hijacker

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:09:26 AM, on 1/6/2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\Downloads\HijackThis (2).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.att.net
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Use the DivX Plus Web Player to watch web videos with less interruptions and smoother playback on supported sites - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
O4 - HKLM\..\Run: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
O4 - HKLM\..\Run: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
O4 - HKLM\..\Run: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
O4 - HKLM\..\Run: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Gadwin PrintScreen Pro] C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe /nosplash
O4 - HKCU\..\Run: [Google Update] "C:\Users\knox\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MusicManager] "C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
O4 - HKCU\..\Run: [ATT-SST] C:\Program Files (x86)\ATT-SST\pcBrowser.exe -AppKey=ATT-SST -windowcontext=ATT-SST -URL=C:\Program Files (x86)\ATT-SST\OCB\5e828466-3126-4785-a1d9-0ba8cb792fd1\Start.htm?VendorID=ATT-SST,flowId=HOMEVIEWREBOOT
O4 - HKCU\..\Run: [5C40636FF77336C59A3F4F1B5124532B9721FBD6._service_run] "C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKUS\S-1-5-18\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe" (User 'Default user')
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Startup: OneNote Table Of Contents.onetoc2
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.sony.com
O15 - Trusted IP range: http://192.168.1.78
O15 - Trusted IP range: http://99.160.0.135
O16 - DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} (HPVirtualRooms35 Class) - https://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
O16 - DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} (HiDvrOcx Control) - http://99.160.0.135:85/HiDvrOcx.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\My HP Game Console\GameConsoleService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McciServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: pcCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
O23 - Service: pcCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\pcCMService.exe
O23 - Service: pcServiceHost - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
O23 - Service: Cyberlink RichVideo64 Service(CRVS) (RichVideo64) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Print Spooler (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: TV Background Capture Service (TVBCS) (TVCapSvc) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
O23 - Service: TV Task Scheduler (TVTS) (TVSched) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 18531 bytes
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457
Run by knox at 9:11:42 on 2013-01-06
Microsoft® Windows Vista&#8482; Home Premium 6.0.6002.2.1252.1.1033.18.6133.3763 [GMT -6:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\alg.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
C:\Program Files\Common Files\Motive\pcCMService.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe
C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\ATT-SST\pcTrayApp.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe
C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe
C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\splwow64.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\msdtc.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.att.net
uWindow Title = Microsoft Internet Explorer
uSearch Bar = Preserve
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
mStart Page = www.google.com
mWindow Title = Microsoft Internet Explorer
uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll
uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [AdobeBridge] <no file>
mRun: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
mRun: [KBD] C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE
mRun: [HP Health Check Scheduler] c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
mRun: [TSMAgent] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe"
mRun: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRun: [CLMLServer] "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [UpdatePPShortCut] "C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerProducer" update "Software\CyberLink\PowerProducer\5.0"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [RemoteControl8] "C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe"
mRun: [PDVD8LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe"
mRun: [BDRegion] "C:\Program Files (x86)\Cyberlink\Shared files\brs.exe"
mRun: [TVAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe"
mRun: [DVDAgent] "C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe"
mRun: [CarboniteSetupLite] "C:\Program Files (x86)\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=1800
mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Conime] C:\Windows\System32\conime.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime
dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"
StartupFolder: C:\Users\knox\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\Users\knox\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Table Of Contents.onetoc2
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-Explorer: NoResolveTrack = dword:1
uPolicies-Explorer: NoThumbnailCache = dword:1
uPolicies-Explorer: RestrictRun = dword:0
uPolicies-System: NoSecCPL = dword:0
uPolicies-System: NoDispAppearancePage = dword:0
uPolicies-System: NoDispSettingsPage = dword:0
uPolicies-System: NoDevMgrPage = dword:0
uPolicies-System: NoConfigPage = dword:0
uPolicies-System: NoVirtMemPage = dword:0
uPolicies-System: NoFileSysPage = dword:0
uPolicies-System: NoNetSetup = dword:0
uPolicies-System: NoNetSetupIDPage = dword:0
uPolicies-System: NoNetSetupSecurityPage = dword:0
uPolicies-System: NoWorkgroupContents = dword:0
uPolicies-System: NoEntireNetwork = dword:0
uPolicies-System: NoFileSharingControl = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
Trusted Zone: $talisma_url$
Trusted Zone: sony.com
DPF: {00000035-9593-4264-8B29-930B3E4EDCCD} - hxxps://www.rooms.hp.com/vRoom_Cab/WebHPVCInstall35.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DB9DE2A8-D1BA-472A-B1F8-39697899DEF7} - hxxp://99.160.0.135:85/HiDvrOcx.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{1538EFB1-970A-42AF-9584-103C93A490A1} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{54BD3F87-83EC-4960-AD4D-DB99C4117E05} : DHCPNameServer = 192.168.1.254
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
x64-mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
x64-mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=bestbuy&pf=cndt
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20120624213212.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [Windows Defender] C:\Program Files (x86)\Windows Defender\MSASCui.exe -hide
x64-Run: [SmartMenu] C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
x64-Run: [IAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\pcTrayApp.exe"
x64-mPolicies-Explorer: NoActiveDesktop = dword:1
x64-mPolicies-Explorer: NoActiveDesktopChanges = dword:1
x64-mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
x64-mPolicies-Explorer: NoResolveTrack = dword:1
x64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
x64-mPolicies-System: EnableUIADesktopToggle = dword:0
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Notify: igfxcui - igfxdev.dll
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2009-9-1 771096]
R1 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-2-21 339776]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/11/03 07:49:41];C:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2008-11-28 146928]
R2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2011/02/20 22:54:23];C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-2-28 146928]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};Power Control [2009/10/16 10:29:31];C:\Program Files (x86)\Cyberlink\PowerDVD8\000.fcl [2009-8-28 146928]
R2 FontCache;Windows Font Cache Service;C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [2009-9-20 103472]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [2011-2-21 201304]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe [2011-2-21 241016]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe [2011-2-21 218320]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2011-2-21 177680]
R2 pcCMService;pcCMService;C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2013-1-3 369152]
R2 pcCMService64;pcCMService64;C:\Program Files\Common Files\Motive\pcCMService.exe [2013-1-3 460288]
R2 pcServiceHost;pcServiceHost;C:\Program Files (x86)\Common Files\Motive\pcServiceHost.exe [2013-1-3 342528]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2011-2-21 386344]
R2 TVCapSvc;TV Background Capture Service (TVBCS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2009-4-22 296320]
R2 TVSched;TV Task Scheduler (TVTS);C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2009-4-22 116104]
R3 anvsnddrv;AnvSoft Virtual Sound Device;C:\Windows\System32\drivers\anvsnddrv.sys [2012-6-2 33872]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-2-21 69672]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2009-9-1 309400]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-2-21 515528]
R3 netr7364;USB Wireless 802.11 b/g Adaptor Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-4-6 615424]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-31 398184]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-31 682344]
S2 McciServiceHost;McciServiceHost;C:\Program Files (x86)\Common Files\Motive\McciServiceHost.exe [2012-5-14 315392]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2010-12-21 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2010-12-21 9096]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2012-11-13 196440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-31 24176]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-2-21 106112]
S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\System32\drivers\mferkdk.sys [2009-9-1 40904]
S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\System32\drivers\mfesmfk.sys [2009-9-1 49480]
S3 NPF;NetGroup Packet Filter Driver;C:\Windows\System32\drivers\npf.sys [2007-11-6 40464]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000};PCD5SRVC{8AAF211B-043E02A9-05040000} - PCDR Kernel Mode Service Helper Driver;C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [2008-11-4 28144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-7 89920]
.
=============== File Associations ===============
.
FileExt: .js: jsfile=C:\Windows\SysWOW64\WScript.exe "%1" %*
FileExt: .jse: JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2013-01-04 03:25:40 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-04 03:25:40 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-27 02:26:17 294 ----a-w- C:\Windows\SysWow64\ealregsnapshot1.reg
2012-12-16 13:31:20 48128 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 13:12:54 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-16 11:08:21 368128 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 10:50:29 293376 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-14 22:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-12 09:06:04 67413224 ----a-w- C:\Windows\System32\mrt.exe
2012-12-11 18:59:59 15728568 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2012-11-14 07:06:18 17811968 ----a-w- C:\Windows\System32\mshtml.dll
2012-11-14 06:32:33 10925568 ----a-w- C:\Windows\System32\ieframe.dll
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:44 1346048 ----a-w- C:\Windows\System32\urlmon.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 06:02:04 237056 ----a-w- C:\Windows\System32\url.dll
2012-11-14 05:59:52 85504 ----a-w- C:\Windows\System32\jsproxy.dll
2012-11-14 05:58:36 816640 ----a-w- C:\Windows\System32\jscript.dll
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:55:45 2144768 ----a-w- C:\Windows\System32\iertutil.dll
2012-11-14 05:55:26 729088 ----a-w- C:\Windows\System32\msfeeds.dll
2012-11-14 05:53:22 96768 ----a-w- C:\Windows\System32\mshtmled.dll
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 05:46:25 248320 ----a-w- C:\Windows\System32\ieui.dll
2012-11-14 02:48:26 12320256 ----a-w- C:\Windows\SysWow64\mshtml.dll
2012-11-14 02:14:59 9738240 ----a-w- C:\Windows\SysWow64\ieframe.dll
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:44 1103872 ----a-w- C:\Windows\SysWow64\urlmon.dll
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:55:46 231936 ----a-w- C:\Windows\SysWow64\url.dll
2012-11-14 01:51:44 65024 ----a-w- C:\Windows\SysWow64\jsproxy.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:49:19 717824 ----a-w- C:\Windows\SysWow64\jscript.dll
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:47:20 607744 ----a-w- C:\Windows\SysWow64\msfeeds.dll
2012-11-14 01:46:38 1793024 ----a-w- C:\Windows\SysWow64\iertutil.dll
2012-11-14 01:45:01 73216 ----a-w- C:\Windows\SysWow64\mshtmled.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-11-14 01:41:30 176640 ----a-w- C:\Windows\SysWow64\ieui.dll
2012-11-13 01:55:22 2770432 ----a-w- C:\Windows\System32\win32k.sys
2012-11-13 01:45:48 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-13 01:29:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-11-09 12:40:24 69672 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2012-11-09 12:37:42 339776 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2012-11-09 12:37:30 177680 ----a-w- C:\Windows\System32\mfevtps.exe
2012-11-09 12:36:40 10288 ----a-w- C:\Windows\System32\drivers\mfeclnk.sys
2012-11-09 12:36:30 106112 ----a-w- C:\Windows\System32\drivers\mferkdet.sys
2012-11-09 12:35:50 771096 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2012-11-09 12:34:58 515528 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2012-11-09 12:34:18 309400 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2012-11-09 12:33:58 178840 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2012-11-02 10:45:52 477696 ----a-w- C:\Windows\System32\dpnet.dll
2012-11-02 10:45:51 68096 ----a-w- C:\Windows\System32\dpnathlp.dll
2012-11-02 10:18:17 376320 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-11-02 08:59:56 26112 ----a-w- C:\Windows\System32\dpnsvr.exe
2012-11-02 08:26:06 23040 ----a-w- C:\Windows\SysWow64\dpnsvr.exe
2012-10-31 21:10:00 829264 ----a-w- C:\Windows\System32\msvcr100.dll
2012-10-31 21:10:00 773968 ----a-w- C:\Windows\SysWow64\msvcr100.dll
2012-10-31 21:10:00 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll
2012-10-31 21:10:00 158536 ----a-w- C:\Windows\System32\atl100.dll
2012-10-31 21:10:00 138056 ----a-w- C:\Windows\SysWow64\atl100.dll
2012-10-25 09:12:26 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12:26 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 9:12:23.84 ===============
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista&#8482; Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2009 4:28:00 PM
System Uptime: 1/6/2013 8:47:10 AM (1 hours ago)
.
Motherboard: PEGATRON CORPORATION | | Benicia
Processor: Pentium(R) Dual-Core CPU E5200 @ 2.50GHz | CPU 1 | 2400/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 583 GiB total, 87.003 GiB free.
D: is FIXED (NTFS) - 13 GiB total, 1.806 GiB free.
E: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
K: is Removable
L: is FIXED (NTFS) - 298 GiB total, 26.862 GiB free.
M: is FIXED (FAT32) - 698 GiB total, 258.387 GiB free.
N: is FIXED (FAT32) - 1863 GiB total, 1651.913 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
µTorrent
4500_G510nz_Help
4500G510nz
4500G510nz_Software_Min
64 Bit HP CIO Components Installer
ABBYY FineReader 6.0 Sprint
Acrobat.com
ActiveCheck component for HP Active Support Library
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Media Player
Adobe Reader 9.5.1
Adobe Shockwave Player 11.5
aioscnnr
Amazon Kindle For PC v1.1
Amazon MP3 Downloader 1.0.12
Any DVD Converter Professional 3.7.9
Any Video Converter Ultimate 4.3.9
Apple Application Support
Apple Mobile Device Support
Apple Software Update
AT&T Portal
AT&T Troubleshoot & Resolve Tool
AudibleManager
Bing Bar
Bing Rewards Client Installer
Bonjour
BufferChm
C4USelfUpdater
Carbonite Online Backup Setup
CD Audio Reader Filter (remove only)
center
Compatibility Pack for the 2007 Office system
CyberLink BD Advisor 2.0
CyberLink DVD Suite
CyberLink LabelPrint
CyberLink MediaShow
CyberLink PhotoNow
CyberLink Power2Go
CyberLink PowerBackup
CyberLink PowerDirector
CyberLink PowerDirector 10
CyberLink PowerDVD 8
CyberLink PowerDVD 9
CyberLink PowerDVD Copy
CyberLink PowerProducer
CyberLink WaveEditor
DC-Bass Source 1.1.1
DC Universe Online Live
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Destinations
DeviceDiscovery
Direct Show Ogg Vorbis Filter (remove only)
DirectX for Managed Code Update (Summer 2004)
DivX Setup
DocMgr
DocProc
DScaler 5 Mpeg Decoders
DVDFab 8.0.7.6 Beta (25/02/2011)
EASEUS Partition Master 6.5.2 Home Edition
Enhanced Multimedia Keyboard Solution
essentials
Fax
Free Realms
Free YouTube Downloader 3.3.120
Gadwin PrintScreen Professional
Google Chrome
Google Drive
Google Update Helper
GPBaseService2
H&R Block Deluxe + Efile 2010
H&R Block Deluxe + Efile 2011
Hardware Diagnostic Tools
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Active Support Library
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Demo
HP Document Manager 2.0
HP Imaging Device Functions 13.0
HP MediaSmart DVD
HP MediaSmart Music/Photo/Video
HP MediaSmart SmartMenu
HP MediaSmart TV
HP Odometer
HP Officejet 4500 G510n-z
HP Picasso Media Center Add-In
HP Recovery Manager RSS
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Support Information
HP Total Care Setup
HP Update
HPAsset component for HP Active Support Library
HPProductAssistant
HPSSupply
iCloud
ImgBurn
Intel(R) Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
iTunes
Java Auto Updater
Java(TM) 6 Update 30
Juno Preloader
Kodak AIO Printer
LightScribe System Software
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
McAfee Security Scan Plus
McAfee SecurityCenter
McAfee Virtual Technician
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Default Manager
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2010
Microsoft Office Home and Student 60 day trial
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
MobileMe Control Panel
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB973685)
Music Manager
muvee Reveal
My HP Games
Network64
ocr
OCR Software by I.R.I.S. 13.0
OpenSource DTS/AC3/DD+ Source Filter (remove only)
PC Inspector File Recovery
Pdf995 (installed by H&R Block)
PdfEdit995 (installed by H&R Block)
PMB
PowerDirector
PreReq
PS3 Media Server
Python 2.6.1
QuickTime
QuickTime Alternative 3.0.0
RealMedia (remove only)
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.1
Safari
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition
Shared C Run-time for x64
Shop for HP Supplies
SHOUTcast Source (remove only)
SmartSound Quicktracks 5
SmartSound Quicktracks Plugin
SmartWebPrinting
SolutionCenter
sp43204
sp44626
Status
Toolbox
TrayApp
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition
VC80CRTRedist - 8.0.50727.4053
WebReg
Windows Mobile Device Center
WinPcap 4.0.2
WinRAR archiver
Wondershare PDF Converter (Build 3.1.1)
Yahoo! BrowserPlus 2.9.8
Yahoo! Toolbar
Youtube To MP3 2.0
.
==== End Of File ===========================
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
GMER 2.0.18327 - http://www.gmer.net
Rootkit scan 2013-01-06 09:24:25
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: v3hvlnqh.exe; Driver: C:\Users\knox\AppData\Local\Temp\kwlcquog.sys


---- User code sections - GMER 2.0 ----

.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f00827 4 bytes JMP 0000000162249eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075f1081c 4 bytes JMP 0000000162398f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075f12483 4 bytes JMP 0000000162398fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075f14b7c 4 bytes JMP 0000000162398ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075f29b0b 4 bytes JMP 0000000162398e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f35fb7 4 bytes JMP 00000001621a1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075f36397 4 bytes JMP 000000016239901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f4d3ad 4 bytes JMP 0000000162398dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f4d3d1 4 bytes JMP 0000000162398d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000767a70a6 5 bytes JMP 00000001623991d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007480881c 5 bytes JMP 0000000162399080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074808834 5 bytes JMP 0000000162399128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3996] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007656ed29 5 bytes JMP 00000001623993c8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_A 00000000774b4572 6 bytes JMP 0000000162209805
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\SysWOW64\ntdll.dll!NtdllDefWindowProc_W 00000000774b457d 6 bytes JMP 0000000162268042
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\kernel32.dll!CreateThread 00000000768b8312 5 bytes JMP 00000001622075db
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CallNextHookEx 0000000075ef7bb3 4 bytes JMP 0000000162267fdf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!GetKeyState 0000000075ef8c38 4 bytes JMP 00000001621eddab
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!GetAsyncKeyState 0000000075eff2ca 4 bytes JMP 00000001621eded5
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 0000000075f0010d 5 bytes JMP 000000016228ed00
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000075f003d2 4 bytes JMP 00000001622425ac
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!EnableWindow 0000000075f00827 4 bytes JMP 0000000162249eb4
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExW 0000000075f017ea 4 bytes JMP 00000001622703cf
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetKeyboardState 0000000075f0263b 5 bytes JMP 000000016239a341
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateWindowExA 0000000075f0280d 4 bytes JMP 000000016221363b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW 0000000075f078d1 4 bytes JMP 0000000162399390
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!IsDialogMessageW 0000000075f0805d 4 bytes JMP 0000000162399a7a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!EndDialog 0000000075f087af 4 bytes JMP 0000000162399d26
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamA 0000000075f0f8f3 4 bytes JMP 0000000162399358
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxParamA 0000000075f1081c 4 bytes JMP 0000000162398f51
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamW 0000000075f12483 4 bytes JMP 0000000162398fb6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA 0000000075f14b7c 4 bytes JMP 0000000162398ed8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogParamA 0000000075f19b1b 4 bytes JMP 00000001623992e8
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!IsDialogMessage 0000000075f19c47 4 bytes JMP 0000000162399a52
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!CreateDialogParamW 0000000075f1bd5b 4 bytes JMP 0000000162399320
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW 0000000075f29b0b 4 bytes JMP 0000000162398e5f
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000075f32a58 4 bytes JMP 000000016239a3c2
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxParamW 0000000075f35fb7 4 bytes JMP 00000001621a1893
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!DialogBoxIndirectParamA 0000000075f36397 4 bytes JMP 000000016239901b
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExA 0000000075f4d3ad 4 bytes JMP 0000000162398dfb
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!MessageBoxExW 0000000075f4d3d1 4 bytes JMP 0000000162398d97
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!keybd_event 0000000075f4d782 4 bytes JMP 000000016239a2a6
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\USER32.dll!SendInput 0000000075f55af6 5 bytes JMP 000000016239a2e9
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 00000000769d1e80 1 byte JMP 0000000162399784
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000076743df0 5 bytes JMP 00000001623998fa
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000076743e40 5 bytes JMP 000000016239987c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 000000007674462b 5 bytes JMP 00000001623997ee
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000767474bc 5 bytes JMP 000000016239989a
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\OLEAUT32.dll!OleCreatePropertyFrameIndirect 00000000767a70a6 5 bytes JMP 00000001623991d0
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheetW 000000007480881c 5 bytes JMP 0000000162399080
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll!PropertySheet 0000000074808834 5 bytes JMP 0000000162399128
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PrintDlgW 00000000765430cf 5 bytes JMP 000000016239946c
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PrintDlgA 00000000765434de 5 bytes JMP 0000000162399538
.text C:\Program Files (x86)\Internet Explorer\iexplore.exe[3100] C:\Windows\syswow64\comdlg32.dll!PageSetupDlgW 000000007656ed29 5 bytes JMP 00000001623993c8
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077489475 7 bytes [BA, 28, EA, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007748969d 7 bytes [BA, 68, EA, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000774896cd 7 bytes [BA, A8, E9, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000774896e5 7 bytes [BA, 28, E9, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000774896fd 7 bytes [BA, 28, EB, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007748972d 7 bytes [BA, 68, EB, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000774897a5 7 bytes [BA, E8, EA, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000774897bd 7 bytes [BA, A8, EA, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077489805 7 bytes [BA, 68, E8, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000774898f5 7 bytes [BA, A8, E8, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077489b35 7 bytes [BA, 28, E8, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 000000007748aa45 7 bytes [BA, E8, E9, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748aabd 7 bytes [BA, 68, E9, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5588] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 000000007748acb5 7 bytes [BA, E8, E8, 71, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077489475 7 bytes [BA, 28, 76, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007748969d 7 bytes [BA, 68, 76, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 00000000774896cd 7 bytes [BA, A8, 75, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 00000000774896e5 7 bytes [BA, 28, 75, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 00000000774896fd 7 bytes [BA, 28, 77, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007748972d 7 bytes [BA, 68, 77, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 00000000774897a5 7 bytes [BA, E8, 76, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 00000000774897bd 7 bytes [BA, A8, 76, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077489805 7 bytes [BA, 68, 74, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 00000000774898f5 7 bytes [BA, A8, 74, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077489b35 7 bytes [BA, 28, 74, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 000000007748aa45 7 bytes [BA, E8, 75, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007748aabd 7 bytes [BA, 68, 75, D2, 00, FF, E2]
.text C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe[5008] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 000000007748acb5 7 bytes [BA, E8, 74, D2, 00, FF, E2]

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Windows\system32\mfevtps.exe[1888] @ C:\Windows\system32\CRYPT32.dll[ADVAPI32.dll!RegQueryValueExW] [13fb9b910] C:\Windows\system32\mfevtps.exe
IAT C:\Windows\system32\mfevtps.exe[1888] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13fb9b9a0] C:\Windows\system32\mfevtps.exe

---- Threads - GMER 2.0 ----

Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1376] 0000000074a729e1
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1528] 000000007440184f
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1484] 000000007440184f
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:1616] 0000000074a729e1
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:2172] 0000000074a729e1
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:2268] 0000000074a729e1
Thread C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312:3288] 0000000074a729e1
Thread C:\Windows\SysWOW64\svchost.exe [1348:1328] 00000000765cf36f
Thread C:\Windows\SysWOW64\svchost.exe [1348:1152] 000000001000d040
Thread C:\Windows\SysWOW64\svchost.exe [1348:1800] 000000003af10fb0
Thread C:\Windows\SysWOW64\svchost.exe [1348:3076] 00000000765cf36f
Thread C:\Windows\SysWOW64\svchost.exe [1348:6020] 000000006ea917ae
Thread C:\Windows\SysWOW64\svchost.exe [1348:6316] 0000000075fd3402
Thread C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [1924:1980] 00000000765cf36f
Thread C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104:2116] 00000000765cf36f
Thread C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104:5068] 0000000075fd3402
Thread C:\Windows\SysWOW64\rundll32.exe [2192:6284] 0000000075fd3402
Thread C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2292:2308] 00000000765cf36f
Thread C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336:2344] 00000000765cf36f
Thread C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336:4740] 0000000075fd3402
Thread C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392:2432] 00000000765cf36f
Thread C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392:6224] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484:2492] 00000000765cf36f
Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484:6480] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504:2512] 00000000765cf36f
Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504:6368] 0000000075fd3402
Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584:2592] 00000000765cf36f
Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584:5320] 0000000075fd3402
Thread C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [3128:836] 0000000075fd3402
Thread C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636:5020] 00000000725f7456
Thread C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636:5552] 0000000073e035e1
Thread C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068:5048] 0000000073ba345e
Thread C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068:3940] 0000000073ba345e
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:2212] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:4844] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:2732] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080:4172] 000000006342914b
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5304] 000000006ea917ae
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5568] 0000000002daf4ba
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4044] 0000000002c1329b
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5884] 00000000028b2210
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4872] 0000000002daf4ba
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4208] 0000000002c1329b
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5672] 0000000003181913
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:3668] 00000000031818f3
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5356] 000000000317e1e3
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5236] 0000000003163697
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:2388] 0000000003164056
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:5572] 0000000002daf4ba
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4760] 0000000002c1329b
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604:4632] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1020:7160] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696:680] 00000000725f7456
Thread C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696:4060] 000000006bad4235
Thread C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408:4440] 00000000725f7456
Thread C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408:3812] 0000000075fd3402
Thread C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe [4176:6200] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [4336:4732] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [4352:6240] 0000000075fd3402
Thread C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [4428:3952] 0000000075fd3402
Thread C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [4492:3232] 0000000075fd3402
Thread C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [4604:4552] 0000000075fd3402
Thread C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4892:5180] 0000000075fd3402
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4484] 0000000074a729e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4656] 000000006e829f16
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4380] 000000006e829f16
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:1640] 0000000074a729e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:2252] 0000000074a729e1
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4684] 000000006c69a2c0
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4700] 000000006e821cd0
Thread C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708:4928] 0000000075fd3402
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5620] 000000006ea917ae
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:4136] 0000000002ccf4ba
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5516] 000000000244329b
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:5944] 0000000002f45810
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860:3792] 0000000075fd3402
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944:2940] 0000000075fd3402
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944:4764] 0000000073ba345e
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636:5932] 000000006ea917ae
Thread C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636:2772] 0000000075fd3402
Thread C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5264:6872] 0000000075fd3402
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:5736] 00000000630812b0
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:4152] 00000000631912b0
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6204] 0000000063131090
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6212] 0000000063134030
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:5608] 00000000100acbd6
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6324] 0000000001eb1690
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6332] 0000000063152410
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6320] 00000000630e1090
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6336] 0000000063041090
Thread C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628:6392] 0000000063046030
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:2376] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:6176] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064:7008] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6724] 000000006d3f9f0e
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6804] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708:6836] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:5764] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:3780] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784:7092] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:4880] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:4772] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908:6264] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:4592] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:1932] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904:7028] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:2480] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:6236] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928:7100] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:3460] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:4360] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468:7156] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5580] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5660] 000000005fe020e8
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048:5928] 000000005fe020e8
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6596] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6608] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6048] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1088] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:4228] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5940] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:3740] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6564] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:7000] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5316] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1304] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:4856] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6252] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6496] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:1292] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:6712] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:5956] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184:3876] 000000005deac13d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:4508] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:1108] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856:4224] 0000000063492a16
Thread c:\PROGRA~2\mcafee\SITEAD~1\saui.exe [5640:5732] 0000000075fd3402
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:5856] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:5596] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292:1280] 0000000063492a16
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:5508] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:6876] 000000007747dd19
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:7112] 000000007750810d
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:5472] 000000006342914b
Thread C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [4520:2000] 0000000063492a16
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [1312] 0000000077440000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\svchost.exe [1348] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [1204] 0000000073a00000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [1924] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Motive\pcCMService.exe [2104] 0000000077440000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\rundll32.exe [2192] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2292] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [2336] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2392] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [2484] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [2504] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2584] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe [3300] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe [3128] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Gadwin Systems\PrintScreenPro\PrintScreenPro.exe [3636] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [1068] 00000000746b0000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3080] 0000000074730000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [3604] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [3980] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [3252] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [3756] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe [1020] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe [696] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe [536] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe [2408] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe [4176] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [4272] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\TV\TVAgent.exe [4336] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe [4352] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [4428] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [4492] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [4604] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [4892] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\iTunes\iTunesHelper.exe [4708] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Motive\pcContextHookShim.exe [5960] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [4860] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [3944] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [5636] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Internet Explorer\IELowutil.exe [5264] 0000000077440000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe [5628] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [2064] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6708] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6784] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6908] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6904] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6928] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [5468] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [7048] 0000000074730000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3184] 0000000074730000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [3856] 0000000077440000
Library ? (*** suspicious ***) @ c:\PROGRA~2\mcafee\SITEAD~1\saui.exe [5640] 0000000077440000
Library ? (*** suspicious ***) @ C:\Users\knox\AppData\Local\Google\Chrome\Application\chrome.exe [6292] 0000000074730000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\NOTEPAD.EXE [5592] 0000000077440000

---- EOF - GMER 2.0 ----
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
And what is wrong?
unless you tell what problems you are having we can't guess
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
And what is wrong?
unless you tell what problems you are having we can't guess

When searching google, I'm redirected to another website once I click on the link. If I go back and then click on the link again it will take me to the correct website.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
is this in ALL browsers or only in Goggle Chrome

step 1

Run tdss killer from http://support.kaspersky.com/viruses/solutions?qid=208280684

let it cure anything it fnds ( except SPTD.SYS or anything detected as UnsignedFile.Multi.Generic, which should be ignored) & then reboot

post back with its log

By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder.
Logs have names like: UtilityName.Version_Date_Time_log.txt.
E.g. C:\TDSSKiller.2.4.7_23.07.2010_15.31.43_log.txt
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
I ran tdss killer and there were no threats detected out of 439 objects.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
lets see what this shows, but normally in chrome it won't work

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
# AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:51:39
# Updated 21/01/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : knox - KNOX-FAMILY
# Boot Mode : Normal
# Running from : C:\Users\knox\Downloads\AdwCleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Found : C:\user.js
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Premium
Folder Found : C:\Users\knox\AppData\Local\Conduit
Folder Found : C:\Users\knox\AppData\Local\TempDir
Folder Found : C:\Users\knox\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\knox\AppData\LocalLow\Conduit
Folder Found : C:\Users\knox\AppData\LocalLow\PriceGong

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Zugo
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKU\S-1-5-21-125378212-1069192621-616378571-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\knox\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3277 octets] - [21/01/2013 18:51:39]

########## EOF - C:\AdwCleaner[R1].txt - [3337 octets] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

The only likely cure is going to be uninstall chrome, make sure you take the option to remove all user data.
first make sure that you are not set up to sync chrome with your google account, if you are, set it to stop sync first ( otherwise the backups on your google account will reinstall the malware).
Then reboot & reinstall chrome
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
# AdwCleaner v2.107 - Logfile created 01/21/2013 at 18:59:44
# Updated 21/01/2013 by Xplode
# Operating system : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# User : knox - KNOX-FAMILY
# Boot Mode : Normal
# Running from : C:\Users\knox\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\InstallMate
Deleted on reboot : C:\ProgramData\Premium
Deleted on reboot : C:\Users\knox\AppData\Local\Conduit
Deleted on reboot : C:\Users\knox\AppData\Local\TempDir
Deleted on reboot : C:\Users\knox\AppData\LocalLow\boost_interprocess
Deleted on reboot : C:\Users\knox\AppData\LocalLow\Conduit
Deleted on reboot : C:\Users\knox\AppData\LocalLow\PriceGong
File Deleted : C:\Program Files (x86)\Mozilla FireFox\Components\AskSearch.js
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\user.js

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Google Chrome v24.0.1312.52

File : C:\Users\knox\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [3402 octets] - [21/01/2013 18:51:39]
AdwCleaner[R2].txt - [3462 octets] - [21/01/2013 18:53:59]
AdwCleaner[S1].txt - [3241 octets] - [21/01/2013 18:59:44]

########## EOF - C:\AdwCleaner[S1].txt - [3301 octets] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
how is it now are doing that
 

DYNO23

Thread Starter
Joined
Jan 6, 2013
Messages
10
Wil have to run it again. Did not see where it stated not to sync with current account.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top