1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijacker

Discussion in 'Virus & Other Malware Removal' started by DYNO23, Jan 6, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:09:26 AM, on 1/6/2013
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v9.00 (9.00.8112.16457)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\Downloads\HijackThis (2).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
    O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
    O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
    O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
    O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
    O4 - HKCU\..\Run: [Google Update] "C:\Users\knox\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MusicManager] "C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
    O4 - HKCU\..\Run: [ATT-SST] C:\Program Files (x86)\ATT-SST\pcBrowser.exe -AppKey=ATT-SST -windowcontext=ATT-SST -URL=C:\Program Files (x86)\ATT-SST\OCB\5e828466-3126-4785-a1d9-0ba8cb792fd1\Start.htm?VendorID=ATT-SST,flowId=HOMEVIEWREBOOT
    O4 - HKCU\..\Run: [5C40636FF77336C59A3F4F1B5124532B9721FBD6._service_run] "C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
    O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    O4 - Startup: OneNote Table Of Contents.onetoc2
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: *.sony.com
    O15 - Trusted IP range: http://192.168.1.78
    O15 - Trusted IP range: http://99.160.0.135
    O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} (HiDvrOcx Control) - http://99.160.0.135:85/HiDvrOcx.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
    O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
    O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
    O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 18531 bytes
     
  2. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    DDS (Ver_2012-11-20.01) - NTFS_AMD64
    Internet Explorer: 9.0.8112.16457
    Run by knox at 9:11:42 on 2013-01-06
    Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.6133.3763 [GMT -6:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\alg.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
    C:\Windows\system32\mfevtps.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
    C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
    C:\Program Files\CyberLink\Shared files\RichVideo64.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k HPService
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files\ATT-SST\pcTrayApp.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
    C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
    C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
    C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
    C:\Program Files\McAfee.com\Agent\mcagent.exe
    C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\splwow64.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\System32\msdtc.exe
    C:\Program Files (x86)\Internet Explorer\IELowutil.exe
    C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\System32\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.att.net
    uWindow Title = Microsoft Internet Explorer
    uSearch Bar = Preserve
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
    mStart Page = www.google.com
    mWindow Title = Microsoft Internet Explorer
    uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
    uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
    BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
    BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    uRun: [AdobeBridge] <no file>
    mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
    mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
    mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
    mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
    mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
    mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
    mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
    mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
    mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
    mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
    mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
    mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
    mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
    mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
    mRun: [Conime] C:\Windows\System32\conime.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
    dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
    StartupFolder: C:\Users\knox\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    StartupFolder: C:\Users\knox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    uPolicies-Explorer: NoResolveTrack = dword:1
    uPolicies-Explorer: NoThumbnailCache = dword:1
    uPolicies-Explorer: RestrictRun = dword:0
    uPolicies-System: NoSecCPL = dword:0
    uPolicies-System: NoDispAppearancePage = dword:0
    uPolicies-System: NoDispSettingsPage = dword:0
    uPolicies-System: NoDevMgrPage = dword:0
    uPolicies-System: NoConfigPage = dword:0
    uPolicies-System: NoVirtMemPage = dword:0
    uPolicies-System: NoFileSysPage = dword:0
    uPolicies-System: NoNetSetup = dword:0
    uPolicies-System: NoNetSetupIDPage = dword:0
    uPolicies-System: NoNetSetupSecurityPage = dword:0
    uPolicies-System: NoWorkgroupContents = dword:0
    uPolicies-System: NoEntireNetwork = dword:0
    uPolicies-System: NoFileSharingControl = dword:0
    mPolicies-Explorer: NoActiveDesktop = dword:1
    mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-Explorer: NoResolveTrack = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    Trusted Zone: $talisma_url$
    Trusted Zone: sony.com
    DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
    DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
    DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://99.160.0.135:85/HiDvrOcx.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{1538EFB1-970A-42AF-9584-103C93A490A1} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05} : DHCPNameServer = 192.168.1.254
    Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
    x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
    x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
    x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
    x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
    x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
    x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
    x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
    x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
    x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
    x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
    x64-mPolicies-Explorer: NoActiveDesktop = dword:1
    x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
    x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    x64-mPolicies-Explorer: NoResolveTrack = dword:1
    x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
    x64-mPolicies-System: EnableUIADesktopToggle = dword:0
    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
    x64-Notify: igfxcui - igfxdev.dll
    x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-9-1 771096]
    R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-21 339776]
    R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/03 07:49:41];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
    R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/20 22:54:23];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-2-28 146928]
    R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/10/16 10:29:31];C:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl [2009-8-28 146928]
    R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
    R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-9-20 103472]
    R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
    R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
    R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
    R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-21 241016]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-21 218320]
    R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-21 177680]
    R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-3 369152]
    R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-3 460288]
    R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-1-3 342528]
    R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
    R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-2-21 386344]
    R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]
    R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]
    R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-6-2 33872]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-2-21 69672]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-1 309400]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-2-21 515528]
    R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-4-6 615424]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 398184]
    S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 682344]
    S2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2012-5-14 315392]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
    S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-21 16776]
    S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-21 9096]
    S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]
    S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-31 24176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-21 106112]
    S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-9-1 40904]
    S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-9-1 49480]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-11-6 40464]
    S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-11-4 28144]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-7 89920]
    .
    =============== File Associations ===============
    .
    FileExt: .js: jsfile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
    .
    =============== Created Last 30 ================
    .
    .
    ==================== Find3M ====================
    .
    2013-01-04 03:25:40 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2013-01-04 03:25:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-12-27 02:26:17 294 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
    2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
    2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
    2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-12-12 09:06:04 67413224 ----a-w- C:\Windows\System32\mrt.exe
    2012-12-11 18:59:59 15728568 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
    2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
    2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
    2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
    2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
    2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
    2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
    2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
    2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
    2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
    2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
    2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
    2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
    2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
    2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
    2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
    2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
    2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
    2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
    2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
    2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
    2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-11-09 12:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
    2012-11-09 12:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
    2012-11-09 12:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
    2012-11-09 12:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
    2012-11-09 12:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
    2012-11-09 12:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
    2012-11-09 12:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
    2012-11-09 12:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
    2012-11-09 12:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
    2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
    2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
    2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
    2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
    2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
    2012-10-31 21:10:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
    2012-10-31 21:10:00 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
    2012-10-31 21:10:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
    2012-10-31 21:10:00 158536 ----a-w- C:\Windows\System32\atl100.dll
    2012-10-31 21:10:00 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
    2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 9:12:23.84 ===============
     
  3. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft® Windows Vista&#8482; Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 4/27/2009 4:28:00 PM
    System Uptime: 1/6/2013 8:47:10 AM (1 hours ago)
    .
    Motherboard: PEGATRON CORPORATION | | Benicia
    Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2400/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 583 GiB total, 87.003 GiB free.
    D: is FIXED (NTFS) - 13 GiB total, 1.806 GiB free.
    E: is CDROM ()
    G: is Removable
    H: is Removable
    I: is Removable
    K: is Removable
    L: is FIXED (NTFS) - 298 GiB total, 26.862 GiB free.
    M: is FIXED (FAT32) - 698 GiB total, 258.387 GiB free.
    N: is FIXED (FAT32) - 1863 GiB total, 1651.913 GiB free.
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    .
    ==== Installed Programs ======================
    .
    µTorrent
    4500_G510nz_Help
    4500G510nz
    4500G510nz_Software_Min
    64 Bit HP CIO Components Installer
    ABBYY FineReader 6.0 Sprint
    Acrobat.com
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Media Player
    Adobe Reader 9.5.1
    Adobe Shockwave Player 11.5
    aioscnnr
    Amazon Kindle For PC v1.1
    Amazon MP3 Downloader 1.0.12
    Any DVD Converter Professional 3.7.9
    Any Video Converter Ultimate 4.3.9
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    AT&T Portal
    AT&T Troubleshoot & Resolve Tool
    AudibleManager
    Bing Bar
    Bing Rewards Client Installer
    Bonjour
    BufferChm
    C4USelfUpdater
    Carbonite Online Backup Setup
    CD Audio Reader Filter (remove only)
    center
    Compatibility Pack for the 2007 Office system
    CyberLink BD Advisor 2.0
    CyberLink DVD Suite
    CyberLink LabelPrint
    CyberLink MediaShow
    CyberLink PhotoNow
    CyberLink Power2Go
    CyberLink PowerBackup
    CyberLink PowerDirector
    CyberLink PowerDirector 10
    CyberLink PowerDVD 8
    CyberLink PowerDVD 9
    CyberLink PowerDVD Copy
    CyberLink PowerProducer
    CyberLink WaveEditor
    DC-Bass Source 1.1.1
    DC Universe Online Live
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
    Destinations
    DeviceDiscovery
    Direct Show Ogg Vorbis Filter (remove only)
    DirectX for Managed Code Update (Summer 2004)
    DivX Setup
    DocMgr
    DocProc
    DScaler 5 Mpeg Decoders
    DVDFab 8.0.7.6 Beta (25/02/2011)
    EASEUS Partition Master 6.5.2 Home Edition
    Enhanced Multimedia Keyboard Solution
    essentials
    Fax
    Free Realms
    Free YouTube Downloader 3.3.120
    Gadwin PrintScreen Professional
    Google Chrome
    Google Drive
    Google Update Helper
    GPBaseService2
    H&R Block Deluxe + Efile 2010
    H&R Block Deluxe + Efile 2011
    Hardware Diagnostic Tools
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Customer Participation Program 13.0
    HP Demo
    HP Document Manager 2.0
    HP Imaging Device Functions 13.0
    HP MediaSmart DVD
    HP MediaSmart Music/Photo/Video
    HP MediaSmart SmartMenu
    HP MediaSmart TV
    HP Odometer
    HP Officejet 4500 G510n-z
    HP Picasso Media Center Add-In
    HP Recovery Manager RSS
    HP Smart Web Printing 4.5
    HP Solution Center 13.0
    HP Support Information
    HP Total Care Setup
    HP Update
    HPAsset component for HP Active Support Library
    HPProductAssistant
    HPSSupply
    iCloud
    ImgBurn
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 30
    Juno Preloader
    Kodak AIO Printer
    LightScribe System Software
    Malwarebytes Anti-Malware version 1.70.0.1100
    MarketResearch
    McAfee Security Scan Plus
    McAfee SecurityCenter
    McAfee Virtual Technician
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Default Manager
    Microsoft Office 2010 Service Pack 1 (SP1)
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office File Validation Add-In
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office Home and Student 60 day trial
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office Office 64-bit Components 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared 64-bit MUI (English) 2010
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2005 Redistributable (x64)
    Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
    Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MobileMe Control Panel
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 4.0 SP3 Parser
    MSXML 4.0 SP3 Parser (KB2721691)
    MSXML 4.0 SP3 Parser (KB973685)
    Music Manager
    muvee Reveal
    My HP Games
    Network64
    ocr
    OCR Software by I.R.I.S. 13.0
    OpenSource DTS/AC3/DD+ Source Filter (remove only)
    PC Inspector File Recovery
    Pdf995 (installed by H&R Block)
    PdfEdit995 (installed by H&R Block)
    PMB
    PowerDirector
    PreReq
    PS3 Media Server
    Python 2.6.1
    QuickTime
    QuickTime Alternative 3.0.0
    RealMedia (remove only)
    RealNetworks - Microsoft Visual C++ 2008 Runtime
    RealPlayer
    Realtek High Definition Audio Driver
    RealUpgrade 1.1
    Safari
    Scan
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
    Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553091)
    Security Update for Microsoft Office 2010 (KB2553096)
    Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
    Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
    Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
    Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
    Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
    Shared C Run-time for x64
    Shop for HP Supplies
    SHOUTcast Source (remove only)
    SmartSound Quicktracks 5
    SmartSound Quicktracks Plugin
    SmartWebPrinting
    SolutionCenter
    sp43204
    sp44626
    Status
    Toolbox
    TrayApp
    Uninstall 1.0.0.1
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office 2010 (KB2553065)
    Update for Microsoft Office 2010 (KB2553092)
    Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2566458)
    Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
    Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
    Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
    Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
    VC80CRTRedist - 8.0.50727.4053
    WebReg
    Windows Mobile Device Center
    WinPcap 4.0.2
    WinRAR archiver
    Wondershare PDF Converter (Build 3.1.1)
    Yahoo! BrowserPlus 2.9.8
    Yahoo! Toolbar
    Youtube To MP3 2.0
    .
    ==== End Of File ===========================
     
  4. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    GMER 2.0.18327 - http://www.gmer.net
    Rootkit scan 2013-01-06 09:24:25
    Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
    Running: v3hvlnqh.exe; Driver: C:\Users\knox\AppData\Local\Temp\kwlcquog.sys


    ---- User code sections - GMER 2.0 ----

    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f00827 4 bytes JMP 0000000162249eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075f1081c 4 bytes JMP 0000000162398f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075f12483 4 bytes JMP 0000000162398fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075f14b7c 4 bytes JMP 0000000162398ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075f29b0b 4 bytes JMP 0000000162398e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f35fb7 4 bytes JMP 00000001621a1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075f36397 4 bytes JMP 000000016239901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f4d3ad 4 bytes JMP 0000000162398dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f4d3d1 4 bytes JMP 0000000162398d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000767a70a6 5 bytes JMP 00000001623991d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007480881c 5 bytes JMP 0000000162399080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074808834 5 bytes JMP 0000000162399128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007656ed29 5 bytes JMP 00000001623993c8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774b4572 6 bytes JMP 0000000162209805
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774b457d 6 bytes JMP 0000000162268042
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768b8312 5 bytes JMP 00000001622075db
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075ef7bb3 4 bytes JMP 0000000162267fdf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075ef8c38 4 bytes JMP 00000001621eddab
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075eff2ca 4 bytes JMP 00000001621eded5
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f0010d 5 bytes JMP 000000016228ed00
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f003d2 4 bytes JMP 00000001622425ac
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f00827 4 bytes JMP 0000000162249eb4
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f017ea 4 bytes JMP 00000001622703cf
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075f0263b 5 bytes JMP 000000016239a341
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f0280d 4 bytes JMP 000000016221363b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075f078d1 4 bytes JMP 0000000162399390
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075f0805d 4 bytes JMP 0000000162399a7a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075f087af 4 bytes JMP 0000000162399d26
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075f0f8f3 4 bytes JMP 0000000162399358
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075f1081c 4 bytes JMP 0000000162398f51
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075f12483 4 bytes JMP 0000000162398fb6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075f14b7c 4 bytes JMP 0000000162398ed8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075f19b1b 4 bytes JMP 00000001623992e8
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075f19c47 4 bytes JMP 0000000162399a52
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075f1bd5b 4 bytes JMP 0000000162399320
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075f29b0b 4 bytes JMP 0000000162398e5f
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075f32a58 4 bytes JMP 000000016239a3c2
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f35fb7 4 bytes JMP 00000001621a1893
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075f36397 4 bytes JMP 000000016239901b
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f4d3ad 4 bytes JMP 0000000162398dfb
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f4d3d1 4 bytes JMP 0000000162398d97
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f4d782 4 bytes JMP 000000016239a2a6
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f55af6 5 bytes JMP 000000016239a2e9
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000769d1e80 1 byte JMP 0000000162399784
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076743df0 5 bytes JMP 00000001623998fa
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076743e40 5 bytes JMP 000000016239987c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 000000007674462b 5 bytes JMP 00000001623997ee
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000767474bc 5 bytes JMP 000000016239989a
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000767a70a6 5 bytes JMP 00000001623991d0
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007480881c 5 bytes JMP 0000000162399080
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074808834 5 bytes JMP 0000000162399128
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000765430cf 5 bytes JMP 000000016239946c
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000765434de 5 bytes JMP 0000000162399538
    .text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007656ed29 5 bytes JMP 00000001623993c8
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077489475 7 bytes [BA, 28, EA, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007748969d 7 bytes [BA, 68, EA, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000774896cd 7 bytes [BA, A8, E9, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000774896e5 7 bytes [BA, 28, E9, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000774896fd 7 bytes [BA, 28, EB, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007748972d 7 bytes [BA, 68, EB, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000774897a5 7 bytes [BA, E8, EA, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000774897bd 7 bytes [BA, A8, EA, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077489805 7 bytes [BA, 68, E8, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000774898f5 7 bytes [BA, A8, E8, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077489b35 7 bytes [BA, 28, E8, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 000000007748aa45 7 bytes [BA, E8, E9, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748aabd 7 bytes [BA, 68, E9, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 000000007748acb5 7 bytes [BA, E8, E8, 71, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077489475 7 bytes [BA, 28, 76, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007748969d 7 bytes [BA, 68, 76, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000774896cd 7 bytes [BA, A8, 75, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000774896e5 7 bytes [BA, 28, 75, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000774896fd 7 bytes [BA, 28, 77, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007748972d 7 bytes [BA, 68, 77, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000774897a5 7 bytes [BA, E8, 76, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000774897bd 7 bytes [BA, A8, 76, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077489805 7 bytes [BA, 68, 74, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000774898f5 7 bytes [BA, A8, 74, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077489b35 7 bytes [BA, 28, 74, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 000000007748aa45 7 bytes [BA, E8, 75, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748aabd 7 bytes [BA, 68, 75, D2, 00, FF, E2]
    .text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 000000007748acb5 7 bytes [BA, E8, 74, D2, 00, FF, E2]

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Windows\system32\mfevtps.exe[1888] @ C:\Windows\system32\CRYPT32.dll[ADVAPI32.dll!RegQueryValueExW] [13fb9b910] C:\Windows\system32\mfevtps.exe
    IAT C:\Windows\system32\mfevtps.exe[1888] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fb9b9a0] C:\Windows\system32\mfevtps.exe

    ---- Threads - GMER 2.0 ----

    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1376] 0000000074a729e1
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1528] 000000007440184f
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1484] 000000007440184f
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1616] 0000000074a729e1
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:2172] 0000000074a729e1
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:2268] 0000000074a729e1
    Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:3288] 0000000074a729e1
    Thread C:\Windows\SysWOW64\svchost.exe [1348:1328] 00000000765cf36f
    Thread C:\Windows\SysWOW64\svchost.exe [1348:1152] 000000001000d040
    Thread C:\Windows\SysWOW64\svchost.exe [1348:1800] 000000003af10fb0
    Thread C:\Windows\SysWOW64\svchost.exe [1348:3076] 00000000765cf36f
    Thread C:\Windows\SysWOW64\svchost.exe [1348:6020] 000000006ea917ae
    Thread C:\Windows\SysWOW64\svchost.exe [1348:6316] 0000000075fd3402
    Thread C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [1924:1980] 00000000765cf36f
    Thread C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104:2116] 00000000765cf36f
    Thread C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104:5068] 0000000075fd3402
    Thread C:\Windows\SysWOW64\rundll32.exe [2192:6284] 0000000075fd3402
    Thread C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2292:2308] 00000000765cf36f
    Thread C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336:2344] 00000000765cf36f
    Thread C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336:4740] 0000000075fd3402
    Thread C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392:2432] 00000000765cf36f
    Thread C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392:6224] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484:2492] 00000000765cf36f
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484:6480] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504:2512] 00000000765cf36f
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504:6368] 0000000075fd3402
    Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584:2592] 00000000765cf36f
    Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584:5320] 0000000075fd3402
    Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [3128:836] 0000000075fd3402
    Thread C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636:5020] 00000000725f7456
    Thread C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636:5552] 0000000073e035e1
    Thread C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068:5048] 0000000073ba345e
    Thread C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068:3940] 0000000073ba345e
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:2212] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:4844] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:2732] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:4172] 000000006342914b
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5304] 000000006ea917ae
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5568] 0000000002daf4ba
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4044] 0000000002c1329b
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5884] 00000000028b2210
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4872] 0000000002daf4ba
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4208] 0000000002c1329b
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5672] 0000000003181913
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:3668] 00000000031818f3
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5356] 000000000317e1e3
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5236] 0000000003163697
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:2388] 0000000003164056
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5572] 0000000002daf4ba
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4760] 0000000002c1329b
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4632] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1020:7160] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696:680] 00000000725f7456
    Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696:4060] 000000006bad4235
    Thread C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408:4440] 00000000725f7456
    Thread C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408:3812] 0000000075fd3402
    Thread C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe [4176:6200] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [4336:4732] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [4352:6240] 0000000075fd3402
    Thread C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [4428:3952] 0000000075fd3402
    Thread C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [4492:3232] 0000000075fd3402
    Thread C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [4604:4552] 0000000075fd3402
    Thread C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4892:5180] 0000000075fd3402
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4484] 0000000074a729e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4656] 000000006e829f16
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4380] 000000006e829f16
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:1640] 0000000074a729e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:2252] 0000000074a729e1
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4684] 000000006c69a2c0
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4700] 000000006e821cd0
    Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4928] 0000000075fd3402
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5620] 000000006ea917ae
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:4136] 0000000002ccf4ba
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5516] 000000000244329b
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5944] 0000000002f45810
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:3792] 0000000075fd3402
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944:2940] 0000000075fd3402
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944:4764] 0000000073ba345e
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636:5932] 000000006ea917ae
    Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636:2772] 0000000075fd3402
    Thread C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5264:6872] 0000000075fd3402
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:5736] 00000000630812b0
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:4152] 00000000631912b0
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6204] 0000000063131090
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6212] 0000000063134030
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:5608] 00000000100acbd6
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6324] 0000000001eb1690
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6332] 0000000063152410
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6320] 00000000630e1090
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6336] 0000000063041090
    Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6392] 0000000063046030
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:2376] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:6176] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:7008] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6724] 000000006d3f9f0e
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6804] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6836] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:5764] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:3780] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:7092] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:4880] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:4772] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:6264] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:4592] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:1932] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:7028] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:2480] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:6236] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:7100] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:3460] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:4360] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:7156] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5580] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5660] 000000005fe020e8
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5928] 000000005fe020e8
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6596] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6608] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6048] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1088] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:4228] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5940] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:3740] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6564] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:7000] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5316] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1304] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:4856] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6252] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6496] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1292] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6712] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5956] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:3876] 000000005deac13d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:4508] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:1108] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:4224] 0000000063492a16
    Thread c:\PROGRA~2\mcafee\SITEAD~1\saui.exe [5640:5732] 0000000075fd3402
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:5856] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:5596] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:1280] 0000000063492a16
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:5508] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:6876] 000000007747dd19
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:7112] 000000007750810d
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:5472] 000000006342914b
    Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:2000] 0000000063492a16
    ---- Processes - GMER 2.0 ----

    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\svchost.exe [1348] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [1204] 0000000073a00000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [1924] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2192] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2292] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3300] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [3128] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068] 00000000746b0000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080] 0000000074730000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [3980] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [3252] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [3756] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1020] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [536] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe [4176] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [4272] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [4336] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [4352] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [4428] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [4492] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [4604] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4892] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe [5960] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5264] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048] 0000000074730000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184] 0000000074730000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856] 0000000077440000
    Library ? (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\saui.exe [5640] 0000000077440000
    Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292] 0000000074730000
    Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\NOTEPAD.EXE [5592] 0000000077440000

    ---- EOF - GMER 2.0 ----
     
  5. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    And what is wrong?
    unless you tell what problems you are having we can't guess
     
  6. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10

    When searching google, I'm redirected to another website once I click on the link. If I go back and then click on the link again it will take me to the correct website.
     
  7. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    is this in ALL browsers or only in Goggle Chrome

    step 1

    Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

    let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

    post back with its log

    By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
    Logs have names like: UtilityName.Version_Date_Time_log.txt.
    E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
     
  8. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    Just in God Chrome; however IE is very slow.
     
  9. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    I ran tdss killer and there were no threats detected out of 439 objects.
     
  10. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    lets see what this shows, but normally in chrome it won't work

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  11. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    # AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:51:39
    # Updated 21/01/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : knox - KNOX-FAMILY
    # Boot Mode : Normal
    # Running from : C:\Users\knox\Downloads\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****


    ***** [Files / Folders] *****

    File Found : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
    File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Found : C:\user.js
    Folder Found : C:\ProgramData\InstallMate
    Folder Found : C:\ProgramData\Premium
    Folder Found : C:\Users\knox\AppData\Local\Conduit
    Folder Found : C:\Users\knox\AppData\Local\TempDir
    Folder Found : C:\Users\knox\AppData\LocalLow\boost_interprocess
    Folder Found : C:\Users\knox\AppData\LocalLow\Conduit
    Folder Found : C:\Users\knox\AppData\LocalLow\PriceGong

    ***** [Registry] *****

    Key Found : HKCU\Software\AppDataLow\Software\PriceGong
    Key Found : HKCU\Software\AppDataLow\Software\Toolbar
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\Headlight
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Zugo
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
    Key Found : HKU\S-1-5-21-125378212-1069192621-616378571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\knox\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3277 octets] - [21/01/2013 18:51:39]

    ########## EOF - C:\AdwCleaner[R1].txt - [3337 octets] ##########
     
  12. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
    first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
    Then reboot & reinstall chrome
     
  13. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    # AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:59:44
    # Updated 21/01/2013 by Xplode
    # Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
    # User : knox - KNOX-FAMILY
    # Boot Mode : Normal
    # Running from : C:\Users\knox\Downloads\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****


    ***** [Files / Folders] *****

    Deleted on reboot : C:\ProgramData\InstallMate
    Deleted on reboot : C:\ProgramData\Premium
    Deleted on reboot : C:\Users\knox\AppData\Local\Conduit
    Deleted on reboot : C:\Users\knox\AppData\Local\TempDir
    Deleted on reboot : C:\Users\knox\AppData\LocalLow\boost_interprocess
    Deleted on reboot : C:\Users\knox\AppData\LocalLow\Conduit
    Deleted on reboot : C:\Users\knox\AppData\LocalLow\PriceGong
    File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\user.js

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Zugo
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16457

    [OK] Registry is clean.

    -\\ Google Chrome v24.0.1312.52

    File : C:\Users\knox\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [3402 octets] - [21/01/2013 18:51:39]
    AdwCleaner[R2].txt - [3462 octets] - [21/01/2013 18:53:59]
    AdwCleaner[S1].txt - [3241 octets] - [21/01/2013 18:59:44]

    ########## EOF - C:\AdwCleaner[S1].txt - [3301 octets] ##########
     
  14. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,452
    First Name:
    Derek
    how is it now are doing that
     
  15. DYNO23

    DYNO23 Thread Starter

    Joined:
    Jan 6, 2013
    Messages:
    10
    Wil have to run it again. Did not see where it stated not to sync with current account.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Similar Threads - hijacker
  1. bj nick
    Replies:
    0
    Views:
    785
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1083976

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice