok 20:24:55.0129 3112 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys 20:24:55.0129 3112 flpydisk - ok 20:24:55.0160 3112 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys 20:24:55.0175 3112 FltMgr - ok 20:24:55.0253 3112 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll 20:24:55.0285 3112 FontCache - ok 20:24:55.0347 3112 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:24:55.0347 3112 FontCache3.0.0.0 - ok 20:24:55.0378 3112 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys 20:24:55.0394 3112 FsDepends - ok 20:24:55.0425 3112 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys 20:24:55.0441 3112 Fs_Rec - ok 20:24:55.0472 3112 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys 20:24:55.0472 3112 fvevol - ok 20:24:55.0487 3112 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys 20:24:55.0503 3112 gagp30kx - ok 20:24:55.0612 3112 GameConsoleService (d154305de6090e6e84e525f84bb08a06) C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe 20:24:55.0612 3112 GameConsoleService - ok 20:24:55.0675 3112 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll 20:24:55.0737 3112 gpsvc - ok 20:24:55.0753 3112 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys 20:24:55.0799 3112 hcw85cir - ok 20:24:55.0846 3112 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys 20:24:55.0862 3112 HdAudAddService - ok 20:24:55.0893 3112 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys 20:24:55.0924 3112 HDAudBus - ok 20:24:55.0955 3112 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys 20:24:55.0955 3112 HidBatt - ok 20:24:55.0971 3112 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys 20:24:55.0987 3112 HidBth - ok 20:24:56.0002 3112 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys 20:24:56.0033 3112 HidIr - ok 20:24:56.0065 3112 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll 20:24:56.0111 3112 hidserv - ok 20:24:56.0127 3112 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys 20:24:56.0127 3112 HidUsb - ok 20:24:56.0158 3112 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll 20:24:56.0205 3112 hkmsvc - ok 20:24:56.0236 3112 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll 20:24:56.0252 3112 HomeGroupListener - ok 20:24:56.0283 3112 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll 20:24:56.0299 3112 HomeGroupProvider - ok 20:24:56.0439 3112 HP Support Assistant Service (170233b8d743efe35f462a5d516b93e3) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe 20:24:56.0439 3112 HP Support Assistant Service - ok 20:24:56.0517 3112 HPClientSvc (3dc11a802353401332d49c3cbfbbe5fc) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe 20:24:56.0533 3112 HPClientSvc - ok 20:24:56.0564 3112 HPDrvMntSvc.exe (bcc4a8b2e2e902f52e7f2e7d8e125765) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe 20:24:56.0564 3112 HPDrvMntSvc.exe - ok 20:24:56.0611 3112 hpqwmiex (ec9739a46f1f83c6e52a7a4697f44a65) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe 20:24:56.0626 3112 hpqwmiex - ok 20:24:56.0767 3112 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys 20:24:56.0767 3112 HpSAMD - ok 20:24:56.0829 3112 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys 20:24:56.0876 3112 HTTP - ok 20:24:56.0907 3112 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys 20:24:56.0907 3112 hwpolicy - ok 20:24:56.0923 3112 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys 20:24:56.0938 3112 i8042prt - ok 20:24:56.0985 3112 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys 20:24:57.0001 3112 iaStorV - ok 20:24:57.0063 3112 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:24:57.0094 3112 idsvc - ok 20:24:57.0110 3112 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys 20:24:57.0125 3112 iirsp - ok 20:24:57.0172 3112 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll 20:24:57.0219 3112 IKEEXT - ok 20:24:57.0344 3112 IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys 20:24:57.0375 3112 IntcAzAudAddService - ok 20:24:57.0469 3112 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys 20:24:57.0484 3112 intelide - ok 20:24:57.0500 3112 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys 20:24:57.0515 3112 intelppm - ok 20:24:57.0547 3112 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll 20:24:57.0578 3112 IPBusEnum - ok 20:24:57.0609 3112 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:24:57.0656 3112 IpFilterDriver - ok 20:24:57.0718 3112 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll 20:24:57.0765 3112 iphlpsvc - ok 20:24:57.0765 3112 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys 20:24:57.0796 3112 IPMIDRV - ok 20:24:57.0812 3112 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys 20:24:57.0859 3112 IPNAT - ok 20:24:57.0874 3112 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys 20:24:57.0890 3112 IRENUM - ok 20:24:57.0905 3112 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys 20:24:57.0921 3112 isapnp - ok 20:24:57.0952 3112 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys 20:24:57.0952 3112 iScsiPrt - ok 20:24:57.0983 3112 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys 20:24:57.0983 3112 kbdclass - ok 20:24:58.0015 3112 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys 20:24:58.0030 3112 kbdhid - ok 20:24:58.0061 3112 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:24:58.0061 3112 KeyIso - ok 20:24:58.0108 3112 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys 20:24:58.0124 3112 KSecDD - ok 20:24:58.0155 3112 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys 20:24:58.0155 3112 KSecPkg - ok 20:24:58.0186 3112 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys 20:24:58.0217 3112 ksthunk - ok 20:24:58.0249 3112 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll 20:24:58.0295 3112 KtmRm - ok 20:24:58.0342 3112 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll 20:24:58.0373 3112 LanmanServer - ok 20:24:58.0405 3112 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll 20:24:58.0436 3112 LanmanWorkstation - ok 20:24:58.0467 3112 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys 20:24:58.0498 3112 lltdio - ok 20:24:58.0545 3112 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll 20:24:58.0592 3112 lltdsvc - ok 20:24:58.0592 3112 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll 20:24:58.0623 3112 lmhosts - ok 20:24:58.0639 3112 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys 20:24:58.0654 3112 LSI_FC - ok 20:24:58.0654 3112 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys 20:24:58.0670 3112 LSI_SAS - ok 20:24:58.0670 3112 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys 20:24:58.0685 3112 LSI_SAS2 - ok 20:24:58.0685 3112 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys 20:24:58.0701 3112 LSI_SCSI - ok 20:24:58.0717 3112 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys 20:24:58.0748 3112 luafv - ok 20:24:58.0779 3112 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll 20:24:58.0795 3112 Mcx2Svc - ok 20:24:58.0795 3112 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys 20:24:58.0810 3112 megasas - ok 20:24:58.0826 3112 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys 20:24:58.0841 3112 MegaSR - ok 20:24:58.0857 3112 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:24:58.0904 3112 MMCSS - ok 20:24:58.0919 3112 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys 20:24:58.0951 3112 Modem - ok 20:24:58.0982 3112 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys 20:24:58.0997 3112 monitor - ok 20:24:59.0029 3112 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys 20:24:59.0044 3112 mouclass - ok 20:24:59.0060 3112 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys 20:24:59.0075 3112 mouhid - ok 20:24:59.0107 3112 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys 20:24:59.0122 3112 mountmgr - ok 20:24:59.0247 3112 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:24:59.0263 3112 MozillaMaintenance - ok 20:24:59.0294 3112 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys 20:24:59.0309 3112 mpio - ok 20:24:59.0325 3112 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys 20:24:59.0356 3112 mpsdrv - ok 20:24:59.0419 3112 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll 20:24:59.0450 3112 MpsSvc - ok 20:24:59.0481 3112 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys 20:24:59.0512 3112 MRxDAV - ok 20:24:59.0543 3112 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys 20:24:59.0575 3112 mrxsmb - ok 20:24:59.0606 3112 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:24:59.0637 3112 mrxsmb10 - ok 20:24:59.0668 3112 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:24:59.0668 3112 mrxsmb20 - ok 20:24:59.0684 3112 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys 20:24:59.0684 3112 msahci - ok 20:24:59.0731 3112 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys 20:24:59.0731 3112 msdsm - ok 20:24:59.0762 3112 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe 20:24:59.0793 3112 MSDTC - ok 20:24:59.0809 3112 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys 20:24:59.0840 3112 Msfs - ok 20:24:59.0840 3112 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys 20:24:59.0887 3112 mshidkmdf - ok 20:24:59.0902 3112 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys 20:24:59.0902 3112 msisadrv - ok 20:24:59.0949 3112 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll 20:24:59.0980 3112 MSiSCSI - ok 20:24:59.0980 3112 msiserver - ok 20:25:00.0011 3112 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys 20:25:00.0043 3112 MSKSSRV - ok 20:25:00.0058 3112 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys 20:25:00.0089 3112 MSPCLOCK - ok 20:25:00.0089 3112 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys 20:25:00.0136 3112 MSPQM - ok 20:25:00.0183 3112 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys 20:25:00.0199 3112 MsRPC - ok 20:25:00.0214 3112 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys 20:25:00.0230 3112 mssmbios - ok 20:25:00.0292 3112 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys 20:25:00.0370 3112 MSTEE - ok 20:25:00.0386 3112 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys 20:25:00.0417 3112 MTConfig - ok 20:25:00.0464 3112 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys 20:25:00.0479 3112 Mup - ok 20:25:00.0511 3112 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll 20:25:00.0557 3112 napagent - ok 20:25:00.0589 3112 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys 20:25:00.0620 3112 NativeWifiP - ok 20:25:00.0667 3112 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys 20:25:00.0698 3112 NDIS - ok 20:25:00.0698 3112 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys 20:25:00.0729 3112 NdisCap - ok 20:25:00.0745 3112 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys 20:25:00.0776 3112 NdisTapi - ok 20:25:00.0791 3112 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys 20:25:00.0838 3112 Ndisuio - ok 20:25:00.0869 3112 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys 20:25:00.0901 3112 NdisWan - ok 20:25:00.0916 3112 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys 20:25:00.0947 3112 NDProxy - ok 20:25:00.0947 3112 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys 20:25:00.0994 3112 NetBIOS - ok 20:25:01.0025 3112 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys 20:25:01.0057 3112 NetBT - ok 20:25:01.0088 3112 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:25:01.0103 3112 Netlogon - ok 20:25:01.0135 3112 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll 20:25:01.0166 3112 Netman - ok 20:25:01.0197 3112 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll 20:25:01.0228 3112 netprofm - ok 20:25:01.0291 3112 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 20:25:01.0291 3112 NetTcpPortSharing - ok 20:25:01.0306 3112 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys 20:25:01.0306 3112 nfrd960 - ok 20:25:01.0337 3112 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll 20:25:01.0384 3112 NlaSvc - ok 20:25:01.0400 3112 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys 20:25:01.0431 3112 Npfs - ok 20:25:01.0447 3112 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll 20:25:01.0478 3112 nsi - ok 20:25:01.0509 3112 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys 20:25:01.0525 3112 nsiproxy - ok 20:25:01.0634 3112 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys 20:25:01.0681 3112 Ntfs - ok 20:25:01.0774 3112 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys 20:25:01.0805 3112 Null - ok 20:25:01.0852 3112 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys 20:25:01.0868 3112 nvraid - ok 20:25:01.0899 3112 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys 20:25:01.0899 3112 nvstor - ok 20:25:01.0930 3112 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys 20:25:01.0930 3112 nv_agp - ok 20:25:01.0961 3112 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys 20:25:01.0977 3112 ohci1394 - ok 20:25:02.0102 3112 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:25:02.0102 3112 ose - ok 20:25:02.0367 3112 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:25:02.0461 3112 osppsvc - ok 20:25:02.0570 3112 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:25:02.0585 3112 p2pimsvc - ok 20:25:02.0617 3112 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll 20:25:02.0648 3112 p2psvc - ok 20:25:02.0695 3112 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys 20:25:02.0710 3112 Parport - ok 20:25:02.0741 3112 Partizan - ok 20:25:02.0788 3112 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys 20:25:02.0788 3112 partmgr - ok 20:25:02.0819 3112 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll 20:25:02.0851 3112 PcaSvc - ok 20:25:02.0882 3112 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys 20:25:02.0882 3112 pci - ok 20:25:02.0897 3112 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys 20:25:02.0897 3112 pciide - ok 20:25:02.0929 3112 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys 20:25:02.0944 3112 pcmcia - ok 20:25:02.0960 3112 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys 20:25:02.0960 3112 pcw - ok 20:25:03.0022 3112 pdfcDispatcher - ok 20:25:03.0053 3112 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys 20:25:03.0116 3112 PEAUTH - ok 20:25:03.0178 3112 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe 20:25:03.0194 3112 PerfHost - ok 20:25:03.0287 3112 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll 20:25:03.0334 3112 pla - ok 20:25:03.0381 3112 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll 20:25:03.0412 3112 PlugPlay - ok 20:25:03.0428 3112 PnkBstrA - ok 20:25:03.0443 3112 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll 20:25:03.0475 3112 PNRPAutoReg - ok 20:25:03.0506 3112 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll 20:25:03.0521 3112 PNRPsvc - ok 20:25:03.0537 3112 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll 20:25:03.0568 3112 PolicyAgent - ok 20:25:03.0584 3112 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll 20:25:03.0631 3112 Power - ok 20:25:03.0693 3112 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys 20:25:03.0724 3112 PptpMiniport - ok 20:25:03.0755 3112 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys 20:25:03.0787 3112 Processor - ok 20:25:03.0818 3112 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll 20:25:03.0849 3112 ProfSvc - ok 20:25:03.0880 3112 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:25:03.0880 3112 ProtectedStorage - ok 20:25:03.0911 3112 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys 20:25:03.0943 3112 Psched - ok 20:25:03.0974 3112 PxHlpa64 (4712cc14e720ecccc0aa16949d18aaf1) C:\Windows\system32\Drivers\PxHlpa64.sys 20:25:03.0974 3112 PxHlpa64 - ok 20:25:04.0052 3112 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys 20:25:04.0099 3112 ql2300 - ok 20:25:04.0177 3112 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys 20:25:04.0192 3112 ql40xx - ok 20:25:04.0208 3112 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll 20:25:04.0239 3112 QWAVE - ok 20:25:04.0255 3112 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys 20:25:04.0270 3112 QWAVEdrv - ok 20:25:04.0270 3112 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys 20:25:04.0301 3112 RasAcd - ok 20:25:04.0333 3112 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys 20:25:04.0364 3112 RasAgileVpn - ok 20:25:04.0364 3112 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll 20:25:04.0411 3112 RasAuto - ok 20:25:04.0442 3112 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys 20:25:04.0473 3112 Rasl2tp - ok 20:25:04.0520 3112 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll 20:25:04.0551 3112 RasMan - ok 20:25:04.0567 3112 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys 20:25:04.0598 3112 RasPppoe - ok 20:25:04.0613 3112 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys 20:25:04.0645 3112 RasSstp - ok 20:25:04.0660 3112 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys 20:25:04.0691 3112 rdbss - ok 20:25:04.0707 3112 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys 20:25:04.0707 3112 rdpbus - ok 20:25:04.0738 3112 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys 20:25:04.0754 3112 RDPCDD - ok 20:25:04.0769 3112 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys 20:25:04.0816 3112 RDPENCDD - ok 20:25:04.0832 3112 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys 20:25:04.0847 3112 RDPREFMP - ok 20:25:04.0894 3112 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys 20:25:04.0910 3112 RDPWD - ok 20:25:04.0941 3112 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys 20:25:04.0957 3112 rdyboost - ok 20:25:04.0988 3112 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll 20:25:05.0019 3112 RemoteAccess - ok 20:25:05.0050 3112 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll 20:25:05.0066 3112 RemoteRegistry - ok 20:25:05.0159 3112 RoxioNow Service (c1568e17039b2ec2b73a4f880ddd51e5) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe 20:25:05.0175 3112 RoxioNow Service - ok 20:25:05.0191 3112 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll 20:25:05.0237 3112 RpcEptMapper - ok 20:25:05.0269 3112 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe 20:25:05.0284 3112 RpcLocator - ok 20:25:05.0331 3112 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll 20:25:05.0362 3112 RpcSs - ok 20:25:05.0503 3112 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys 20:25:05.0534 3112 rspndr - ok 20:25:05.0596 3112 RTL8167 (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys 20:25:05.0596 3112 RTL8167 - ok 20:25:05.0627 3112 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:25:05.0627 3112 SamSs - ok 20:25:05.0705 3112 SASDIFSV (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 20:25:05.0721 3112 SASDIFSV - ok 20:25:05.0721 3112 SASKUTIL (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 20:25:05.0721 3112 SASKUTIL - ok 20:25:05.0768 3112 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys 20:25:05.0768 3112 sbp2port - ok 20:25:05.0939 3112 SBSDWSCService (794d4b48dfb6e999537c7c3947863463) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe 20:25:05.0971 3112 SBSDWSCService - ok 20:25:05.0986 3112 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll 20:25:06.0017 3112 SCardSvr - ok 20:25:06.0049 3112 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys 20:25:06.0095 3112 scfilter - ok 20:25:06.0173 3112 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll 20:25:06.0236 3112 Schedule - ok 20:25:06.0267 3112 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll 20:25:06.0298 3112 SCPolicySvc - ok 20:25:06.0314 3112 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll 20:25:06.0361 3112 SDRSVC - ok 20:25:06.0392 3112 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys 20:25:06.0407 3112 secdrv - ok 20:25:06.0439 3112 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll 20:25:06.0470 3112 seclogon - ok 20:25:06.0470 3112 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\system32\sens.dll 20:25:06.0517 3112 SENS - ok 20:25:06.0532 3112 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll 20:25:06.0548 3112 SensrSvc - ok 20:25:06.0563 3112 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys 20:25:06.0579 3112 Serenum - ok 20:25:06.0595 3112 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys 20:25:06.0595 3112 Serial - ok 20:25:06.0657 3112 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys 20:25:06.0673 3112 sermouse - ok 20:25:06.0735 3112 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll 20:25:06.0766 3112 SessionEnv - ok 20:25:06.0797 3112 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys 20:25:06.0829 3112 sffdisk - ok 20:25:06.0844 3112 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys 20:25:06.0844 3112 sffp_mmc - ok 20:25:06.0844 3112 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys 20:25:06.0875 3112 sffp_sd - ok 20:25:06.0875 3112 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys 20:25:06.0907 3112 sfloppy - ok 20:25:06.0969 3112 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll 20:25:07.0016 3112 SharedAccess - ok 20:25:07.0063 3112 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll 20:25:07.0094 3112 ShellHWDetection - ok 20:25:07.0094 3112 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys 20:25:07.0109 3112 SiSRaid2 - ok 20:25:07.0109 3112 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys 20:25:07.0125 3112 SiSRaid4 - ok 20:25:07.0359 3112 Skype C2C Service (0f97e7a47a52f4a36969f0fc319654c2) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 20:25:07.0453 3112 Skype C2C Service - ok 20:25:07.0531 3112 SkypeUpdate (f07af60b152221472fbdb2fecec4896d) C:\Program Files (x86)\Skype\Updater\Updater.exe 20:25:07.0531 3112 SkypeUpdate - ok 20:25:07.0624 3112 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys 20:25:07.0640 3112 Smb - ok 20:25:07.0671 3112 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe 20:25:07.0671 3112 SNMPTRAP - ok 20:25:07.0687 3112 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys 20:25:07.0702 3112 spldr - ok 20:25:07.0733 3112 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe 20:25:07.0765 3112 Spooler - ok 20:25:07.0936 3112 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe 20:25:08.0030 3112 sppsvc - ok 20:25:08.0092 3112 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll 20:25:08.0139 3112 sppuinotify - ok 20:25:08.0217 3112 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys 20:25:08.0264 3112 srv - ok 20:25:08.0280 3112 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys 20:25:08.0295 3112 srv2 - ok 20:25:08.0311 3112 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys 20:25:08.0326 3112 srvnet - ok 20:25:08.0342 3112 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll 20:25:08.0373 3112 SSDPSRV - ok 20:25:08.0373 3112 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll 20:25:08.0404 3112 SstpSvc - ok 20:25:08.0498 3112 Steam Client Service - ok 20:25:08.0529 3112 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys 20:25:08.0529 3112 stexstor - ok 20:25:08.0592 3112 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll 20:25:08.0623 3112 stisvc - ok 20:25:08.0654 3112 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys 20:25:08.0654 3112 swenum - ok 20:25:08.0685 3112 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll 20:25:08.0732 3112 swprv - ok 20:25:08.0826 3112 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll 20:25:08.0872 3112 SysMain - ok 20:25:08.0966 3112 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll 20:25:08.0982 3112 TabletInputService - ok 20:25:08.0997 3112 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll 20:25:09.0044 3112 TapiSrv - ok 20:25:09.0060 3112 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll 20:25:09.0091 3112 TBS - ok 20:25:09.0216 3112 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys 20:25:09.0262 3112 Tcpip - ok 20:25:09.0387 3112 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys 20:25:09.0418 3112 TCPIP6 - ok 20:25:09.0496 3112 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys 20:25:09.0543 3112 tcpipreg - ok 20:25:09.0574 3112 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys 20:25:09.0606 3112 TDPIPE - ok 20:25:09.0621 3112 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys 20:25:09.0652 3112 TDTCP - ok 20:25:09.0684 3112 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys 20:25:09.0699 3112 tdx - ok 20:25:09.0730 3112 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys 20:25:09.0730 3112 TermDD - ok 20:25:09.0777 3112 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll 20:25:09.0840 3112 TermService - ok 20:25:09.0871 3112 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll 20:25:09.0886 3112 Themes - ok 20:25:09.0918 3112 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll 20:25:09.0933 3112 THREADORDER - ok 20:25:09.0949 3112 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll 20:25:09.0980 3112 TrkWks - ok 20:25:10.0027 3112 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe 20:25:10.0074 3112 TrustedInstaller - ok 20:25:10.0105 3112 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys 20:25:10.0136 3112 tssecsrv - ok 20:25:10.0183 3112 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys 20:25:10.0214 3112 TsUsbFlt - ok 20:25:10.0230 3112 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys 20:25:10.0276 3112 tunnel - ok 20:25:10.0292 3112 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys 20:25:10.0308 3112 uagp35 - ok 20:25:10.0323 3112 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys 20:25:10.0370 3112 udfs - ok 20:25:10.0386 3112 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe 20:25:10.0401 3112 UI0Detect - ok 20:25:10.0432 3112 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys 20:25:10.0432 3112 uliagpkx - ok 20:25:10.0464 3112 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys 20:25:10.0495 3112 umbus - ok 20:25:10.0495 3112 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys 20:25:10.0510 3112 UmPass - ok 20:25:10.0542 3112 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll 20:25:10.0588 3112 upnphost - ok 20:25:10.0666 3112 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys 20:25:10.0698 3112 usbaudio - ok 20:25:10.0729 3112 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys 20:25:10.0760 3112 usbccgp - ok 20:25:10.0776 3112 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys 20:25:10.0791 3112 usbcir - ok 20:25:10.0807 3112 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys 20:25:10.0838 3112 usbehci - ok 20:25:10.0885 3112 usbfilter (2c780746dc44a28fe67004dc58173f05) C:\Windows\system32\DRIVERS\usbfilter.sys 20:25:10.0885 3112 usbfilter - ok 20:25:10.0916 3112 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys 20:25:10.0932 3112 usbhub - ok 20:25:10.0963 3112 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys 20:25:10.0978 3112 usbohci - ok 20:25:10.0994 3112 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys 20:25:11.0010 3112 usbprint - ok 20:25:11.0041 3112 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:25:11.0056 3112 USBSTOR - ok 20:25:11.0072 3112 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys 20:25:11.0103 3112 usbuhci - ok 20:25:11.0119 3112 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys 20:25:11.0134 3112 usbvideo - ok 20:25:11.0150 3112 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll 20:25:11.0181 3112 UxSms - ok 20:25:11.0197 3112 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe 20:25:11.0212 3112 VaultSvc - ok 20:25:11.0228 3112 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys 20:25:11.0228 3112 vdrvroot - ok 20:25:11.0275 3112 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe 20:25:11.0322 3112 vds - ok 20:25:11.0337 3112 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys 20:25:11.0353 3112 vga - ok 20:25:11.0368 3112 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys 20:25:11.0400 3112 VgaSave - ok 20:25:11.0415 3112 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys 20:25:11.0431 3112 vhdmp - ok 20:25:11.0431 3112 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys 20:25:11.0446 3112 viaide - ok 20:25:11.0462 3112 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys 20:25:11.0462 3112 volmgr - ok 20:25:11.0509 3112 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys 20:25:11.0524 3112 volmgrx - ok 20:25:11.0556 3112 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys 20:25:11.0556 3112 volsnap - ok 20:25:11.0587 3112 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys 20:25:11.0587 3112 vsmraid - ok 20:25:11.0680 3112 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe 20:25:11.0758 3112 VSS - ok 20:25:11.0852 3112 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys 20:25:11.0868 3112 vwifibus - ok 20:25:11.0914 3112 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll 20:25:11.0946 3112 W32Time - ok 20:25:11.0946 3112 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys 20:25:11.0961 3112 WacomPen - ok 20:25:11.0992 3112 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:25:12.0024 3112 WANARP - ok 20:25:12.0024 3112 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys 20:25:12.0055 3112 Wanarpv6 - ok 20:25:12.0148 3112 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe 20:25:12.0195 3112 WatAdminSvc - ok 20:25:12.0258 3112 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe 20:25:12.0320 3112 wbengine - ok 20:25:12.0382 3112 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll 20:25:12.0398 3112 WbioSrvc - ok 20:25:12.0414 3112 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll 20:25:12.0460 3112 wcncsvc - ok 20:25:12.0492 3112 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll 20:25:12.0507 3112 WcsPlugInService - ok 20:25:12.0554 3112 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys 20:25:12.0554 3112 Wd - ok 20:25:12.0601 3112 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys 20:25:12.0616 3112 Wdf01000 - ok 20:25:12.0616 3112 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:25:12.0679 3112 WdiServiceHost - ok 20:25:12.0679 3112 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll 20:25:12.0694 3112 WdiSystemHost - ok 20:25:12.0726 3112 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll 20:25:12.0757 3112 WebClient - ok 20:25:12.0772 3112 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll 20:25:12.0819 3112 Wecsvc - ok 20:25:12.0835 3112 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll 20:25:12.0882 3112 wercplsupport - ok 20:25:12.0897 3112 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll 20:25:12.0928 3112 WerSvc - ok 20:25:12.0960 3112 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys 20:25:12.0975 3112 WfpLwf - ok 20:25:12.0991 3112 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys 20:25:12.0991 3112 WIMMount - ok 20:25:13.0069 3112 WinDefend - ok 20:25:13.0194 3112 WindowBlinds (97c7f30787a30cfa760b0247631a5463) C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe 20:25:13.0194 3112 WindowBlinds - ok 20:25:13.0225 3112 WinHttpAutoProxySvc - ok 20:25:13.0287 3112 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll 20:25:13.0318 3112 Winmgmt - ok 20:25:13.0412 3112 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll 20:25:13.0506 3112 WinRM - ok 20:25:13.0599 3112 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys 20:25:13.0615 3112 WinUsb - ok 20:25:13.0677 3112 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll 20:25:13.0708 3112 Wlansvc - ok 20:25:13.0755 3112 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys 20:25:13.0786 3112 WmiAcpi - ok 20:25:13.0818 3112 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe 20:25:13.0833 3112 wmiApSrv - ok 20:25:13.0896 3112 WMPNetworkSvc - ok 20:25:13.0896 3112 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll 20:25:13.0927 3112 WPCSvc - ok 20:25:13.0958 3112 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll 20:25:13.0958 3112 WPDBusEnum - ok 20:25:13.0989 3112 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys 20:25:14.0020 3112 ws2ifsl - ok 20:25:14.0036 3112 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll 20:25:14.0067 3112 wscsvc - ok 20:25:14.0067 3112 WSearch - ok 20:25:14.0223 3112 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll 20:25:14.0270 3112 wuauserv - ok 20:25:14.0379 3112 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys 20:25:14.0426 3112 WudfPf - ok 20:25:14.0457 3112 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys 20:25:14.0504 3112 WUDFRd - ok 20:25:14.0520 3112 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll 20:25:14.0551 3112 wudfsvc - ok 20:25:14.0566 3112 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll 20:25:14.0598 3112 WwanSvc - ok 20:25:14.0738 3112 X6va005 - ok 20:25:14.0878 3112 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe 20:25:14.0894 3112 YahooAUService - ok 20:25:14.0910 3112 MBR (0x1B8) (acbc6d903dd671a9c04bd36c21bfb0d6) \Device\Harddisk0\DR0 20:25:15.0144 3112 \Device\Harddisk0\DR0 - ok 20:25:15.0144 3112 MBR (0x1B8) (ddae9d649db12f6aff24483f2c298989) \Device\Harddisk1\DR1 20:25:15.0300 3112 \Device\Harddisk1\DR1 - ok 20:25:15.0331 3112 Boot (0x1200) (c136cf71e4afc97ced0318f51f9ed30e) \Device\Harddisk0\DR0\Partition0 20:25:15.0331 3112 \Device\Harddisk0\DR0\Partition0 - ok 20:25:15.0346 3112 Boot (0x1200) (804e20028b5cb1e2caf452fee4816788) \Device\Harddisk0\DR0\Partition1 20:25:15.0346 3112 \Device\Harddisk0\DR0\Partition1 - ok 20:25:15.0378 3112 Boot (0x1200) (5879efd110404aa15293a094fcb19b20) \Device\Harddisk0\DR0\Partition2 20:25:15.0378 3112 \Device\Harddisk0\DR0\Partition2 - ok 20:25:15.0378 3112 Boot (0x1200) (deada681950d76964f8d65d866122dd6) \Device\Harddisk1\DR1\Partition0 20:25:15.0378 3112 \Device\Harddisk1\DR1\Partition0 - ok 20:25:15.0378 3112 ============================================================ 20:25:15.0378 3112 Scan finished 20:25:15.0378 3112 ============================================================ 20:25:15.0393 0644 Detected object count: 0 20:25:15.0393 0644 Actual detected object count: 0
  8. Alright here is the log. Checked firefox, still getting redirected from Google, usually to some site named "Scour" Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 13-08-2012 Ran by SYSTEM at 2012-08-13 20:08:20 Run:1 Running from G:\ ============================================== C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd} moved successfully. C:\Users\James\AppData\Local\{423c4741-bf68-5fac-d4a9-43884add6edd} not found. ==== End of Fixlog ====
  9. Thanks MrC, just a quick question before I do this, I don't want to mess anything up. Once the system recovery options come up, am choosing command prompt, and basically following the same procedure as I did before?
  10. Scan result of Farbar Recovery Scan Tool Version: 13-08-2012 Ran by SYSTEM at 13-08-2012 16:51:18 Running from G:\ Windows 7 Home Premium (X64) OS Language: English(US) The current controlset is ControlSet002 ========================== Registry (Whitelisted) ============= HKLM\...\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM-x32\...\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard) HKLM-x32\...\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [641704 2012-06-11] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml [20992 2012-03-19] () Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 Startup: C:\Users\James\Start Menu\Programs\Startup\Stardock ObjectDock.lnk ShortcutTarget: Stardock ObjectDock.lnk -> C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe (Stardock) Startup: C:\Users\James\Start Menu\Programs\Startup\_uninst_29827324.lnk ShortcutTarget: _uninst_29827324.lnk -> (No File) ==================== Services (Whitelisted) ====== 2 !SASCORE; "C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE" [140672 2011-08-11] (SUPERAntiSpyware.com) 2 AODService; C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [136616 2011-10-13] () 2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-08-08] () 2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 WindowBlinds; C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe [337144 2009-06-04] (Stardock Corporation) ========================== Drivers (Whitelisted) ============= 2 AODDriver4.01; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) 3 CamSuiteVAC; C:\Windows\System32\Drivers\CamSuiteVAC.sys [56320 2008-09-18] () 1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com) 3 catchme; \??\C:\ComboFix\catchme.sys [x] 3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x] 0 Partizan; C:\Windows\System32\drivers\Partizan.sys [x] 3 X6va005; \??\C:\Users\James\AppData\Local\Temp\005ABAC.tmp [x] ========================== NetSvcs (Whitelisted) =========== ============ One Month Created Files and Folders ============== 2012-08-13 10:53 - 2012-08-13 10:53 - 00607260 ____R (Swearware) C:\Users\James\Downloads\dds.scr 2012-08-13 09:00 - 2012-08-13 09:00 - 00000752 ____A C:\Users\James\Desktop\RKreport[3].txt 2012-08-13 08:59 - 2012-08-13 08:59 - 00000736 ____A C:\Users\James\Desktop\RKreport[2].txt 2012-08-13 08:58 - 2012-08-13 08:58 - 00002984 ____A C:\Users\James\Desktop\RKreport[1].txt 2012-08-13 08:57 - 2012-08-13 08:58 - 00000000 ____D C:\Users\James\Desktop\RK_Quarantine 2012-08-13 07:53 - 2012-08-13 07:53 - 00000000 ____D C:\Users\All Users\Kaspersky Lab 2012-08-13 07:24 - 2012-08-13 07:24 - 00000000 ____D C:\TDSSKiller_Quarantine 2012-08-13 05:05 - 2012-08-13 05:24 - 00003620 ____A C:\Users\James\Desktop\unhide.txt 2012-08-13 05:01 - 2012-08-13 05:01 - 00002230 ____A C:\Users\James\Desktop\Rkill.txt 2012-08-13 05:01 - 2012-08-13 05:01 - 00000000 ____D C:\Users\James\Desktop\rkill-backup 2012-08-13 04:49 - 2012-08-13 04:49 - 00000896 ____A C:\Users\All Users\chwoaaa.tmp 2012-08-13 03:52 - 2012-08-13 03:52 - 00000912 ____A C:\Users\All Users\bczvaaa.tmp 2012-08-12 19:53 - 2012-05-31 08:25 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-08-12 19:38 - 2012-08-12 19:38 - 00026429 ____A C:\ComboFix.txt 2012-08-12 19:10 - 2011-06-25 22:45 - 00256000 ____A C:\Windows\PEV.exe 2012-08-12 19:10 - 2010-11-07 09:20 - 00208896 ____A C:\Windows\MBR.exe 2012-08-12 19:10 - 2009-04-19 20:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe 2012-08-12 19:10 - 2000-08-30 16:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe 2012-08-12 19:10 - 2000-08-30 16:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe 2012-08-12 19:10 - 2000-08-30 16:00 - 00098816 ____A C:\Windows\sed.exe 2012-08-12 19:10 - 2000-08-30 16:00 - 00080412 ____A C:\Windows\grep.exe 2012-08-12 19:10 - 2000-08-30 16:00 - 00068096 ____A C:\Windows\zip.exe 2012-08-12 19:06 - 2012-08-12 19:38 - 00000000 ____D C:\Qoobox 2012-08-12 16:45 - 2012-08-12 16:44 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-12 16:45 - 2012-08-12 16:44 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-12 16:45 - 2012-08-12 16:44 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-12 16:44 - 2012-08-12 16:44 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-12 16:44 - 2012-08-12 16:44 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-12 16:44 - 2012-08-12 16:44 - 00000000 ____D C:\Program Files\Java 2012-08-12 16:43 - 2012-08-12 16:44 - 21869552 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u5-windows-x64.exe 2012-08-12 08:32 - 2012-08-12 09:15 - 00000000 ____D C:\Users\James\DoctorWeb 2012-08-12 08:15 - 2012-08-12 08:15 - 00000000 ____D C:\Users\James\AppData\Roaming\RegClean 2012-08-12 08:08 - 2012-08-12 08:08 - 00001333 ____A C:\Users\Public\Desktop\FixBrowserRedirect Registry Cleaner.lnk 2012-08-12 08:08 - 2012-08-12 08:08 - 00000000 ____D C:\Program Files (x86)\FixBrowserRedirect Registry Cleaner 2012-08-12 08:06 - 2012-08-12 08:06 - 00000000 ____D C:\Program Files (x86)\RealNetworks 2012-08-12 07:28 - 2012-08-12 07:28 - 00000000 ____D C:\Windows\pss 2012-08-12 03:56 - 2012-08-12 03:56 - 00000000 ____D C:\Program Files (x86)\ESET 2012-08-11 21:09 - 2012-08-13 12:39 - 00074012 ____A C:\Windows\WindowsUpdate.log 2012-08-11 21:06 - 2012-08-13 07:17 - 00008042 ____A C:\Windows\PFRO.log 2012-08-11 21:00 - 2012-08-13 12:36 - 00001634 ____A C:\Windows\setupact.log 2012-08-11 21:00 - 2012-08-11 21:00 - 00000000 ____A C:\Windows\setuperr.log 2012-08-11 20:31 - 2012-08-12 19:33 - 00000000 ____D C:\Windows\ERDNT 2012-08-11 20:02 - 2012-08-11 20:03 - 00060716 ____A C:\Users\James\Documents\cc_20120812_000243.reg 2012-08-11 19:49 - 2012-08-11 19:49 - 00000000 __SHD C:\Windows\System32\%APPDATA% 2012-08-11 15:17 - 2012-08-12 22:00 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 37de7dab-f017-4c50-9864-0fa4ed66fd7f.job 2012-08-11 15:17 - 2012-08-12 15:17 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5830d916-ed80-4518-b09b-f947fbea5bf6.job 2012-08-11 15:17 - 2012-08-11 15:17 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-11 15:17 - 2012-08-11 15:17 - 00000000 ____D C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 15:17 - 2012-08-11 15:17 - 00000000 ____D C:\Users\All Users\SUPERAntiSpyware.com 2012-08-11 15:17 - 2012-08-11 15:17 - 00000000 ____D C:\Program Files\SUPERAntiSpyware 2012-08-11 15:01 - 2012-08-11 15:01 - 00015316 ____A C:\Users\James\Downloads\hijackthis.log 2012-08-11 15:00 - 2012-08-11 15:00 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Downloads\HijackThis.exe 2012-08-11 14:53 - 2012-08-11 15:04 - 00000000 ____D C:\Program Files (x86)\UnHackMe 2012-08-11 14:53 - 2012-08-11 14:57 - 00000000 ____D C:\Users\James\Documents\RegRun2 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\winstart.bat 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2012-08-11 14:25 - 2012-08-11 20:01 - 00000000 ____D C:\Users\All Users\Spybot - Search & Destroy 2012-08-11 14:25 - 2012-08-11 14:27 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-11 14:25 - 2012-08-11 14:25 - 00001260 ____A C:\Users\James\Desktop\Spybot - Search & Destroy.lnk 2012-08-11 14:24 - 2012-08-11 14:25 - 16409960 ____A (Safer Networking Limited ) C:\Users\James\Downloads\spybotsd162.exe 2012-08-11 14:12 - 2012-08-11 14:12 - 00000000 __SHD C:\Windows\SysWOW64\%APPDATA% 2012-08-11 13:58 - 2012-08-11 13:58 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\James\Desktop\iexplore.exe.exe 2012-08-11 13:51 - 2012-08-11 13:51 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.com 2012-08-11 13:51 - 2012-08-11 13:51 - 00555936 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill64.com 2012-08-11 09:55 - 2012-08-11 09:55 - 00000000 ____D C:\Users\James\AppData\Local\visi_coupon 2012-08-11 08:38 - 2012-08-11 18:56 - 00000000 ____D C:\Users\James\AppData\Roaming\Etvydi 2012-08-08 14:47 - 2012-08-08 14:58 - 00000000 ____D C:\Users\James\Desktop\derp 2012-08-01 19:02 - 2012-08-01 19:02 - 00000000 ____D C:\Users\All Users\ATI 2012-08-01 19:02 - 2012-08-01 19:02 - 00000000 ____D C:\Program Files (x86)\AMD AVT 2012-08-01 19:02 - 2012-08-01 19:02 - 00000000 ____D C:\Program Files (x86)\AMD APP 2012-07-28 07:13 - 2012-08-13 11:34 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-07-27 23:04 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-07-27 10:01 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-07-27 10:01 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-07-27 10:01 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-07-27 10:01 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-07-27 10:01 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-07-27 10:01 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-07-27 10:01 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-07-27 10:01 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-07-27 10:01 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-07-27 10:01 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-07-27 10:01 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-07-27 10:01 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-07-27 10:01 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-07-27 10:01 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-07-27 10:01 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-07-27 10:01 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-07-27 10:01 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-07-27 10:01 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll 2012-07-27 10:01 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll ============ 3 Months Modified Files ======================== 2012-08-13 12:39 - 2012-08-11 21:09 - 00074012 ____A C:\Windows\WindowsUpdate.log 2012-08-13 12:39 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2012-08-13 12:39 - 2009-07-13 20:45 - 00015792 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2012-08-13 12:36 - 2012-08-11 21:00 - 00001634 ____A C:\Windows\setupact.log 2012-08-13 12:36 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-08-13 12:21 - 2009-07-13 21:13 - 00730274 ____A C:\Windows\System32\PerfStringBackup.INI 2012-08-13 11:34 - 2012-07-28 07:13 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2012-08-13 10:53 - 2012-08-13 10:53 - 00607260 ____R (Swearware) C:\Users\James\Downloads\dds.scr 2012-08-13 09:00 - 2012-08-13 09:00 - 00000752 ____A C:\Users\James\Desktop\RKreport[3].txt 2012-08-13 08:59 - 2012-08-13 08:59 - 00000736 ____A C:\Users\James\Desktop\RKreport[2].txt 2012-08-13 08:58 - 2012-08-13 08:58 - 00002984 ____A C:\Users\James\Desktop\RKreport[1].txt 2012-08-13 07:17 - 2012-08-11 21:06 - 00008042 ____A C:\Windows\PFRO.log 2012-08-13 05:24 - 2012-08-13 05:05 - 00003620 ____A C:\Users\James\Desktop\unhide.txt 2012-08-13 05:01 - 2012-08-13 05:01 - 00002230 ____A C:\Users\James\Desktop\Rkill.txt 2012-08-13 04:49 - 2012-08-13 04:49 - 00000896 ____A C:\Users\All Users\chwoaaa.tmp 2012-08-13 03:52 - 2012-08-13 03:52 - 00000912 ____A C:\Users\All Users\bczvaaa.tmp 2012-08-12 22:00 - 2012-08-11 15:17 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 37de7dab-f017-4c50-9864-0fa4ed66fd7f.job 2012-08-12 19:38 - 2012-08-12 19:38 - 00026429 ____A C:\ComboFix.txt 2012-08-12 19:33 - 2012-01-16 08:21 - 00000027 ____A C:\Windows\System32\Drivers\etc\hosts.old 2012-08-12 19:33 - 2009-07-13 18:34 - 00000215 ____A C:\Windows\system.ini 2012-08-12 16:44 - 2012-08-12 16:45 - 00955888 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2012-08-12 16:44 - 2012-08-12 16:45 - 00839152 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2012-08-12 16:44 - 2012-08-12 16:45 - 00268784 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2012-08-12 16:44 - 2012-08-12 16:44 - 00189424 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2012-08-12 16:44 - 2012-08-12 16:44 - 00188912 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2012-08-12 16:44 - 2012-08-12 16:43 - 21869552 ____A (Oracle Corporation) C:\Users\James\Downloads\jre-7u5-windows-x64.exe 2012-08-12 16:01 - 2011-05-24 03:29 - 00118128 ____A C:\Users\James\AppData\Local\GDIPFONTCACHEV1.DAT 2012-08-12 16:01 - 2009-07-13 20:45 - 04989824 ____A C:\Windows\System32\FNTCACHE.DAT 2012-08-12 15:17 - 2012-08-11 15:17 - 00000510 ____A C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 5830d916-ed80-4518-b09b-f947fbea5bf6.job 2012-08-12 08:08 - 2012-08-12 08:08 - 00001333 ____A C:\Users\Public\Desktop\FixBrowserRedirect Registry Cleaner.lnk 2012-08-11 21:00 - 2012-08-11 21:00 - 00000000 ____A C:\Windows\setuperr.log 2012-08-11 20:03 - 2012-08-11 20:02 - 00060716 ____A C:\Users\James\Documents\cc_20120812_000243.reg 2012-08-11 15:17 - 2012-08-11 15:17 - 00001810 ____A C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk 2012-08-11 15:01 - 2012-08-11 15:01 - 00015316 ____A C:\Users\James\Downloads\hijackthis.log 2012-08-11 15:00 - 2012-08-11 15:00 - 00388608 ____A (Trend Micro Inc.) C:\Users\James\Downloads\HijackThis.exe 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\winstart.bat 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\SysWOW64\CONFIG.NT 2012-08-11 14:53 - 2012-08-11 14:53 - 00000002 RASHOT C:\Windows\SysWOW64\AUTOEXEC.NT 2012-08-11 14:25 - 2012-08-11 14:25 - 00001260 ____A C:\Users\James\Desktop\Spybot - Search & Destroy.lnk 2012-08-11 14:25 - 2012-08-11 14:24 - 16409960 ____A (Safer Networking Limited ) C:\Users\James\Downloads\spybotsd162.exe 2012-08-11 13:58 - 2012-08-11 13:58 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\James\Desktop\iexplore.exe.exe 2012-08-11 13:51 - 2012-08-11 13:51 - 01051552 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill.com 2012-08-11 13:51 - 2012-08-11 13:51 - 00555936 ____A (Bleeping Computer, LLC) C:\Users\James\Downloads\rkill64.com 2012-08-10 15:00 - 2011-05-27 19:20 - 00000132 ____A C:\Users\James\AppData\Roaming\Adobe PNG Format CS5 Prefs 2012-08-09 11:46 - 2011-06-15 09:09 - 00000332 ____A C:\Windows\Tasks\HPCeeScheduleForJames.job 2012-08-08 14:58 - 2011-11-20 01:22 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.xtr 2012-08-08 14:58 - 2011-11-20 01:21 - 00283416 ____A C:\Windows\SysWOW64\PnkBstrB.exe 2012-08-08 14:50 - 2011-11-20 01:21 - 00189248 ____A C:\Windows\SysWOW64\PnkBstrB.ex0 2012-08-08 14:50 - 2011-11-20 01:21 - 00076888 ____A C:\Windows\SysWOW64\PnkBstrA.exe 2012-08-08 14:34 - 2011-05-25 08:31 - 00000052 ____A C:\Windows\SysWOW64\DOErrors.log 2012-08-02 16:34 - 2012-04-24 11:53 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2012-08-02 16:34 - 2011-05-24 05:57 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2012-07-27 23:01 - 2011-05-29 13:58 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-07-27 12:47 - 2011-06-24 12:26 - 00000342 ____A C:\Windows\Tasks\HPCeeScheduleForJAMES-HP$.job 2012-07-27 12:27 - 2011-11-23 19:02 - 00000000 ____A C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2012-07-03 09:46 - 2011-05-25 12:55 - 00024904 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-06-20 16:58 - 2012-06-20 16:58 - 01287528 ____A (Microsoft Corporation) C:\Users\James\Downloads\wlsetup-web(1).exe 2012-06-20 12:31 - 2012-06-20 12:31 - 00272896 ____A (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll 2012-06-20 12:31 - 2012-06-20 12:31 - 00198832 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll 2012-06-20 12:31 - 2012-06-20 12:31 - 00006656 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll 2012-06-20 12:31 - 2012-06-20 12:31 - 00005632 ____A (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll 2012-06-20 12:31 - 2010-09-21 15:52 - 00499712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll 2012-06-20 12:31 - 2010-09-21 15:52 - 00348160 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll 2012-06-20 12:30 - 2012-06-20 12:30 - 01238965 ____A C:\Users\James\Downloads\FlashPlayerSetup(1).exe 2012-06-20 12:28 - 2012-06-20 12:28 - 01238965 ____A C:\Users\James\Downloads\FlashPlayerSetup.exe 2012-06-11 19:08 - 2012-07-27 23:04 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2012-06-11 10:59 - 2012-06-11 10:59 - 10248192 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmdag.sys 2012-06-11 10:35 - 2012-06-11 10:35 - 00070144 ____A (AMD) C:\Windows\System32\coinst_8.98.dll 2012-06-11 10:29 - 2012-06-11 10:29 - 24826368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atio6axx.dll 2012-06-11 10:00 - 2012-06-11 10:00 - 20467712 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 16457728 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\amdocl64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00187392 ____A C:\Windows\System32\clinfo.exe 2012-06-11 09:50 - 2012-06-11 09:50 - 00075264 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OpenVideo64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00065024 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00063488 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\OVDecode64.dll 2012-06-11 09:50 - 2012-06-11 09:50 - 00056320 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll 2012-06-11 09:49 - 2012-06-11 09:49 - 13008896 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll 2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\SysWOW64\atiapfxx.blb 2012-06-11 09:26 - 2012-06-11 09:26 - 00263840 ____A C:\Windows\System32\atiapfxx.blb 2012-06-11 09:25 - 2012-06-11 09:25 - 00163840 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiapfxx.exe 2012-06-11 09:24 - 2012-06-11 09:24 - 00924160 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll 2012-06-11 09:23 - 2012-06-11 09:23 - 01090560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\aticfx64.dll 2012-06-11 09:20 - 2012-06-11 09:20 - 00442368 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\ATIDEMGX.dll 2012-06-11 09:19 - 2012-06-11 09:19 - 00532992 ____A (AMD) C:\Windows\System32\atieclxx.exe 2012-06-11 09:19 - 2012-06-11 09:19 - 00239616 ____A (AMD) C:\Windows\System32\atiesrxx.exe 2012-06-11 09:17 - 2012-06-11 09:17 - 00120320 ____A (AMD) C:\Windows\System32\atitmm64.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00059392 ____A (ATI Technologies, Inc.) C:\Windows\System32\atiedu64.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00043520 ____A (ATI Technologies, Inc.) C:\Windows\SysWOW64\ati2edxx.dll 2012-06-11 09:17 - 2012-06-11 09:17 - 00021504 ____A (AMD) C:\Windows\System32\atimuixx.dll 2012-06-11 09:16 - 2012-06-11 09:16 - 06301696 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll 2012-06-11 09:01 - 2012-06-11 09:01 - 06914560 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atidxx64.dll 2012-06-11 08:51 - 2012-06-11 08:51 - 04246528 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd6a.dll 2012-06-11 08:50 - 2012-06-11 08:50 - 02936864 ____A C:\Windows\System32\atiumd6a.cap 2012-06-11 08:45 - 2012-06-11 08:45 - 15703040 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticaldd64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 05480448 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00051200 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalrt64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00046080 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00044544 ____A (Advanced Micro Devices Inc.) C:\Windows\System32\aticalcl64.dll 2012-06-11 08:45 - 2012-06-11 08:45 - 00044032 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll 2012-06-11 08:43 - 2012-06-11 08:43 - 04729344 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll 2012-06-11 08:41 - 2012-06-11 08:41 - 02971136 ____A C:\Windows\SysWOW64\atiumdva.cap 2012-06-11 08:40 - 2012-06-11 08:40 - 13277696 ____A (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll 2012-06-11 08:36 - 2012-06-11 08:36 - 06605824 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiumd64.dll 2012-06-11 08:27 - 2012-06-11 08:27 - 00539136 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\atiadlxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00368640 ____A (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00367616 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\atikmpag.sys 2012-06-11 08:26 - 2012-06-11 08:26 - 00041984 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6txx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00033280 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00017920 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atig6pxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll 2012-06-11 08:26 - 2012-06-11 08:26 - 00014848 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiglpxx.dll 2012-06-11 08:25 - 2012-06-11 08:25 - 00045056 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiu9p64.dll 2012-06-11 08:25 - 2012-06-11 08:25 - 00042496 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll 2012-06-11 08:25 - 2010-11-08 10:16 - 00054784 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atiuxp64.dll 2012-06-11 08:24 - 2012-06-11 08:24 - 00053248 ____A (Advanced Micro Devices, Inc.) C:\Windows\System32\Drivers\ati2erec.dll 2012-06-11 08:24 - 2010-11-08 10:16 - 00032768 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056832 ____A (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\atimpc64.dll 2012-06-11 08:23 - 2012-06-11 08:23 - 00056320 ____A (Advanced Micro Devices, Inc. ) C:\Windows\System32\amdpcom64.dll 2012-06-08 21:43 - 2012-07-27 10:01 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2012-06-08 20:41 - 2012-07-27 10:01 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2012-06-05 22:06 - 2012-07-27 10:01 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll 2012-06-05 22:06 - 2012-07-27 10:01 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll 2012-06-05 22:02 - 2012-07-27 10:01 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll 2012-06-05 21:05 - 2012-07-27 10:01 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll 2012-06-05 21:05 - 2012-07-27 10:01 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll 2012-06-05 21:03 - 2012-07-27 10:01 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll 2012-06-02 14:19 - 2012-06-21 11:53 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll 2012-06-02 14:19 - 2012-06-21 11:53 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe 2012-06-02 14:19 - 2012-06-21 11:53 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll 2012-06-02 14:19 - 2012-06-21 11:52 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll 2012-06-02 14:19 - 2012-06-21 11:52 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll 2012-06-02 14:15 - 2012-06-21 11:53 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll 2012-06-02 14:15 - 2012-06-21 11:52 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll 2012-06-02 11:19 - 2012-06-21 11:52 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll 2012-06-02 11:15 - 2012-06-21 11:52 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe 2012-06-01 21:50 - 2012-07-27 10:01 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2012-06-01 21:48 - 2012-07-27 10:01 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2012-06-01 21:48 - 2012-07-27 10:01 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2012-06-01 21:45 - 2012-07-27 10:01 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll 2012-06-01 21:44 - 2012-07-27 10:01 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll 2012-06-01 20:40 - 2012-07-27 10:01 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2012-06-01 20:40 - 2012-07-27 10:01 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2012-06-01 20:39 - 2012-07-27 10:01 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2012-06-01 20:34 - 2012-07-27 10:01 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2012-05-31 08:25 - 2012-08-12 19:53 - 00279656 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe ZeroAccess: C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd} C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\L C:\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U ZeroAccess: C:\Users\James\AppData\Local\{423c4741-bf68-5fac-d4a9-43884add6edd} C:\Users\James\AppData\Local\{423c4741-bf68-5fac-d4a9-43884add6edd}\@ C:\Users\James\AppData\Local\{423c4741-bf68-5fac-d4a9-43884add6edd}\L C:\Users\James\AppData\Local\{423c4741-bf68-5fac-d4a9-43884add6edd}\U ========================= Known DLLs (Whitelisted) ============ ========================= Bamital & volsnap Check ============ C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll [2011-06-09 19:21] - [2010-11-20 04:08] - 0857600 ____A (Microsoft Corporation) 7FE01651B8F4804DE138B3C9CBAEE5D5 C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ========================= Memory info ====================== Percentage of memory in use: 12% Total physical RAM: 8191.29 MB Available physical RAM: 7174.45 MB Total Pagefile: 8189.43 MB Available Pagefile: 7152.47 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ======================= Partitions ========================= 1 Drive c: (OS) (Fixed) (Total:685.34 GB) (Free:406.2 GB) NTFS 2 Drive e: (HP_RECOVERY) (Fixed) (Total:13.2 GB) (Free:1.62 GB) NTFS ==>[system with boot components (obtained from reading drive)] 4 Drive g: () (Removable) (Total:3.74 GB) (Free:3.74 GB) FAT32 9 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 10 Drive y: (SYSTEM) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)] Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 698 GB 0 B Disk 1 Online 3840 MB 0 B Disk 2 No Media 0 B 0 B Disk 3 No Media 0 B 0 B Disk 4 No Media 0 B 0 B Disk 5 No Media 0 B 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 100 MB 1024 KB Partition 2 Primary 685 GB 101 MB Partition 3 Primary 13 GB 685 GB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y SYSTEM NTFS Partition 100 MB Healthy ================================================================================== Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C OS NTFS Partition 685 GB Healthy ================================================================================== Disk: 0 Partition 3 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E HP_RECOVERY NTFS Partition 13 GB Healthy ================================================================================== Partitions of Disk 1: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 3839 MB 572 KB ================================================================================== Disk: 1 Partition 1 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G FAT32 Removable 3839 MB Healthy ================================================================================== Last Boot: 2012-08-08 14:07 Ok MrC here are the 2 requested logs. Got my fingers crossed.Thanks again for the speedy response times.
  11. Man..this computer is only a few months old.. Well I don't have a flash drive atm, I'll reply back when I get one. Thanks for the help.
  12. Thanks for the help MrCharlie here are the requested logs: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by James at 14:54:27 on 2012-08-13 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.8191.6414 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\VistaSrv.exe C:\PROGRA~2\Stardock\OBJECT~2\WINDOW~1\WBVista.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\PDF Complete\pdfsvc.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Stardock\ObjectDockFree\Dock64.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\WUDFHost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\taskhost.exe C:\Windows\SysWoW64\svchost.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\rundll32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uURLSearchHooks: H - No File mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: SteadyVideoBHO Class: {6c680bae-655c-4e3d-8fc4-e6a520c3d928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File uRun: [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe" mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRunOnce: [GrpConv] grpconv -o StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STARDO~1.LNK - C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe StartupFolder: C:\Users\James\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\_UNINS~1.LNK - C:\Users\James\AppData\Local\Temp\_uninst_29827324.bat uPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: EnableLUA = 0 (0x0) IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll Trusted Zone: clonewarsadventures.com Trusted Zone: freerealms.com Trusted Zone: soe.com Trusted Zone: sony.com DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{A4286171-0EAF-4C4B-BA1A-78B963007670} : DhcpNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: ContributeBHO Class: {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll BHO-X64: AMD SteadyVideo BHO - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO-X64: SkypeIEPluginBHO - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: Contribute Toolbar: {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll TB-X64: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File mRun-x64: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml mRunOnce-x64: [GrpConv] grpconv -o . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\f1hqejoe.default\ FF - prefs.js: browser.startup.homepage - www.google.com FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll FF - plugin: C:\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\nphdplg.dll FF - plugin: C:\Users\James\AppData\Roaming\Mozilla\Firefox\Profiles\f1hqejoe.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . ============= SERVICES / DRIVERS =============== . R0 amd_sata;amd_sata;C:\Windows\system32\DRIVERS\amd_sata.sys --> C:\Windows\system32\DRIVERS\amd_sata.sys [?] R0 amd_xata;amd_xata;C:\Windows\system32\DRIVERS\amd_xata.sys --> C:\Windows\system32\DRIVERS\amd_xata.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-4-4 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-6-11 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-3-5 53888] R2 cpuz135;cpuz135;\??\C:\Windows\system32\drivers\cpuz135_x64.sys --> C:\Windows\system32\drivers\cpuz135_x64.sys [?] R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-2-21 8704] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-11-8 1119768] R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-9-11 399344] R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2012-8-11 1153368] R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 CamSuiteVAC;CamSuite Virtual Audio;C:\Windows\system32\DRIVERS\CamSuiteVAC.sys --> C:\Windows\system32\DRIVERS\CamSuiteVAC.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] RUnknown 0048461drv;0048461drv; [x] RUnknown 29827324;29827324; [x] S2 AODService;AODService;C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe [2011-10-14 136616] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-7-5 3048136] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-24 250056] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-25 113120] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-08-13 15:53:16 -------- d-----w- C:\ProgramData\Kaspersky Lab 2012-08-13 15:38:36 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AD53CF3-7E7D-4871-BBA5-979E1E38566F}\offreg.dll 2012-08-13 15:24:10 116016 ----a-w- C:\Windows\System32\drivers\96750925.sys 2012-08-13 15:24:09 -------- d-----w- C:\TDSSKiller_Quarantine 2012-08-13 12:49:38 896 ----a-w- C:\ProgramData\chwoaaa.tmp 2012-08-13 11:52:01 912 ----a-w- C:\ProgramData\bczvaaa.tmp 2012-08-13 03:53:26 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9AD53CF3-7E7D-4871-BBA5-979E1E38566F}\mpengine.dll 2012-08-13 03:53:26 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-08-13 03:33:24 -------- d-sh--w- C:\$RECYCLE.BIN 2012-08-13 03:10:18 98816 ----a-w- C:\Windows\sed.exe 2012-08-13 03:10:18 518144 ----a-w- C:\Windows\SWREG.exe 2012-08-13 03:10:18 256000 ----a-w- C:\Windows\PEV.exe 2012-08-13 03:10:18 208896 ----a-w- C:\Windows\MBR.exe 2012-08-13 00:45:06 955888 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-08-13 00:45:06 839152 ----a-w- C:\Windows\System32\deployJava1.dll 2012-08-12 16:32:27 -------- d-----w- C:\Users\James\DoctorWeb 2012-08-12 16:15:01 -------- d-----w- C:\Users\James\AppData\Roaming\RegClean 2012-08-12 16:08:49 -------- d-----w- C:\Program Files (x86)\FixBrowserRedirect Registry Cleaner 2012-08-12 16:06:54 -------- d-----w- C:\Program Files (x86)\RealNetworks 2012-08-12 15:28:13 -------- d-----w- C:\Windows\pss 2012-08-12 11:56:45 -------- d-----w- C:\Program Files (x86)\ESET 2012-08-12 03:49:33 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-08-11 23:17:16 -------- d-----w- C:\Users\James\AppData\Roaming\SUPERAntiSpyware.com 2012-08-11 23:17:11 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-08-11 23:17:11 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-08-11 22:53:44 2 --shatr- C:\Windows\winstart.bat 2012-08-11 22:53:39 -------- d-----w- C:\Program Files (x86)\UnHackMe 2012-08-11 22:25:49 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy 2012-08-11 22:25:49 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2012-08-11 22:12:29 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA% 2012-08-11 17:55:07 -------- d-----w- C:\Users\James\AppData\Local\visi_coupon 2012-08-11 16:38:13 -------- d-----w- C:\Users\James\AppData\Roaming\Etvydi 2012-08-02 03:02:28 -------- d-----w- C:\Program Files (x86)\AMD AVT 2012-08-02 03:02:22 -------- d-----w- C:\Program Files (x86)\AMD APP 2012-07-28 07:04:15 3148800 ----a-w- C:\Windows\System32\win32k.sys . ==================== Find3M ==================== . 2012-08-08 22:58:23 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2012-08-08 22:58:23 283416 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2012-08-08 22:50:33 189248 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-08-08 22:50:26 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2012-08-03 00:34:05 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-08-03 00:34:05 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-06-20 20:31:03 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll 2012-06-20 20:31:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll 2012-06-11 18:59:38 10248192 ----a-w- C:\Windows\System32\drivers\atikmdag.sys 2012-06-11 18:35:48 70144 ----a-w- C:\Windows\System32\coinst_8.98.dll 2012-06-11 18:29:34 24826368 ----a-w- C:\Windows\System32\atio6axx.dll 2012-06-11 18:00:32 20467712 ----a-w- C:\Windows\SysWow64\atioglxx.dll 2012-06-11 17:50:46 187392 ----a-w- C:\Windows\System32\clinfo.exe 2012-06-11 17:50:30 75264 ----a-w- C:\Windows\System32\OpenVideo64.dll 2012-06-11 17:50:24 65024 ----a-w- C:\Windows\SysWow64\OpenVideo.dll 2012-06-11 17:50:18 63488 ----a-w- C:\Windows\System32\OVDecode64.dll 2012-06-11 17:50:14 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll 2012-06-11 17:50:06 16457728 ----a-w- C:\Windows\System32\amdocl64.dll 2012-06-11 17:49:22 13008896 ----a-w- C:\Windows\SysWow64\amdocl.dll 2012-06-11 17:25:06 163840 ----a-w- C:\Windows\System32\atiapfxx.exe 2012-06-11 17:24:58 924160 ----a-w- C:\Windows\SysWow64\aticfx32.dll 2012-06-11 17:23:12 1090560 ----a-w- C:\Windows\System32\aticfx64.dll 2012-06-11 17:20:02 442368 ----a-w- C:\Windows\System32\ATIDEMGX.dll 2012-06-11 17:19:58 532992 ----a-w- C:\Windows\System32\atieclxx.exe 2012-06-11 17:19:14 239616 ----a-w- C:\Windows\System32\atiesrxx.exe 2012-06-11 17:17:56 120320 ----a-w- C:\Windows\System32\atitmm64.dll 2012-06-11 17:17:42 21504 ----a-w- C:\Windows\System32\atimuixx.dll 2012-06-11 17:17:38 59392 ----a-w- C:\Windows\System32\atiedu64.dll 2012-06-11 17:17:32 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll 2012-06-11 17:16:48 6301696 ----a-w- C:\Windows\SysWow64\atidxx32.dll 2012-06-11 17:01:56 6914560 ----a-w- C:\Windows\System32\atidxx64.dll 2012-06-11 16:51:54 4246528 ----a-w- C:\Windows\System32\atiumd6a.dll 2012-06-11 16:45:48 51200 ----a-w- C:\Windows\System32\aticalrt64.dll 2012-06-11 16:45:46 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll 2012-06-11 16:45:44 5480448 ----a-w- C:\Windows\SysWow64\atiumdag.dll 2012-06-11 16:45:40 44544 ----a-w- C:\Windows\System32\aticalcl64.dll 2012-06-11 16:45:38 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll 2012-06-11 16:45:26 15703040 ----a-w- C:\Windows\System32\aticaldd64.dll 2012-06-11 16:43:18 4729344 ----a-w- C:\Windows\SysWow64\atiumdva.dll 2012-06-11 16:40:58 13277696 ----a-w- C:\Windows\SysWow64\aticaldd.dll 2012-06-11 16:36:56 6605824 ----a-w- C:\Windows\System32\atiumd64.dll 2012-06-11 16:27:02 539136 ----a-w- C:\Windows\System32\atiadlxx.dll 2012-06-11 16:26:52 368640 ----a-w- C:\Windows\SysWow64\atiadlxy.dll 2012-06-11 16:26:40 17920 ----a-w- C:\Windows\System32\atig6pxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll 2012-06-11 16:26:36 14848 ----a-w- C:\Windows\System32\atiglpxx.dll 2012-06-11 16:26:30 41984 ----a-w- C:\Windows\System32\atig6txx.dll 2012-06-11 16:26:22 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll 2012-06-11 16:26:14 367616 ----a-w- C:\Windows\System32\drivers\atikmpag.sys 2012-06-11 16:25:20 54784 ----a-w- C:\Windows\System32\atiuxp64.dll 2012-06-11 16:25:12 42496 ----a-w- C:\Windows\SysWow64\atiuxpag.dll 2012-06-11 16:25:06 45056 ----a-w- C:\Windows\System32\atiu9p64.dll 2012-06-11 16:24:58 32768 ----a-w- C:\Windows\SysWow64\atiu9pag.dll 2012-06-11 16:24:24 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\atimpc64.dll 2012-06-11 16:23:18 56320 ----a-w- C:\Windows\System32\amdpcom64.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll 2012-06-11 16:23:10 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll . ============= FINISH: 14:55:01.16 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 5/24/2011 7:25:04 AM System Uptime: 8/13/2012 11:17:36 AM (3 hours ago) . Motherboard: FOXCONN | | 2AB1 Processor: AMD Athlon II X4 640 Processor | CPU 1 | 3000/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 685 GiB total, 406.295 GiB free. D: is FIXED (NTFS) - 13 GiB total, 1.623 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP129: 7/27/2012 4:26:29 PM - HPSF Restore Point RP130: 7/28/2012 3:00:12 AM - Windows Update RP131: 8/4/2012 3:26:45 PM - Scheduled Checkpoint RP132: 8/11/2012 6:57:28 PM - RegRun Virus Scan RP133: 8/12/2012 8:42:28 PM - Removed Java 6 Update 31 RP134: 8/12/2012 8:44:21 PM - Installed Java 7 Update 5 (64-bit) RP135: 8/13/2012 8:49:27 AM - Installed Microsoft Fix it 50267 . ==== Installed Programs ====================== . Ace of Spades Adobe Acrobat X Pro - English, Français, Deutsch Adobe AIR Adobe Community Help Adobe Content Viewer Adobe Creative Suite 5.5 Master Collection Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.3) Adobe Story Adobe Widget Browser Agama V-2050AF Agatha Christie - Peril at End House AIM 7 AMD OverDrive Beta AMD VISION Engine Control Center APB Reloaded Apple Application Support Apple Software Update Ask Toolbar Ask Toolbar Updater Battlefield: Bad Company 2 Bejeweled 2 Deluxe Bing Rewards Client Installer Blackhawk Striker 2 Blasterball 3 Blio Borderlands Bounce Symphony Build-a-lot 2 Cake Mania Call of Duty: Modern Warfare 2 Call of Duty: Modern Warfare 2 - Multiplayer Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Chuzzle Deluxe Counter-Strike: Source Beta CrazyTalk Cam Suite PRO Cross Fire En CyberLink DVD Suite Deluxe Darkest Hour Server Darkest Hour: Europe '44-'45 Dead Space 2 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Diablo III Diner Dash 2 Restaurant Rescue DiRT 3 DivX Web Player Dora's World Adventure Download Updater (AOL LLC) Driver Sweeper version 3.2.0 DVD Menu Pack for HP MediaSmart Video Escape Rosecliff Island ESET Online Scanner v3 EverQuest II Farm Frenzy FATE Fences Final Drive Nitro FixBrowserRedirect Registry Cleaner version 1.0 Forsaken World FrostWire 4.21.8 Half-Life 2: Deathmatch Heroes of Hellas 2 - Olympia Hewlett-Packard ACLM.NET v1.1.1.0 Hi-Rez Studios Authenticate and Update Service Homefront HP Customer Experience Enhancements HP Game Console HP Games HP MediaSmart DVD HP MediaSmart Music HP MediaSmart Photo HP MediaSmart Video HP MediaSmart/TouchSmart Netflix HP MovieStore HP Product Detection HP Setup HP Setup Manager HP Support Assistant HP Update Hulu Desktop HydraVision Jamestown Jewel Quest Solitaire 2 Killing Floor Kobo LabelPrint Left 4 Dead Left 4 Dead 2 LightScribe System Software Malwarebytes Anti-Malware version 1.62.0.1300 Mare Nostrum Microsoft Choice Guard Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Word MUI (English) 2010 Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit Microsoft Silverlight Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft WSE 3.0 Runtime Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 Movie Theme Pack for HP MediaSmart Video Mozilla Firefox 14.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery P.I. - The London Caper NVIDIA PhysX ObjectDock Free OpenAL Pando Media Booster PDF Complete Special Edition PDF Settings CS5 Penguins! PhotoNow! Plants vs. Zombies PlayReady PC Runtime x86 Poker Superstars III Polar Bowler Polar Golfer Power2Go PowerDirector PressReader PunkBuster Services PxMergeModule QuickTime Rapture3D 2.4.8 Game RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek High Definition Audio Driver RealUpgrade 1.1 Recovery Manager Red Orchestra: Ostfront 41-45 RoxioNow Player Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition Shank Skype Click to Call Skype™ 5.10 Spybot - Search & Destroy Steam Super Meat Boy Super Meat Boy Editor System Requirements Lab CYRI Team Fortress 2 Tribes Ascend Closed Beta Trine 2 TweakNow PowerPack 2011 UMPlayer 0.98 [Athlon] Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition VC80CRTRedist - 8.0.50727.762 Virtual Families Virtual Villagers 4 - The Tree of Life Wheel of Fortune 2 WindowBlinds Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Media Player Firefox Plugin XWidget Ver1.32 Yahoo! Messenger Yahoo! Software Update Zinio Reader 4 Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 8/13/2012 9:35:19 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 9:35:04 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046} 8/13/2012 9:34:08 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service YahooAUService with arguments "" in order to run the server: {90AFF435-B544-4F94-A0C2-CC020EACA4E3} 8/13/2012 9:24:48 AM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 8/13/2012 8:59:59 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 8/13/2012 8:59:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 8/13/2012 8:59:41 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache SASDIFSV SASKUTIL spldr Wanarpv6 8/13/2012 8:49:57 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file. 8/13/2012 12:57:07 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s). 8/13/2012 12:36:51 PM, Error: Service Control Manager [7034] - The Yahoo! Updater service terminated unexpectedly. It has done this 1 time(s). 8/12/2012 7:39:36 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: avipbb discache SASDIFSV SASKUTIL spldr Wanarpv6 8/12/2012 7:36:34 AM, Error: volmgr [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory. 8/12/2012 7:35:28 AM, Error: Service Control Manager [7023] - The Security Center service terminated with the following error: The authentication service is unknown. 8/12/2012 7:35:27 AM, Error: Service Control Manager [7038] - The WdiServiceHost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/12/2012 7:35:27 AM, Error: Service Control Manager [7038] - The netprofm service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC). 8/12/2012 7:35:27 AM, Error: Service Control Manager [7024] - The Power service terminated with service-specific error The operation completed successfully.. 8/12/2012 7:35:27 AM, Error: Service Control Manager [7000] - The Network List Service service failed to start due to the following error: The service did not start due to a logon failure. 8/12/2012 7:35:27 AM, Error: Service Control Manager [7000] - The Diagnostic Service Host service failed to start due to the following error: The service did not start due to a logon failure. 8/12/2012 7:35:23 AM, Error: Service Control Manager [7000] - The SBSD Security Center Service service failed to start due to the following error: The pipe has been ended. 8/12/2012 7:35:23 AM, Error: Service Control Manager [7000] - The Internet Connection Sharing (ICS) service failed to start due to the following error: A system shutdown is in progress. 8/12/2012 7:35:21 AM, Error: Service Control Manager [7043] - The Group Policy Client service did not shut down properly after receiving a preshutdown control. 8/12/2012 11:23:17 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found. 8/12/2012 11:22:04 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 8/12/2012 11:21:32 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. 8/12/2012 11:11:14 PM, Error: Service Control Manager [7000] - The HP Support Assistant Service service failed to start due to the following error: A device attached to the system is not functioning. 8/11/2012 11:57:28 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891 8/11/2012 11:57:28 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891 8/11/2012 11:57:05 PM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed. 8/11/2012 11:57:04 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 8/11/2012 11:56:59 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 8/11/2012 11:55:59 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. . ==== End Of File =========================== RogueKiller V7.6.6 [08/10/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: James [Admin rights] Mode: Scan -- Date: 08/13/2012 12:58:55 ¤¤¤ Bad processes: 2 ¤¤¤ [sVCHOST] svchost.exe -- C:\Windows\SysWoW64\svchost.exe -> KILLED [TermProc] [sUSP PATH] c2c_service.exe -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -> KILLED [TermProc] ¤¤¤ Registry Entries: 5 ¤¤¤ [sUSP PATH] _uninst_29827324.lnk @James : C:\Users\James\AppData\Local\Temp\_uninst_29827324.bat -> FOUND [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FOLDER] U : c:\windows\installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U --> FOUND [ZeroAccess][FOLDER] L : c:\windows\installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\L --> FOUND [ZeroAccess][FILE] @ : c:\users\james\appdata\local\{423c4741-bf68-5fac-d4a9-43884add6edd}\@ --> FOUND [ZeroAccess][FOLDER] U : c:\users\james\appdata\local\{423c4741-bf68-5fac-d4a9-43884add6edd}\U --> FOUND [ZeroAccess][FOLDER] L : c:\users\james\appdata\local\{423c4741-bf68-5fac-d4a9-43884add6edd}\L --> FOUND ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess|Root.MBR ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST375052 8AS SATA Disk Device +++++ --- User --- [MBR] 0c14058bee315b6f1852f1f6cd66b14d [bSP] 9758206b2ee782894eaae0f2e5168471 : Windows Vista/7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 701790 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1437472768 | Size: 13512 Mo User = LL1 ... OK! User != LL2 ... KO! --- LL2 --- [MBR] a96c7100d3f16424a5f1a5319e994254 [bSP] 051e8264b1137b2bdcab09d27efa7e1c : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 264071168 | Size: 300 Mo +++++ PhysicalDrive1: Generic- SD/MMC USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive2: Generic- Compact Flash USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive3: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! +++++ PhysicalDrive4: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! User = LL1 ... OK! Error reading LL2 MBR! Finished : << RKreport[1].txt >> RKreport[1].txt
  13. Hello, I can't seem to get rid of this redirect virus. I ran TDSS, combofix, MWB, but the problem continues. It's happening in Firefox, and Chrome but not Internet explorer. Here is my last MWB log. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.11.03 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 8.0.7601.17514 James :: JAMES-HP [administrator] 8/13/2012 9:40:33 AM mbam-log-2012-08-13 (09-40-33).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 653925 Time elapsed: 1 hour(s), 28 minute(s), 8 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Qoobox\Quarantine\C\Windows\Installer\{423c4741-bf68-5fac-d4a9-43884add6edd}\U\00000001.@.vir (RootKit.0Access.H) -> Quarantined and deleted successfully. (end) Thanks.