Jump to content


Photo
- - - - -

redirect on Google Chrome


  • This topic is locked This topic is locked
33 replies to this topic

#1 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 07 July 2012 - 11:05 PM

Hello,
Been getting a bunch of redirection as i`m browsing. I think i`m infected. Any help would be appreciated!

Attached Files



#2 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 07 July 2012 - 11:16 PM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#3 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 07 July 2012 - 11:25 PM

Results of screen317's Security Check version 0.99.42
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
CCleaner
Java™ 6 Update 22
Java™ 6 Update 33
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Flash Player 11.1.102.62
Adobe Reader X 10.0.1 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
Google Chrome 19.0.1084.56
Google Chrome 20.0.1132.47
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

#4 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 07 July 2012 - 11:55 PM

Let me have the combofix report when it is complete


gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#5 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 12:05 AM

Here it is, and Thanks!


ComboFix 12-07-07.04 - Bill 07/08/2012 0:33.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.394 [GMT -4:00]
Running from: c:\users\Bill\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\CouponAlert_2pEI
c:\users\Bill\AppData\Roaming\AdVantage
c:\users\Bill\AppData\Roaming\Google Talk
c:\users\Bill\AppData\Roaming\system32
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 04:50 . 2012-07-08 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-06 20:13 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\mpengine.dll
2012-06-29 02:10 . 2012-06-29 02:10 -------- d-----w- c:\program files\iPod
2012-06-25 21:56 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-25 21:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-25 21:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-06-25 21:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-25 21:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-24 18:07 . 2012-06-24 18:07 -------- d-----w- c:\program files\Common Files\Java
2012-06-24 18:06 . 2012-06-24 18:06 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-24 18:02 . 2012-06-24 18:02 -------- d-----w- c:\programdata\McAfee
2012-06-24 15:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 15:56 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-24 15:56 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-24 15:56 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-24 15:56 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 15:55 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-24 15:55 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-24 15:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-24 15:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-24 15:55 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-24 15:54 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-24 15:54 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-24 15:54 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-24 15:54 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-24 15:54 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-24 15:54 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-24 15:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-06-24 15:54 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-24 15:54 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-24 15:54 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-24 15:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-24 15:48 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-24 15:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 15:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 15:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 15:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 15:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 15:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:44 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 15:44 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 15:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-24 15:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-24 15:24 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-24 15:24 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-24 15:24 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-24 15:24 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-24 15:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-06-24 15:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\programdata\AVAST Software
2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\program files\AVAST Software
2012-06-22 00:45 . 2012-06-22 00:45 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\program files\Trend Micro
2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\7-Zip
2012-06-18 22:50 . 2012-06-18 22:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-18 22:50 . 2012-06-18 22:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 18:06 . 2011-05-19 20:43 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-18 22:50 . 2011-05-19 22:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-02-01 23:17 1487240 ------w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2011-02-01 1487240]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=060612_7_&babsrc=KW_ss&mntrId=78db3950000000000000061f3a75ca90&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.hardId - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 01:03:06
ComboFix-quarantined-files.txt 2012-07-08 05:03
ComboFix2.txt 2011-04-29 00:59
.
Pre-Run: 19,422,400,512 bytes free
Post-Run: 19,762,978,816 bytes free
.
- - End Of File - - 6C257FE69B04108EC8B1EFCD3ED79407

#6 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 08 July 2012 - 12:35 AM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#7 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 12:52 AM

01:50:21.0792 4728 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
01:50:22.0136 4728 ============================================================
01:50:22.0136 4728 Current date / time: 2012/07/08 01:50:22.0136
01:50:22.0136 4728 SystemInfo:
01:50:22.0136 4728
01:50:22.0136 4728 OS Version: 6.1.7601 ServicePack: 1.0
01:50:22.0136 4728 Product type: Workstation
01:50:22.0136 4728 ComputerName: BILL-PC
01:50:22.0136 4728 UserName: Bill
01:50:22.0136 4728 Windows directory: C:\Windows
01:50:22.0136 4728 System windows directory: C:\Windows
01:50:22.0136 4728 Processor architecture: Intel x86
01:50:22.0136 4728 Number of processors: 1
01:50:22.0136 4728 Page size: 0x1000
01:50:22.0136 4728 Boot type: Normal boot
01:50:22.0136 4728 ============================================================
01:50:23.0867 4728 Drive \Device\Harddisk0\DR0 - Size: 0x12A1F16000 (74.53 Gb), SectorSize: 0x200, Cylinders: 0x2601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
01:50:23.0930 4728 ============================================================
01:50:23.0930 4728 \Device\Harddisk0\DR0:
01:50:23.0961 4728 MBR partitions:
01:50:23.0961 4728 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x950A5C1
01:50:23.0961 4728 ============================================================
01:50:24.0054 4728 C: <-> \Device\Harddisk0\DR0\Partition0
01:50:24.0054 4728 ============================================================
01:50:24.0054 4728 Initialize success
01:50:24.0054 4728 ============================================================
01:50:27.0564 4532 ============================================================
01:50:27.0564 4532 Scan started
01:50:27.0564 4532 Mode: Manual;
01:50:27.0564 4532 ============================================================
01:50:28.0859 4532 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
01:50:28.0859 4532 1394ohci - ok
01:50:28.0922 4532 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
01:50:28.0922 4532 ACPI - ok
01:50:28.0953 4532 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
01:50:28.0953 4532 AcpiPmi - ok
01:50:29.0015 4532 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
01:50:29.0031 4532 adp94xx - ok
01:50:29.0078 4532 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
01:50:29.0078 4532 adpahci - ok
01:50:29.0156 4532 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
01:50:29.0171 4532 adpu320 - ok
01:50:29.0234 4532 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
01:50:29.0234 4532 AeLookupSvc - ok
01:50:29.0327 4532 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
01:50:29.0327 4532 AFD - ok
01:50:29.0452 4532 AgereSoftModem (7e10e3bb9b258ad8a9300f91214d67b9) C:\Windows\system32\DRIVERS\AGRSM.sys
01:50:29.0468 4532 AgereSoftModem - ok
01:50:29.0530 4532 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
01:50:29.0530 4532 agp440 - ok
01:50:29.0577 4532 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
01:50:29.0577 4532 aic78xx - ok
01:50:29.0655 4532 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
01:50:29.0655 4532 ALG - ok
01:50:29.0686 4532 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
01:50:29.0686 4532 aliide - ok
01:50:29.0733 4532 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
01:50:29.0733 4532 amdagp - ok
01:50:29.0795 4532 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
01:50:29.0811 4532 amdide - ok
01:50:29.0827 4532 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
01:50:29.0842 4532 AmdK8 - ok
01:50:29.0858 4532 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
01:50:29.0858 4532 AmdPPM - ok
01:50:29.0920 4532 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
01:50:29.0920 4532 amdsata - ok
01:50:29.0967 4532 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
01:50:29.0967 4532 amdsbs - ok
01:50:29.0983 4532 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
01:50:29.0998 4532 amdxata - ok
01:50:30.0029 4532 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
01:50:30.0045 4532 AppID - ok
01:50:30.0092 4532 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
01:50:30.0092 4532 AppIDSvc - ok
01:50:30.0139 4532 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
01:50:30.0139 4532 Appinfo - ok
01:50:30.0310 4532 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:50:30.0326 4532 Apple Mobile Device - ok
01:50:30.0404 4532 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
01:50:30.0404 4532 AppMgmt - ok
01:50:30.0466 4532 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
01:50:30.0466 4532 arc - ok
01:50:30.0497 4532 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
01:50:30.0497 4532 arcsas - ok
01:50:30.0560 4532 aswFsBlk (1c1f3d6dddc046c920c493a779649f66) C:\Windows\system32\drivers\aswFsBlk.sys
01:50:30.0560 4532 aswFsBlk - ok
01:50:30.0622 4532 aswMonFlt (a48d8015af2a0d8b4937613ffbfd28de) C:\Windows\system32\drivers\aswMonFlt.sys
01:50:30.0622 4532 aswMonFlt - ok
01:50:30.0638 4532 aswRdr (4a951beba9e49410cde478b6f6abb252) C:\Windows\System32\Drivers\aswrdr2.sys
01:50:30.0653 4532 aswRdr - ok
01:50:30.0716 4532 aswSnx (73dbcf808e00580f2a47f93dd9b03876) C:\Windows\system32\drivers\aswSnx.sys
01:50:30.0731 4532 aswSnx - ok
01:50:30.0778 4532 aswSP (6cbd7d3a33f498d09c831cdd732da2e0) C:\Windows\system32\drivers\aswSP.sys
01:50:30.0794 4532 aswSP - ok
01:50:30.0825 4532 aswTdi (7109a9aa551f37cd168c02368465957e) C:\Windows\system32\drivers\aswTdi.sys
01:50:30.0825 4532 aswTdi - ok
01:50:30.0887 4532 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
01:50:30.0903 4532 AsyncMac - ok
01:50:30.0919 4532 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
01:50:30.0919 4532 atapi - ok
01:50:31.0059 4532 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
01:50:31.0090 4532 athr - ok
01:50:31.0184 4532 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
01:50:31.0184 4532 AudioEndpointBuilder - ok
01:50:31.0199 4532 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
01:50:31.0215 4532 Audiosrv - ok
01:50:31.0309 4532 avast! Antivirus (2f7c0f3e39c45e0127fb78b2f18a41f3) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
01:50:31.0309 4532 avast! Antivirus - ok
01:50:31.0387 4532 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
01:50:31.0387 4532 AxInstSV - ok
01:50:31.0480 4532 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
01:50:31.0496 4532 b06bdrv - ok
01:50:31.0558 4532 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
01:50:31.0558 4532 b57nd60x - ok
01:50:31.0605 4532 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
01:50:31.0605 4532 BDESVC - ok
01:50:31.0621 4532 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
01:50:31.0621 4532 Beep - ok
01:50:31.0839 4532 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
01:50:31.0839 4532 BFE - ok
01:50:31.0933 4532 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\system32\qmgr.dll
01:50:31.0948 4532 BITS - ok
01:50:31.0995 4532 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
01:50:32.0011 4532 blbdrive - ok
01:50:32.0151 4532 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
01:50:32.0151 4532 Bonjour Service - ok
01:50:32.0213 4532 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
01:50:32.0229 4532 bowser - ok
01:50:32.0245 4532 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
01:50:32.0245 4532 BrFiltLo - ok
01:50:32.0276 4532 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
01:50:32.0276 4532 BrFiltUp - ok
01:50:32.0307 4532 Bridge (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
01:50:32.0307 4532 Bridge - ok
01:50:32.0338 4532 BridgeMP (77361d72a04f18809d0efb6cceb74d4b) C:\Windows\system32\DRIVERS\bridge.sys
01:50:32.0338 4532 BridgeMP - ok
01:50:32.0401 4532 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
01:50:32.0416 4532 Browser - ok
01:50:32.0479 4532 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
01:50:32.0494 4532 Brserid - ok
01:50:32.0525 4532 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
01:50:32.0525 4532 BrSerWdm - ok
01:50:32.0557 4532 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
01:50:32.0557 4532 BrUsbMdm - ok
01:50:32.0572 4532 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
01:50:32.0572 4532 BrUsbSer - ok
01:50:32.0603 4532 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
01:50:32.0603 4532 BTHMODEM - ok
01:50:32.0681 4532 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
01:50:32.0681 4532 bthserv - ok
01:50:32.0791 4532 catchme - ok
01:50:32.0853 4532 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
01:50:32.0853 4532 cdfs - ok
01:50:32.0915 4532 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
01:50:32.0915 4532 cdrom - ok
01:50:32.0993 4532 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
01:50:32.0993 4532 CertPropSvc - ok
01:50:33.0009 4532 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
01:50:33.0009 4532 circlass - ok
01:50:33.0056 4532 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
01:50:33.0056 4532 CLFS - ok
01:50:33.0181 4532 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
01:50:33.0196 4532 clr_optimization_v2.0.50727_32 - ok
01:50:33.0321 4532 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
01:50:33.0321 4532 clr_optimization_v4.0.30319_32 - ok
01:50:33.0368 4532 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
01:50:33.0368 4532 CmBatt - ok
01:50:33.0399 4532 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
01:50:33.0399 4532 cmdide - ok
01:50:33.0461 4532 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
01:50:33.0477 4532 CNG - ok
01:50:33.0508 4532 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
01:50:33.0508 4532 Compbatt - ok
01:50:33.0571 4532 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
01:50:33.0571 4532 CompositeBus - ok
01:50:33.0586 4532 COMSysApp - ok
01:50:33.0649 4532 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
01:50:33.0649 4532 crcdisk - ok
01:50:33.0711 4532 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
01:50:33.0711 4532 CryptSvc - ok
01:50:33.0789 4532 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
01:50:33.0805 4532 CSC - ok
01:50:33.0883 4532 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
01:50:33.0883 4532 CscService - ok
01:50:33.0976 4532 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
01:50:33.0976 4532 DcomLaunch - ok
01:50:34.0054 4532 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
01:50:34.0054 4532 defragsvc - ok
01:50:34.0132 4532 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
01:50:34.0148 4532 DfsC - ok
01:50:34.0210 4532 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
01:50:34.0226 4532 Dhcp - ok
01:50:34.0241 4532 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
01:50:34.0241 4532 discache - ok
01:50:34.0304 4532 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
01:50:34.0304 4532 Disk - ok
01:50:34.0366 4532 dmvsc (2a958ef85db1b61ffca65044fa4bce9e) C:\Windows\system32\drivers\dmvsc.sys
01:50:34.0366 4532 dmvsc - ok
01:50:34.0429 4532 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
01:50:34.0429 4532 Dnscache - ok
01:50:34.0507 4532 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
01:50:34.0507 4532 dot3svc - ok
01:50:34.0538 4532 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
01:50:34.0538 4532 DPS - ok
01:50:34.0600 4532 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
01:50:34.0600 4532 drmkaud - ok
01:50:34.0694 4532 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
01:50:34.0709 4532 DXGKrnl - ok
01:50:34.0772 4532 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
01:50:34.0787 4532 EapHost - ok
01:50:35.0021 4532 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
01:50:35.0084 4532 ebdrv - ok
01:50:35.0224 4532 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
01:50:35.0224 4532 EFS - ok
01:50:35.0318 4532 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
01:50:35.0333 4532 ehRecvr - ok
01:50:35.0365 4532 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
01:50:35.0365 4532 ehSched - ok
01:50:35.0567 4532 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
01:50:35.0567 4532 elxstor - ok
01:50:35.0614 4532 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
01:50:35.0614 4532 ErrDev - ok
01:50:35.0723 4532 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
01:50:35.0739 4532 EventSystem - ok
01:50:36.0020 4532 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
01:50:36.0020 4532 exfat - ok
01:50:36.0051 4532 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
01:50:36.0051 4532 fastfat - ok
01:50:36.0160 4532 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
01:50:36.0160 4532 Fax - ok
01:50:36.0223 4532 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
01:50:36.0223 4532 fdc - ok
01:50:36.0269 4532 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
01:50:36.0269 4532 fdPHost - ok
01:50:36.0301 4532 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
01:50:36.0301 4532 FDResPub - ok
01:50:36.0332 4532 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
01:50:36.0332 4532 FileInfo - ok
01:50:36.0347 4532 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
01:50:36.0347 4532 Filetrace - ok
01:50:36.0379 4532 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
01:50:36.0379 4532 flpydisk - ok
01:50:36.0425 4532 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
01:50:36.0425 4532 FltMgr - ok
01:50:36.0519 4532 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
01:50:36.0535 4532 FontCache - ok
01:50:36.0675 4532 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
01:50:36.0675 4532 FontCache3.0.0.0 - ok
01:50:36.0737 4532 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
01:50:36.0737 4532 FsDepends - ok
01:50:36.0784 4532 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
01:50:36.0784 4532 Fs_Rec - ok
01:50:36.0815 4532 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
01:50:36.0815 4532 fvevol - ok
01:50:36.0878 4532 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
01:50:36.0878 4532 gagp30kx - ok
01:50:36.0956 4532 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:50:36.0956 4532 GEARAspiWDM - ok
01:50:37.0049 4532 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
01:50:37.0049 4532 gpsvc - ok
01:50:37.0143 4532 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
01:50:37.0159 4532 gupdate - ok
01:50:37.0159 4532 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
01:50:37.0174 4532 gupdatem - ok
01:50:37.0221 4532 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
01:50:37.0221 4532 hcw85cir - ok
01:50:37.0315 4532 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
01:50:37.0315 4532 HdAudAddService - ok
01:50:37.0361 4532 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
01:50:37.0361 4532 HDAudBus - ok
01:50:37.0393 4532 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
01:50:37.0393 4532 HidBatt - ok
01:50:37.0424 4532 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
01:50:37.0424 4532 HidBth - ok
01:50:37.0486 4532 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
01:50:37.0486 4532 HidIr - ok
01:50:37.0549 4532 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\System32\hidserv.dll
01:50:37.0549 4532 hidserv - ok
01:50:37.0611 4532 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
01:50:37.0611 4532 HidUsb - ok
01:50:37.0673 4532 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
01:50:37.0689 4532 hkmsvc - ok
01:50:37.0720 4532 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
01:50:37.0736 4532 HomeGroupListener - ok
01:50:37.0798 4532 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
01:50:37.0814 4532 HomeGroupProvider - ok
01:50:37.0861 4532 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
01:50:37.0876 4532 HpSAMD - ok
01:50:37.0939 4532 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
01:50:37.0939 4532 HTTP - ok
01:50:37.0970 4532 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
01:50:37.0970 4532 hwpolicy - ok
01:50:38.0048 4532 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
01:50:38.0048 4532 i8042prt - ok
01:50:38.0126 4532 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
01:50:38.0141 4532 iaStorV - ok
01:50:38.0297 4532 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
01:50:38.0313 4532 idsvc - ok
01:50:38.0875 4532 igfx (9467514ea189475a6e7fdc5d7bde9d3f) C:\Windows\system32\DRIVERS\igdkmd32.sys
01:50:39.0031 4532 igfx - ok
01:50:39.0374 4532 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
01:50:39.0374 4532 iirsp - ok
01:50:39.0467 4532 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
01:50:39.0483 4532 IKEEXT - ok
01:50:39.0530 4532 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
01:50:39.0530 4532 intelide - ok
01:50:39.0592 4532 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
01:50:39.0592 4532 intelppm - ok
01:50:39.0623 4532 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
01:50:39.0655 4532 IPBusEnum - ok
01:50:39.0686 4532 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:50:39.0701 4532 IpFilterDriver - ok
01:50:39.0967 4532 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
01:50:39.0967 4532 iphlpsvc - ok
01:50:40.0029 4532 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
01:50:40.0029 4532 IPMIDRV - ok
01:50:40.0076 4532 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
01:50:40.0076 4532 IPNAT - ok
01:50:40.0216 4532 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
01:50:40.0232 4532 iPod Service - ok
01:50:40.0310 4532 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
01:50:40.0310 4532 IRENUM - ok
01:50:40.0341 4532 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
01:50:40.0341 4532 isapnp - ok
01:50:40.0388 4532 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
01:50:40.0388 4532 iScsiPrt - ok
01:50:40.0450 4532 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
01:50:40.0450 4532 kbdclass - ok
01:50:40.0481 4532 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
01:50:40.0481 4532 kbdhid - ok
01:50:40.0528 4532 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:50:40.0528 4532 KeyIso - ok
01:50:40.0559 4532 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
01:50:40.0559 4532 KSecDD - ok
01:50:40.0591 4532 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
01:50:40.0606 4532 KSecPkg - ok
01:50:40.0669 4532 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
01:50:40.0684 4532 KtmRm - ok
01:50:40.0747 4532 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\System32\srvsvc.dll
01:50:40.0762 4532 LanmanServer - ok
01:50:40.0825 4532 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
01:50:40.0840 4532 LanmanWorkstation - ok
01:50:40.0934 4532 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
01:50:40.0934 4532 lltdio - ok
01:50:40.0996 4532 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
01:50:41.0012 4532 lltdsvc - ok
01:50:41.0043 4532 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
01:50:41.0043 4532 lmhosts - ok
01:50:41.0090 4532 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
01:50:41.0090 4532 LSI_FC - ok
01:50:41.0121 4532 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
01:50:41.0121 4532 LSI_SAS - ok
01:50:41.0152 4532 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
01:50:41.0152 4532 LSI_SAS2 - ok
01:50:41.0183 4532 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
01:50:41.0183 4532 LSI_SCSI - ok
01:50:41.0215 4532 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
01:50:41.0215 4532 luafv - ok
01:50:41.0277 4532 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
01:50:41.0277 4532 Mcx2Svc - ok
01:50:41.0324 4532 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
01:50:41.0324 4532 megasas - ok
01:50:41.0371 4532 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
01:50:41.0386 4532 MegaSR - ok
01:50:41.0495 4532 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
01:50:41.0495 4532 Microsoft Office Groove Audit Service - ok
01:50:41.0558 4532 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
01:50:41.0558 4532 MMCSS - ok
01:50:41.0589 4532 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
01:50:41.0605 4532 Modem - ok
01:50:41.0683 4532 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
01:50:41.0683 4532 monitor - ok
01:50:41.0729 4532 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
01:50:41.0729 4532 mouclass - ok
01:50:41.0761 4532 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\drivers\mouhid.sys
01:50:41.0761 4532 mouhid - ok
01:50:41.0792 4532 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
01:50:41.0792 4532 mountmgr - ok
01:50:41.0854 4532 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
01:50:41.0870 4532 MozillaMaintenance - ok
01:50:41.0917 4532 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
01:50:41.0917 4532 mpio - ok
01:50:41.0948 4532 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
01:50:41.0948 4532 mpsdrv - ok
01:50:42.0041 4532 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
01:50:42.0041 4532 MpsSvc - ok
01:50:42.0104 4532 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
01:50:42.0104 4532 MRxDAV - ok
01:50:42.0182 4532 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
01:50:42.0197 4532 mrxsmb - ok
01:50:42.0229 4532 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:50:42.0229 4532 mrxsmb10 - ok
01:50:42.0260 4532 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:50:42.0260 4532 mrxsmb20 - ok
01:50:42.0291 4532 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
01:50:42.0291 4532 msahci - ok
01:50:42.0338 4532 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
01:50:42.0338 4532 msdsm - ok
01:50:42.0400 4532 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
01:50:42.0400 4532 MSDTC - ok
01:50:42.0447 4532 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
01:50:42.0463 4532 Msfs - ok
01:50:42.0494 4532 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
01:50:42.0494 4532 mshidkmdf - ok
01:50:42.0525 4532 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
01:50:42.0525 4532 msisadrv - ok
01:50:42.0587 4532 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
01:50:42.0603 4532 MSiSCSI - ok
01:50:42.0619 4532 msiserver - ok
01:50:42.0650 4532 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
01:50:42.0650 4532 MSKSSRV - ok
01:50:42.0681 4532 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
01:50:42.0681 4532 MSPCLOCK - ok
01:50:42.0697 4532 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
01:50:42.0697 4532 MSPQM - ok
01:50:42.0743 4532 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
01:50:42.0743 4532 MsRPC - ok
01:50:42.0806 4532 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
01:50:42.0806 4532 mssmbios - ok
01:50:42.0837 4532 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
01:50:42.0837 4532 MSTEE - ok
01:50:42.0853 4532 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
01:50:42.0853 4532 MTConfig - ok
01:50:42.0884 4532 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
01:50:42.0899 4532 Mup - ok
01:50:42.0977 4532 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
01:50:42.0977 4532 napagent - ok
01:50:43.0055 4532 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
01:50:43.0055 4532 NativeWifiP - ok
01:50:43.0149 4532 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
01:50:43.0165 4532 NDIS - ok
01:50:43.0196 4532 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
01:50:43.0196 4532 NdisCap - ok
01:50:43.0243 4532 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
01:50:43.0243 4532 NdisTapi - ok
01:50:43.0274 4532 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
01:50:43.0274 4532 Ndisuio - ok
01:50:43.0305 4532 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
01:50:43.0305 4532 NdisWan - ok
01:50:43.0367 4532 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
01:50:43.0367 4532 NDProxy - ok
01:50:43.0399 4532 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
01:50:43.0399 4532 NetBIOS - ok
01:50:43.0430 4532 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
01:50:43.0430 4532 NetBT - ok
01:50:43.0477 4532 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:50:43.0492 4532 Netlogon - ok
01:50:43.0555 4532 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
01:50:43.0570 4532 Netman - ok
01:50:43.0633 4532 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
01:50:43.0648 4532 netprofm - ok
01:50:43.0757 4532 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
01:50:43.0757 4532 NetTcpPortSharing - ok
01:50:43.0820 4532 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
01:50:43.0820 4532 nfrd960 - ok
01:50:43.0882 4532 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
01:50:43.0882 4532 NlaSvc - ok
01:50:43.0913 4532 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
01:50:43.0913 4532 Npfs - ok
01:50:43.0929 4532 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
01:50:43.0945 4532 nsi - ok
01:50:43.0960 4532 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
01:50:43.0960 4532 nsiproxy - ok
01:50:44.0101 4532 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
01:50:44.0132 4532 Ntfs - ok
01:50:44.0179 4532 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
01:50:44.0179 4532 Null - ok
01:50:44.0225 4532 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
01:50:44.0225 4532 nvraid - ok
01:50:44.0257 4532 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
01:50:44.0272 4532 nvstor - ok
01:50:44.0303 4532 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
01:50:44.0319 4532 nv_agp - ok
01:50:44.0444 4532 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:50:44.0459 4532 odserv - ok
01:50:44.0491 4532 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
01:50:44.0491 4532 ohci1394 - ok
01:50:44.0584 4532 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:50:44.0584 4532 ose - ok
01:50:44.0662 4532 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
01:50:44.0662 4532 p2pimsvc - ok
01:50:44.0709 4532 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
01:50:44.0725 4532 p2psvc - ok
01:50:44.0771 4532 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
01:50:44.0771 4532 Parport - ok
01:50:44.0818 4532 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
01:50:44.0818 4532 partmgr - ok
01:50:44.0849 4532 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
01:50:44.0849 4532 Parvdm - ok
01:50:44.0881 4532 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
01:50:44.0896 4532 PcaSvc - ok
01:50:44.0927 4532 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
01:50:44.0927 4532 pci - ok
01:50:44.0959 4532 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
01:50:44.0959 4532 pciide - ok
01:50:44.0990 4532 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
01:50:44.0990 4532 pcmcia - ok
01:50:45.0052 4532 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
01:50:45.0068 4532 pcw - ok
01:50:45.0115 4532 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
01:50:45.0130 4532 PEAUTH - ok
01:50:45.0239 4532 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
01:50:45.0255 4532 PeerDistSvc - ok
01:50:45.0427 4532 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
01:50:45.0473 4532 pla - ok
01:50:45.0676 4532 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
01:50:45.0692 4532 PlugPlay - ok
01:50:45.0739 4532 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
01:50:45.0739 4532 PNRPAutoReg - ok
01:50:45.0801 4532 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
01:50:45.0801 4532 PNRPsvc - ok
01:50:45.0879 4532 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
01:50:45.0895 4532 PolicyAgent - ok
01:50:45.0957 4532 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
01:50:45.0973 4532 Power - ok
01:50:46.0082 4532 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
01:50:46.0082 4532 PptpMiniport - ok
01:50:46.0113 4532 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
01:50:46.0113 4532 Processor - ok
01:50:46.0175 4532 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
01:50:46.0191 4532 ProfSvc - ok
01:50:46.0207 4532 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:50:46.0222 4532 ProtectedStorage - ok
01:50:46.0253 4532 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
01:50:46.0269 4532 Psched - ok
01:50:46.0363 4532 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
01:50:46.0394 4532 ql2300 - ok
01:50:46.0565 4532 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
01:50:46.0565 4532 ql40xx - ok
01:50:46.0643 4532 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
01:50:46.0643 4532 QWAVE - ok
01:50:46.0675 4532 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
01:50:46.0675 4532 QWAVEdrv - ok
01:50:46.0706 4532 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
01:50:46.0706 4532 RasAcd - ok
01:50:46.0768 4532 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
01:50:46.0768 4532 RasAgileVpn - ok
01:50:46.0799 4532 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
01:50:46.0799 4532 RasAuto - ok
01:50:46.0862 4532 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
01:50:46.0862 4532 Rasl2tp - ok
01:50:46.0955 4532 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
01:50:46.0971 4532 RasMan - ok
01:50:47.0002 4532 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
01:50:47.0002 4532 RasPppoe - ok
01:50:47.0033 4532 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
01:50:47.0033 4532 RasSstp - ok
01:50:47.0065 4532 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
01:50:47.0080 4532 rdbss - ok
01:50:47.0096 4532 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
01:50:47.0096 4532 rdpbus - ok
01:50:47.0127 4532 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
01:50:47.0127 4532 RDPCDD - ok
01:50:47.0189 4532 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
01:50:47.0189 4532 RDPDR - ok
01:50:47.0252 4532 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
01:50:47.0252 4532 RDPENCDD - ok
01:50:47.0283 4532 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
01:50:47.0283 4532 RDPREFMP - ok
01:50:47.0361 4532 RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys
01:50:47.0361 4532 RdpVideoMiniport - ok
01:50:47.0423 4532 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
01:50:47.0423 4532 RDPWD - ok
01:50:47.0486 4532 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
01:50:47.0486 4532 rdyboost - ok
01:50:47.0548 4532 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
01:50:47.0548 4532 RemoteAccess - ok
01:50:47.0611 4532 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
01:50:47.0626 4532 RemoteRegistry - ok
01:50:47.0673 4532 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
01:50:47.0689 4532 RpcEptMapper - ok
01:50:47.0751 4532 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
01:50:47.0751 4532 RpcLocator - ok
01:50:47.0798 4532 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
01:50:47.0798 4532 RpcSs - ok
01:50:47.0876 4532 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
01:50:47.0876 4532 rspndr - ok
01:50:47.0923 4532 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
01:50:47.0923 4532 s3cap - ok
01:50:47.0954 4532 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:50:47.0969 4532 SamSs - ok
01:50:48.0016 4532 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
01:50:48.0016 4532 sbp2port - ok
01:50:48.0063 4532 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
01:50:48.0079 4532 SCardSvr - ok
01:50:48.0094 4532 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
01:50:48.0094 4532 scfilter - ok
01:50:48.0172 4532 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
01:50:48.0188 4532 Schedule - ok
01:50:48.0250 4532 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
01:50:48.0250 4532 SCPolicySvc - ok
01:50:48.0297 4532 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
01:50:48.0313 4532 SDRSVC - ok
01:50:48.0375 4532 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
01:50:48.0375 4532 secdrv - ok
01:50:48.0406 4532 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
01:50:48.0406 4532 seclogon - ok
01:50:48.0453 4532 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\system32\sens.dll
01:50:48.0469 4532 SENS - ok
01:50:48.0500 4532 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
01:50:48.0515 4532 SensrSvc - ok
01:50:48.0547 4532 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
01:50:48.0547 4532 Serenum - ok
01:50:48.0578 4532 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
01:50:48.0578 4532 Serial - ok
01:50:48.0609 4532 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
01:50:48.0609 4532 sermouse - ok
01:50:48.0687 4532 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
01:50:48.0703 4532 SessionEnv - ok
01:50:48.0749 4532 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
01:50:48.0749 4532 sffdisk - ok
01:50:48.0781 4532 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
01:50:48.0781 4532 sffp_mmc - ok
01:50:48.0812 4532 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
01:50:48.0812 4532 sffp_sd - ok
01:50:48.0827 4532 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
01:50:48.0827 4532 sfloppy - ok
01:50:48.0937 4532 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
01:50:48.0937 4532 SharedAccess - ok
01:50:49.0015 4532 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
01:50:49.0030 4532 ShellHWDetection - ok
01:50:49.0093 4532 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
01:50:49.0093 4532 sisagp - ok
01:50:49.0139 4532 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
01:50:49.0139 4532 SiSRaid2 - ok
01:50:49.0186 4532 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
01:50:49.0186 4532 SiSRaid4 - ok
01:50:49.0217 4532 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
01:50:49.0217 4532 Smb - ok
01:50:49.0295 4532 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
01:50:49.0295 4532 SNMPTRAP - ok
01:50:49.0358 4532 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
01:50:49.0358 4532 spldr - ok
01:50:49.0420 4532 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
01:50:49.0420 4532 Spooler - ok
01:50:49.0732 4532 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
01:50:49.0795 4532 sppsvc - ok
01:50:49.0966 4532 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
01:50:49.0966 4532 sppuinotify - ok
01:50:50.0060 4532 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
01:50:50.0060 4532 srv - ok
01:50:50.0107 4532 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
01:50:50.0107 4532 srv2 - ok
01:50:50.0138 4532 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
01:50:50.0153 4532 srvnet - ok
01:50:50.0185 4532 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
01:50:50.0185 4532 SSDPSRV - ok
01:50:50.0216 4532 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
01:50:50.0231 4532 SstpSvc - ok
01:50:50.0278 4532 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
01:50:50.0278 4532 stexstor - ok
01:50:50.0372 4532 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
01:50:50.0387 4532 StiSvc - ok
01:50:50.0497 4532 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
01:50:50.0512 4532 storflt - ok
01:50:50.0559 4532 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
01:50:50.0559 4532 storvsc - ok
01:50:50.0606 4532 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
01:50:50.0606 4532 swenum - ok
01:50:50.0902 4532 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
01:50:50.0918 4532 swprv - ok
01:50:50.0980 4532 Synth3dVsc (f2ad8960812fd111e20e84659ef19d43) C:\Windows\system32\drivers\synth3dvsc.sys
01:50:50.0996 4532 Synth3dVsc - ok
01:50:51.0074 4532 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
01:50:51.0105 4532 SysMain - ok
01:50:51.0167 4532 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
01:50:51.0167 4532 TabletInputService - ok
01:50:51.0214 4532 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
01:50:51.0214 4532 TapiSrv - ok
01:50:51.0245 4532 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
01:50:51.0245 4532 TBS - ok
01:50:51.0401 4532 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
01:50:51.0417 4532 Tcpip - ok
01:50:51.0464 4532 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
01:50:51.0479 4532 TCPIP6 - ok
01:50:51.0620 4532 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
01:50:51.0620 4532 tcpipreg - ok
01:50:51.0651 4532 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
01:50:51.0651 4532 TDPIPE - ok
01:50:51.0698 4532 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
01:50:51.0698 4532 TDTCP - ok
01:50:51.0745 4532 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
01:50:51.0745 4532 tdx - ok
01:50:51.0823 4532 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
01:50:51.0823 4532 TermDD - ok
01:50:51.0885 4532 terminpt (052306fd76793d5d5ab5d9891fd1adbb) C:\Windows\system32\drivers\terminpt.sys
01:50:51.0885 4532 terminpt - ok
01:50:51.0963 4532 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
01:50:51.0979 4532 TermService - ok
01:50:52.0010 4532 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
01:50:52.0025 4532 Themes - ok
01:50:52.0088 4532 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
01:50:52.0088 4532 THREADORDER - ok
01:50:52.0259 4532 TomTomHOMEService (3199a477f0f06eede41bd55179f8eb05) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
01:50:52.0259 4532 TomTomHOMEService - ok
01:50:52.0322 4532 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
01:50:52.0337 4532 TrkWks - ok
01:50:52.0431 4532 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
01:50:52.0447 4532 TrustedInstaller - ok
01:50:52.0478 4532 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
01:50:52.0478 4532 tssecsrv - ok
01:50:52.0540 4532 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
01:50:52.0540 4532 TsUsbFlt - ok
01:50:52.0571 4532 TsUsbGD (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
01:50:52.0571 4532 TsUsbGD - ok
01:50:52.0618 4532 tsusbhub (045acb987c650d8186c6b4a692223860) C:\Windows\system32\drivers\tsusbhub.sys
01:50:52.0634 4532 tsusbhub - ok
01:50:52.0681 4532 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
01:50:52.0681 4532 tunnel - ok
01:50:52.0712 4532 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
01:50:52.0727 4532 uagp35 - ok
01:50:52.0774 4532 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
01:50:52.0774 4532 udfs - ok
01:50:52.0837 4532 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
01:50:52.0852 4532 UI0Detect - ok
01:50:52.0915 4532 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
01:50:52.0915 4532 uliagpkx - ok
01:50:52.0961 4532 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
01:50:52.0961 4532 umbus - ok
01:50:52.0993 4532 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
01:50:52.0993 4532 UmPass - ok
01:50:53.0055 4532 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
01:50:53.0071 4532 UmRdpService - ok
01:50:53.0133 4532 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
01:50:53.0149 4532 upnphost - ok
01:50:53.0195 4532 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
01:50:53.0211 4532 USBAAPL - ok
01:50:53.0258 4532 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
01:50:53.0258 4532 usbccgp - ok
01:50:53.0320 4532 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
01:50:53.0336 4532 usbcir - ok
01:50:53.0367 4532 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
01:50:53.0367 4532 usbehci - ok
01:50:53.0414 4532 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
01:50:53.0429 4532 usbhub - ok
01:50:53.0445 4532 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
01:50:53.0445 4532 usbohci - ok
01:50:53.0476 4532 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
01:50:53.0476 4532 usbprint - ok
01:50:53.0539 4532 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
01:50:53.0539 4532 usbscan - ok
01:50:53.0601 4532 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
01:50:53.0601 4532 USBSTOR - ok
01:50:53.0617 4532 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
01:50:53.0617 4532 usbuhci - ok
01:50:53.0679 4532 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
01:50:53.0679 4532 UxSms - ok
01:50:53.0741 4532 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
01:50:53.0741 4532 VaultSvc - ok
01:50:53.0804 4532 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
01:50:53.0804 4532 vdrvroot - ok
01:50:53.0851 4532 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
01:50:53.0866 4532 vds - ok
01:50:53.0944 4532 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
01:50:53.0944 4532 vga - ok
01:50:53.0975 4532 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
01:50:53.0975 4532 VgaSave - ok
01:50:53.0991 4532 VGPU - ok
01:50:54.0038 4532 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
01:50:54.0038 4532 vhdmp - ok
01:50:54.0100 4532 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
01:50:54.0100 4532 viaagp - ok
01:50:54.0116 4532 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
01:50:54.0131 4532 ViaC7 - ok
01:50:54.0147 4532 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
01:50:54.0147 4532 viaide - ok
01:50:54.0209 4532 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
01:50:54.0225 4532 vmbus - ok
01:50:54.0256 4532 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
01:50:54.0256 4532 VMBusHID - ok
01:50:54.0319 4532 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
01:50:54.0319 4532 volmgr - ok
01:50:54.0350 4532 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
01:50:54.0365 4532 volmgrx - ok
01:50:54.0412 4532 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
01:50:54.0412 4532 volsnap - ok
01:50:54.0475 4532 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
01:50:54.0475 4532 vsmraid - ok
01:50:54.0599 4532 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
01:50:54.0631 4532 VSS - ok
01:50:54.0677 4532 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
01:50:54.0677 4532 vwifibus - ok
01:50:54.0724 4532 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
01:50:54.0724 4532 vwififlt - ok
01:50:54.0755 4532 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
01:50:54.0755 4532 vwifimp - ok
01:50:55.0052 4532 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
01:50:55.0083 4532 W32Time - ok
01:50:55.0130 4532 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
01:50:55.0130 4532 WacomPen - ok
01:50:55.0177 4532 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:50:55.0177 4532 WANARP - ok
01:50:55.0192 4532 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
01:50:55.0192 4532 Wanarpv6 - ok
01:50:55.0348 4532 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
01:50:55.0379 4532 WatAdminSvc - ok
01:50:55.0504 4532 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
01:50:55.0535 4532 wbengine - ok
01:50:55.0613 4532 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
01:50:55.0613 4532 WbioSrvc - ok
01:50:55.0676 4532 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
01:50:55.0691 4532 wcncsvc - ok
01:50:55.0723 4532 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
01:50:55.0723 4532 WcsPlugInService - ok
01:50:56.0175 4532 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
01:50:56.0175 4532 Wd - ok
01:50:56.0237 4532 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
01:50:56.0253 4532 Wdf01000 - ok
01:50:56.0315 4532 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
01:50:56.0331 4532 WdiServiceHost - ok
01:50:56.0331 4532 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
01:50:56.0347 4532 WdiSystemHost - ok
01:50:56.0378 4532 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
01:50:56.0393 4532 WebClient - ok
01:50:56.0409 4532 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
01:50:56.0425 4532 Wecsvc - ok
01:50:56.0456 4532 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
01:50:56.0456 4532 wercplsupport - ok
01:50:56.0518 4532 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
01:50:56.0518 4532 WerSvc - ok
01:50:56.0581 4532 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
01:50:56.0581 4532 WfpLwf - ok
01:50:56.0612 4532 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
01:50:56.0612 4532 WIMMount - ok
01:50:56.0752 4532 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
01:50:56.0768 4532 WinDefend - ok
01:50:56.0783 4532 WinHttpAutoProxySvc - ok
01:50:56.0893 4532 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
01:50:56.0893 4532 Winmgmt - ok
01:50:57.0017 4532 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
01:50:57.0049 4532 WinRM - ok
01:50:57.0205 4532 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
01:50:57.0205 4532 WinUsb - ok
01:50:57.0392 4532 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
01:50:57.0407 4532 Wlansvc - ok
01:50:57.0470 4532 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
01:50:57.0470 4532 WmiAcpi - ok
01:50:57.0563 4532 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
01:50:57.0563 4532 wmiApSrv - ok
01:50:57.0953 4532 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
01:50:57.0985 4532 WMPNetworkSvc - ok
01:50:58.0047 4532 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
01:50:58.0047 4532 WPCSvc - ok
01:50:58.0078 4532 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
01:50:58.0078 4532 WPDBusEnum - ok
01:50:58.0172 4532 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
01:50:58.0172 4532 ws2ifsl - ok
01:50:58.0203 4532 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\system32\wscsvc.dll
01:50:58.0203 4532 wscsvc - ok
01:50:58.0219 4532 WSearch - ok
01:50:58.0375 4532 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
01:50:58.0406 4532 wuauserv - ok
01:50:58.0999 4532 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
01:50:59.0014 4532 WudfPf - ok
01:50:59.0061 4532 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
01:50:59.0061 4532 WUDFRd - ok
01:50:59.0139 4532 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
01:50:59.0155 4532 wudfsvc - ok
01:50:59.0186 4532 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
01:50:59.0201 4532 WwanSvc - ok
01:50:59.0342 4532 xusb21 (c26c68bcbac1f33f890c226769759209) C:\Windows\system32\DRIVERS\xusb21.sys
01:50:59.0404 4532 xusb21 - ok
01:50:59.0638 4532 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
01:51:00.0044 4532 \Device\Harddisk0\DR0 - ok
01:51:00.0059 4532 Boot (0x1200) (223de565a2230fcc265c28e0ad4a3210) \Device\Harddisk0\DR0\Partition0
01:51:00.0059 4532 \Device\Harddisk0\DR0\Partition0 - ok
01:51:00.0059 4532 ============================================================
01:51:00.0059 4532 Scan finished
01:51:00.0059 4532 ============================================================
01:51:00.0075 2052 Detected object count: 0
01:51:00.0075 2052 Actual detected object count: 0

#8 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 01:16 AM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-08 01:58:37
-----------------------------
01:58:37.526 OS Version: Windows 6.1.7601 Service Pack 1
01:58:37.526 Number of processors: 1 586 0x1601
01:58:37.526 ComputerName: BILL-PC UserName: Bill
01:58:38.368 Initialize success
01:58:38.571 AVAST engine defs: 12070701
01:58:56.449 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4
01:58:56.449 Disk 0 Vendor: Hitachi_HTS542580K9SA00 BBBOC31P Size: 76319MB BusType: 11
01:58:56.495 Disk 0 MBR read successfully
01:58:56.511 Disk 0 MBR scan
01:58:56.511 Disk 0 Windows 7 default MBR code
01:58:56.511 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76308 MB offset 63
01:58:56.542 Disk 0 scanning sectors +156280320
01:58:56.636 Disk 0 scanning C:\Windows\system32\drivers
01:59:11.138 Service scanning
01:59:41.434 Modules scanning
01:59:52.511 Disk 0 trace - called modules:
01:59:52.527 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS PCIIDEX.SYS msahci.sys
01:59:52.527 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x84f33030]
01:59:53.042 3 CLASSPNP.SYS[871ad59e] -> nt!IofCallDriver -> [0x84e54c10]
01:59:53.042 5 ACPI.sys[86cc53d4] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-4[0x84e4a030]
01:59:54.180 AVAST engine scan C:\Windows
01:59:57.145 AVAST engine scan C:\Windows\system32
02:02:28.730 AVAST engine scan C:\Windows\system32\drivers
02:02:41.787 AVAST engine scan C:\Users\Bill
02:12:05.193 AVAST engine scan C:\ProgramData
02:13:03.930 Scan finished successfully
02:13:47.305 Verifying
02:13:57.321 Disk 0 Windows 601 MBR fixed successfully
02:14:11.314 Disk 0 MBR has been saved successfully to "C:\Users\Bill\Desktop\MBR.dat"
02:14:11.314 The log file has been saved successfully to "C:\Users\Bill\Desktop\aswMBR.txt"

#9 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 08 July 2012 - 03:04 AM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\program files\Ask.com
FireFox::
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=113959&tt=060612_7_&babsrc=KW_ss&mntrId=78db3950000000000000061f3a75ca90&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=113959&tt=060612_7_
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.hardId - 78db3950000000000000061f3a75ca90
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15509
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1718:50
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#10 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 09:12 AM

The computer is still redirecting. Here is the latest log file.


ComboFix 12-07-07.04 - Bill 07/08/2012 9:41.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1014.360 [GMT -4:00]
Running from: c:\users\Bill\Desktop\ComboFix.exe
Command switches used :: c:\users\Bill\Desktop\cfScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Ask.com
c:\program files\Ask.com\assets\oobe\b.png
c:\program files\Ask.com\assets\oobe\bl.png
c:\program files\Ask.com\assets\oobe\br.png
c:\program files\Ask.com\assets\oobe\l.png
c:\program files\Ask.com\assets\oobe\pointer.png
c:\program files\Ask.com\assets\oobe\r.png
c:\program files\Ask.com\assets\oobe\t.png
c:\program files\Ask.com\assets\oobe\tl.png
c:\program files\Ask.com\assets\oobe\tr.png
c:\program files\Ask.com\cobrand.ico
c:\program files\Ask.com\config.xml
c:\program files\Ask.com\favicon.ico
c:\program files\Ask.com\fv_9db5.ico
c:\program files\Ask.com\GenericAskToolbar.dll
c:\program files\Ask.com\mupcfg.xml
c:\program files\Ask.com\SaUpdate.exe
c:\program files\Ask.com\UpdateTask.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-06-08 to 2012-07-08 )))))))))))))))))))))))))))))))
.
.
2012-07-08 13:59 . 2012-07-08 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-08 09:00 . 2012-07-08 09:00 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\offreg.dll
2012-07-06 20:13 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BF922BB-6D55-4A2F-A19D-25CE9AD9C141}\mpengine.dll
2012-06-29 02:10 . 2012-06-29 02:10 -------- d-----w- c:\program files\iPod
2012-06-25 21:56 . 2012-05-17 23:21 140920 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-06-25 21:48 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-25 21:48 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-06-25 21:48 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-25 21:48 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-24 18:07 . 2012-06-24 18:07 -------- d-----w- c:\program files\Common Files\Java
2012-06-24 18:06 . 2012-06-24 18:06 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-24 18:02 . 2012-06-24 18:02 -------- d-----w- c:\programdata\McAfee
2012-06-24 15:56 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-24 15:56 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-06-24 15:56 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-06-24 15:56 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-06-24 15:56 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-06-24 15:55 . 2012-04-28 04:41 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-06-24 15:55 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-24 15:55 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-24 15:55 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-06-24 15:55 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-24 15:54 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-24 15:54 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-24 15:54 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-24 15:54 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-24 15:54 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-24 15:54 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-24 15:54 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-06-24 15:54 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-24 15:54 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-24 15:54 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-24 15:48 . 2012-02-17 05:34 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-24 15:48 . 2012-02-17 04:13 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-24 15:44 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-24 15:44 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-24 15:44 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-24 15:44 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-24 15:44 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-24 15:44 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-24 15:44 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-24 15:44 . 2012-06-02 19:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-24 15:44 . 2012-06-02 19:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-24 15:25 . 2012-07-03 16:21 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-06-24 15:25 . 2012-07-03 16:21 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-06-24 15:24 . 2012-07-03 16:21 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-06-24 15:24 . 2012-07-03 16:21 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-06-24 15:24 . 2012-07-03 16:21 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-06-24 15:24 . 2012-07-03 16:21 57656 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-06-24 15:23 . 2012-07-03 16:21 41224 ----a-w- c:\windows\avastSS.scr
2012-06-24 15:23 . 2012-07-03 16:21 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\programdata\AVAST Software
2012-06-24 15:23 . 2012-06-24 15:23 -------- d-----w- c:\program files\AVAST Software
2012-06-22 00:45 . 2012-06-22 00:45 388096 ----a-r- c:\users\Bill\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2012-06-22 00:45 . 2012-06-22 00:45 -------- d-----w- c:\program files\Trend Micro
2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-06-18 22:50 . 2012-06-18 22:50 -------- d-----w- c:\program files\7-Zip
2012-06-18 22:50 . 2012-06-18 22:50 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-18 22:50 . 2012-06-18 22:50 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-24 18:06 . 2011-05-19 20:43 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-06-18 22:50 . 2011-05-19 22:12 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2012-01-23 247728]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"Xvid"="c:\program files\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-10-06 59240]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
c:\users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 37647026
*NewlyCreated* - ASWMBR
*Deregistered* - 37647026
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-27 15:25]
.
2012-07-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]
.
2012-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job
- c:\users\Bill\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-12 00:55]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: Download with Mipony - file://c:\program files\MiPony\Browser\IEContext.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-07-08 10:08:45
ComboFix-quarantined-files.txt 2012-07-08 14:08
ComboFix2.txt 2012-07-08 05:03
ComboFix3.txt 2011-04-29 00:59
.
Pre-Run: 19,547,127,808 bytes free
Post-Run: 19,620,110,336 bytes free
.
- - End Of File - - 3DDDE36763B22BBEF4DC2271311464CF

#11 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 08 July 2012 - 12:37 PM

Greetings

it is only redirecting on chrome and nothing else?


Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#12 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 12:44 PM

It seems to redirect on firefox also, thru babylon. I`ve been using chrome exclusively. I never use IE.

#13 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 08 July 2012 - 12:54 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#14 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 05:59 PM

It's scanning now. Should I run fix, when it's done?

#15 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 08 July 2012 - 07:37 PM

OTL logfile created on: 7/8/2012 7:37:42 PM - Run 1
OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Bill\Desktop
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1013.99 Mb Total Physical Memory | 480.29 Mb Available Physical Memory | 47.37% Memory free
1.99 Gb Paging File | 1.01 Gb Available in Paging File | 50.95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 17.86 Gb Free Space | 23.97% Space Free | Partition Type: NTFS

Computer Name: BILL-PC | User Name: Bill | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Bill\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
PRC - C:\Program Files\IObit\Game Booster 3\gbtray.exe (IObit)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PrintIsolationHost.exe (Microsoft Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\IObit\Game Booster 3\sqlite3.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom)
SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (mbr) -- C:\ComboFix\mbr.sys File not found
DRV - (catchme) -- C:\Users\Bill\AppData\Local\Temp\catchme.sys File not found
DRV - (aswMBR) -- C:\Users\Bill\AppData\Local\Temp\aswMBR.sys File not found
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (tsusbhub) -- C:\Windows\System32\drivers\tsusbhub.sys (Microsoft Corporation)
DRV - (Synth3dVsc) -- C:\Windows\System32\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV - (dmvsc) -- C:\Windows\System32\drivers\dmvsc.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbGD) -- C:\Windows\System32\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV - (terminpt) -- C:\Windows\System32\drivers\terminpt.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000061f3a75ca90
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/07/04 08:39:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/28 22:03:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/28 22:03:13 | 000,000,000 | ---D | M]

[2011/06/29 21:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions
[2011/06/29 21:05:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com
[2012/06/18 18:50:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\extensions
[2012/06/24 14:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/06/24 14:06:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2009/07/13 19:11:12 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\BILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\718TW7JI.DEFAULT\EXTENSIONS\VHEWRNWLFG@VHEWRNWLFG.ORG.XPI
[2012/06/18 18:50:29 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/03/18 15:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/03/18 15:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2012/06/18 18:50:10 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/03/15 11:51:45 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/03/15 11:51:45 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms},
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Bill\AppData\Local\Google\Chrome\Application\20.0.1132.47\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CHR - plugin: Coupons Inc., Coupon Printer Manager (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Coupon Alert Installer Plugin Stub (Enabled) = C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Bill\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: TimelineRemove = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\
CHR - Extension: avast! WebRep = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1456_0\
CHR - Extension: privacyscore by PrivacyChoice = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\
CHR - Extension: Gmail = C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012/07/08 09:59:34 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom)
O4 - HKU\S-1-5-21-333680662-3317831912-918726619-1002..\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe ()
O4 - Startup: C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-333680662-3317831912-918726619-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-333680662-3317831912-918726619-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with Mipony - C:\Program Files\MiPony\Browser\IEContext.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/...SetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1976FBF0-6ECC-4C71-A667-6B5547EA0FE1}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/07/08 18:39:54 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2012/07/08 10:08:58 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/07/08 10:08:49 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/07/08 00:30:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/07/08 00:30:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/07/08 00:30:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/07/08 00:29:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/07/08 00:28:43 | 004,574,136 | R--- | C] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe
[2012/07/07 18:47:39 | 002,135,640 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\123.com
[2012/07/01 21:07:06 | 000,000,000 | ---D | C] -- C:\Users\Bill\Documents\OneNote Notebooks
[2012/06/28 22:12:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/06/28 22:10:28 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/06/28 22:03:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2012/06/28 22:02:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/06/25 17:56:52 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/06/25 17:56:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/06/25 17:56:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/06/25 17:56:49 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/06/25 17:56:46 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012/06/25 17:56:45 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/06/25 17:56:42 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/06/24 14:07:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012/06/24 14:06:36 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/24 14:06:35 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/24 14:06:35 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/24 14:06:35 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/24 14:02:44 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012/06/24 11:55:42 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2012/06/24 11:55:33 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2012/06/24 11:55:31 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2012/06/24 11:54:57 | 002,343,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012/06/24 11:54:55 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2012/06/24 11:54:55 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe
[2012/06/24 11:54:54 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll
[2012/06/24 11:54:46 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll
[2012/06/24 11:48:51 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll
[2012/06/24 11:44:56 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012/06/24 11:44:55 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012/06/24 11:44:40 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012/06/24 11:44:40 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012/06/24 11:44:40 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012/06/24 11:44:22 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012/06/24 11:44:22 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012/06/24 11:25:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/06/24 11:25:02 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/06/24 11:25:01 | 000,353,688 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/06/24 11:24:57 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/06/24 11:24:56 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/06/24 11:24:54 | 000,721,000 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/06/24 11:24:49 | 000,057,656 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/06/24 11:23:48 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/06/24 11:23:47 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/06/24 11:23:29 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/06/24 11:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/06/21 21:55:47 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt
[2012/06/21 20:45:20 | 000,000,000 | ---D | C] -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2012/06/21 20:45:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2012/06/18 18:50:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/06/18 18:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012/06/18 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2012/06/18 18:50:37 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2002/03/25 11:03:34 | 000,638,976 | ---- | C] (HMP - Hard- & Software GmbH) -- C:\Users\Bill\NPSI2KVW.dll

========== Files - Modified Within 30 Days ==========

[2012/07/08 19:44:02 | 000,000,904 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job
[2012/07/08 19:31:57 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/07/08 18:40:42 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Bill\Desktop\OTL.exe
[2012/07/08 17:44:01 | 000,000,852 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job
[2012/07/08 11:30:01 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/07/08 09:59:34 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/07/08 02:14:11 | 000,000,512 | ---- | M] () -- C:\Users\Bill\Desktop\MBR.dat
[2012/07/08 00:28:49 | 004,574,136 | R--- | M] (Swearware) -- C:\Users\Bill\Desktop\ComboFix.exe
[2012/07/08 00:26:10 | 000,624,178 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/08 00:26:10 | 000,106,522 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/07 22:32:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/07 19:07:07 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 19:07:07 | 000,021,280 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/07 18:59:34 | 797,433,856 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/04 08:39:56 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/07/03 12:21:54 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/07/03 12:21:53 | 000,721,000 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/07/03 12:21:53 | 000,353,688 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/07/03 12:21:53 | 000,057,656 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/07/03 12:21:53 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/07/03 12:21:53 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/07/03 12:21:32 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/07/03 12:21:28 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/07/02 20:01:46 | 002,135,640 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Bill\Desktop\123.com
[2012/07/02 18:14:19 | 000,002,391 | ---- | M] () -- C:\Users\Bill\Desktop\Google Chrome.lnk
[2012/07/01 21:07:04 | 000,001,276 | ---- | M] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/28 22:12:34 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/28 22:03:00 | 000,001,815 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/25 18:37:37 | 000,436,920 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/06/24 14:06:20 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe
[2012/06/24 14:06:20 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe
[2012/06/24 14:06:20 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe
[2012/06/24 14:06:19 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll
[2012/06/24 14:06:19 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll
[2012/06/24 11:25:03 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/21 20:45:20 | 000,002,959 | ---- | M] () -- C:\Users\Bill\Desktop\HiJackThis.lnk
[2012/06/19 08:36:36 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/18 18:50:18 | 000,000,487 | ---- | M] () -- C:\user.js

========== Files Created - No Company Name ==========

[2012/07/08 02:14:11 | 000,000,512 | ---- | C] () -- C:\Users\Bill\Desktop\MBR.dat
[2012/07/08 00:30:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/07/08 00:30:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/07/08 00:30:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/07/08 00:30:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/07/08 00:30:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/07/01 21:07:04 | 000,001,276 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
[2012/06/28 22:12:34 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/06/28 22:03:00 | 000,001,815 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk
[2012/06/24 11:25:03 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/06/21 20:45:20 | 000,002,959 | ---- | C] () -- C:\Users\Bill\Desktop\HiJackThis.lnk
[2012/06/19 08:36:36 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2011/11/24 21:47:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/11/24 21:47:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/11/24 20:59:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/08/02 21:56:21 | 000,000,124 | ---- | C] () -- C:\Windows\wininit.ini
[2011/05/15 00:43:59 | 000,000,000 | ---- | C] () -- C:\Users\Bill\AppData\Roaming\chrtmp
[2011/05/10 21:03:26 | 000,000,000 | ---- | C] () -- C:\Windows\System32\imblacklist.dat
[2011/05/01 20:08:04 | 000,361,726 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011/04/29 16:52:29 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2010/11/20 17:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010/11/20 17:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

========== Files - Unicode (All) ==========
[2011/11/24 11:22:37 | 000,000,000 | ---- | M] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污
[2011/11/24 11:22:37 | 000,000,000 | ---- | C] ()(C:\Windows\System32\?????) -- C:\Windows\System32\獷楬汢捯污

< End of report >

#16 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 09 July 2012 - 01:04 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
    FF - HKLM\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll File not found
    FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
    O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
    O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
    IE - HKU\S-1-5-21-333680662-3317831912-918726619-1002\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylo...000061f3a75ca90
    FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
    FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
    [2009/07/13 19:11:12 | 000,004,813 | ---- | M] () (No name found) -- C:\USERS\BILL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\718TW7JI.DEFAULT\EXTENSIONS\VHEWRNWLFG@VHEWRNWLFG.ORG.XPI
    [2012/06/18 18:50:10 | 000,002,352 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
    :Files
    C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
    C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
    C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc
    C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#17 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 09 July 2012 - 03:51 PM

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@ei.CouponAlert_2p.com/Plugin\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4a99-B4B6-146BF802613B}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{98889811-442D-49dd-99D7-DC866BE87DBC} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49dd-99D7-DC866BE87DBC}\ deleted successfully.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
HKEY_USERS\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-333680662-3317831912-918726619-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Prefs.js: "Search the web (Babylon)" removed from browser.search.defaultenginename
Prefs.js: "Search the web (Babylon)" removed from browser.search.order.1
C:\Users\Bill\AppData\Roaming\Mozilla\Firefox\Profiles\718tw7ji.default\extensions\vhewrnwlfg@vhewrnwlfg.org.xpi moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
========== FILES ==========
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll moved successfully.
File\Folder C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll not found.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_TW folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\zh_CN folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\vi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\uk folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\tr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\th folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sv folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\sk folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ru folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ro folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_PT folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pt_BR folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\pl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\no folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\nl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lv folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\lt folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ko folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ja folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\it folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\id folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hu folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\hi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\he folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fil folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\fi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\es folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\en folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\el folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\de folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\da folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\cs folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ca folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\bg folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales\ar folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX\_locales folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\__MACOSX folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_TW folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\zh_CN folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\vi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\uk folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\tr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\th folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sv folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\sk folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ru folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ro folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_PT folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pt_BR folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\pl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\no folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\nl folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lv folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\lt folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ko folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ja folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\it folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\id folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hu folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\hi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\he folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fr folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fil folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\fi folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\es folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\en folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\el folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\de folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\da folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\cs folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ca folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\bg folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales\ar folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\_locales folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\images folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\windows folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\utils folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\traits folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\tabs folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\img folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\events folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\dom folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib\content folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\lib folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils\data folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\api-utils folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit\lib folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit\data folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0\addon-kit folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc\0.9.8_0 folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnedfaenfnkikficknkklbdedlecmpgc folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\js folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0\img folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd\1.4.2_0 folder moved successfully.
C:\Users\Bill\AppData\Local\Google\Chrome\User Data\Default\Extensions\igejbdpebbmpkkoonkpdgjlnhjeljebd folder moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Bill\Desktop\cmd.bat deleted successfully.
C:\Users\Bill\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Bill
->Java cache emptied: 0 bytes

User: Default

User: Default User

User: Public

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Bill
->Flash cache emptied: 79687 bytes

User: Default
->Flash cache emptied: 56466 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.53.1 log created on 07092012_164840

#18 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 09 July 2012 - 03:58 PM

Still redirecting

#19 gringo_pr

gringo_pr

    Staff

  • Moderators
  • PipPipPipPipPipPip
  • 9,609 posts
  • Gender:Male

Posted 10 July 2012 - 01:00 AM

Hello

download Farbar Recovery Scan Tool and save it to a flash drive.


Plug the flash drive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:
Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt
[*]Select Command Prompt
[*]In the command window type in notepad and press Enter.
[*]The notepad opens. Under File menu select Open.
[*]Select "Computer" and find your flash drive letter and close the notepad.
[*]In the command window type e:\frst.exe and press Enter
Note: Replace letter e with the drive letter of your flash drive.
[*]The tool will start to run.
[*]When the tool opens click Yes to disclaimer.
[*]Press Scan button.
[*]It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.[/list]
Gringo[/b]
William Rowland
Product Support

Posted Image

Follow us: Twitter, Become a fan: Facebook

#20 easy_b

easy_b

    New Member

  • Members
  • Pip
  • 18 posts

Posted 10 July 2012 - 04:20 PM

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 10-07-2012
Ran by SYSTEM at 10-07-2012 17:08:00
Running from F:\
Windows 7 Ultimate Service Pack 1 (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [141848 2009-09-23] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [173592 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [150552 2009-09-23] (Intel Corporation)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [35736 2011-01-30] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [932288 2010-11-10] (Adobe Systems Incorporated)
HKLM\...\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-05] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun [718688 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4273976 2012-07-03] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-04-18] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Bill\...\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe" [247728 2012-01-22] (TomTom)
HKU\Bill\...\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59240 2012-02-23] (Apple Inc.)
HKU\Bill\...\Run: [Xvid] C:\Program Files\Xvid\CheckUpdate.exe [8192 2011-01-17] ()
HKU\Bill\...\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe [59240 2012-02-23] (Apple Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\Bill\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Bill\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

================================ Services (Whitelisted) ==================

2 avast! Antivirus; "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [44808 2012-07-03] (AVAST Software)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)

========================== Drivers (Whitelisted) =============

3 AgereSoftModem; C:\Windows\System32\DRIVERS\AGRSM.sys [1035776 2009-07-13] (LSI Corp)
2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-07-03] (AVAST Software)
2 aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [57656 2012-07-03] (AVAST Software)
1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [44784 2012-07-03] (AVAST Software)
1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [721000 2012-07-03] (AVAST Software)
1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [353688 2012-07-03] (AVAST Software)
1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-07-03] (AVAST Software)
3 xusb21; C:\Windows\System32\DRIVERS\xusb21.sys [60160 2009-08-13] (Microsoft Corporation)
3 catchme; \??\C:\Users\Bill\AppData\Local\Temp\catchme.sys [x]
3 VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-10 13:00 - 2012-07-10 13:00 - 00890230 ____A (Farbar) C:\Users\Bill\Desktop\FRST.exe
2012-07-09 12:48 - 2012-07-09 12:48 - 00000000 ____D C:\_OTL
2012-07-09 12:44 - 2012-07-09 12:44 - 00000000 ____D C:\avast! sandbox
2012-07-09 12:43 - 2012-07-09 12:43 - 00595968 ____A (OldTimer Tools) C:\Users\Bill\Desktop\OTL.exe
2012-07-09 12:42 - 2012-07-09 12:42 - 04574937 ____A (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2012-07-08 05:30 - 2012-07-08 05:30 - 00000000 ____A C:\Users\Bill\Desktop\New Text Document.txt
2012-07-07 22:14 - 2012-07-07 22:14 - 00000512 ____A C:\Users\Bill\Desktop\MBR.dat
2012-07-07 21:53 - 2012-07-07 21:53 - 04731392 ____A (AVAST Software) C:\Users\Bill\Downloads\aswMBR.exe
2012-07-07 20:29 - 2012-07-07 20:57 - 00000000 ____D C:\Windows\erdnt
2012-07-07 20:18 - 2012-07-07 20:18 - 00881475 ____A C:\Users\Bill\Downloads\SecurityCheck.exe
2012-07-07 19:55 - 2012-07-07 19:55 - 00004486 ____A C:\Users\Bill\Desktop\Attach.txt
2012-07-07 19:44 - 2012-07-07 19:44 - 00607260 ____R (Swearware) C:\Users\Bill\Downloads\dds.scr
2012-07-07 14:47 - 2012-07-07 14:47 - 02116179 ____A C:\Users\Bill\Downloads\tdsskiller.zip
2012-07-07 14:47 - 2012-07-02 16:01 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Desktop\123.com
2012-07-07 14:41 - 2012-07-07 14:42 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Downloads\tdsskiller (1).exe
2012-07-01 17:07 - 2012-07-01 17:07 - 00000000 ____D C:\Users\Bill\Documents\OneNote Notebooks
2012-06-28 18:12 - 2012-06-28 18:12 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-28 18:10 - 2012-06-28 18:10 - 00000000 ____D C:\Program Files\iPod
2012-06-28 18:03 - 2012-06-28 18:03 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-28 18:02 - 2012-06-28 18:03 - 00000000 ____D C:\Program Files\QuickTime
2012-06-25 13:56 - 2012-05-17 15:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-25 13:56 - 2012-05-17 14:48 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-25 13:56 - 2012-05-17 14:45 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-25 13:56 - 2012-05-17 14:36 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-25 13:56 - 2012-05-17 14:35 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-25 13:56 - 2012-05-17 14:35 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-25 13:56 - 2012-05-17 14:33 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-25 13:56 - 2012-05-17 14:31 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-25 13:56 - 2012-05-17 14:29 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-25 13:56 - 2012-05-17 14:29 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-25 13:56 - 2012-05-17 14:27 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-25 13:56 - 2012-05-17 14:25 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-25 13:56 - 2012-05-17 14:24 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-25 13:56 - 2012-05-17 14:20 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-25 13:48 - 2012-02-29 21:46 - 00019824 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\fs_rec.sys
2012-06-25 13:48 - 2012-02-29 21:37 - 00172544 ____A (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2012-06-25 13:48 - 2012-02-29 21:33 - 00159232 ____A (Microsoft Corporation) C:\Windows\System32\imagehlp.dll
2012-06-25 13:48 - 2012-02-29 21:29 - 00005120 ____A (Microsoft Corporation) C:\Windows\System32\wmi.dll
2012-06-24 10:07 - 2012-06-24 10:07 - 00000000 ____D C:\Program Files\Common Files\Java
2012-06-24 10:06 - 2012-06-24 10:06 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-24 10:06 - 2012-06-24 10:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-24 10:02 - 2012-06-24 10:02 - 00000000 ____D C:\Users\All Users\McAfee
2012-06-24 07:56 - 2012-03-30 02:23 - 01291632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2012-06-24 07:55 - 2012-04-27 20:41 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-06-24 07:55 - 2012-04-27 19:17 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-24 07:55 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-24 07:55 - 2012-03-30 20:39 - 03968368 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2012-06-24 07:55 - 2012-03-30 20:39 - 03913072 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-24 07:54 - 2012-05-14 17:05 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-24 07:54 - 2012-04-30 20:44 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-24 07:54 - 2012-04-25 20:45 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-24 07:54 - 2012-04-25 20:45 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-24 07:54 - 2012-04-25 20:41 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-24 07:54 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-24 07:54 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-24 07:54 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-24 07:54 - 2012-03-16 23:27 - 00056176 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\partmgr.sys
2012-06-24 07:54 - 2012-03-02 21:31 - 01077248 ____A (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2012-06-24 07:48 - 2012-02-16 21:34 - 00826880 ____A (Microsoft Corporation) C:\Windows\System32\rdpcore.dll
2012-06-24 07:48 - 2012-02-16 20:13 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tdtcp.sys
2012-06-24 07:44 - 2012-06-02 14:19 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-24 07:44 - 2012-06-02 14:19 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-24 07:44 - 2012-06-02 14:19 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-24 07:44 - 2012-06-02 14:19 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-24 07:44 - 2012-06-02 14:19 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-24 07:44 - 2012-06-02 14:12 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-24 07:44 - 2012-06-02 14:12 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-24 07:44 - 2012-06-02 11:19 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-24 07:44 - 2012-06-02 11:12 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-24 07:25 - 2012-07-03 08:21 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-06-24 07:25 - 2012-07-03 08:21 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-06-24 07:25 - 2012-06-24 07:25 - 00001994 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-24 07:24 - 2012-07-03 08:21 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-06-24 07:24 - 2012-07-03 08:21 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-06-24 07:24 - 2012-07-03 08:21 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-06-24 07:24 - 2012-07-03 08:21 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-06-24 07:23 - 2012-07-03 08:21 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-06-24 07:23 - 2012-07-03 08:21 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-06-24 07:23 - 2012-06-24 07:23 - 00000000 ____D C:\Users\All Users\AVAST Software
2012-06-24 07:23 - 2012-06-24 07:23 - 00000000 ____D C:\Program Files\AVAST Software
2012-06-24 07:21 - 2012-06-24 07:22 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup (1).exe
2012-06-24 07:17 - 2012-06-24 07:17 - 00374616 ____A C:\Users\Bill\Downloads\avast! Professional Antivirus 7 + Anti Spyware Free DownloadSetup.exe
2012-06-23 05:33 - 2012-06-23 05:33 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup.exe
2012-06-21 17:55 - 2012-06-21 17:56 - 00000000 ____D C:\Windows\System32\appmgmt
2012-06-21 16:45 - 2012-06-21 16:45 - 00002959 ____A C:\Users\Bill\Desktop\HiJackThis.lnk
2012-06-21 16:45 - 2012-06-21 16:45 - 00000000 ____D C:\Program Files\Trend Micro
2012-06-21 16:44 - 2012-06-21 16:44 - 01402880 ____A C:\Users\Bill\Downloads\HiJackThis.msi
2012-06-19 04:36 - 2012-06-19 04:36 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Users\All Users\Mozilla
2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2012-06-18 14:50 - 2012-06-18 14:50 - 00000000 ____D C:\Program Files\7-Zip
2012-06-15 14:39 - 2012-06-15 14:39 - 00009754 ____A C:\Users\Bill\Downloads\imgburn_write.txt
2012-06-14 20:22 - 2012-06-14 20:33 - 00085096 ____A C:\Users\Bill\Downloads\dvdauthor.txt
2012-06-14 20:22 - 2012-06-14 20:22 - 00000766 ____A C:\Users\Bill\Downloads\dvdauthor.xml
2012-06-14 20:17 - 2012-06-14 20:22 - 00002701 ____A C:\Users\Bill\Downloads\mplex_title1.txt
2012-06-14 20:13 - 2012-06-14 20:17 - 00002700 ____A C:\Users\Bill\Downloads\mplex_title0.txt
2012-06-14 20:07 - 2012-06-14 20:13 - 00038504 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title1_track0_source0.txt
2012-06-14 20:03 - 2012-06-14 20:07 - 00031351 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title0_track0_source0.txt
2012-06-14 17:54 - 2012-06-14 20:03 - 01138836 ____A C:\Users\Bill\Downloads\ffmpeg_video_title1_source0.txt


============ 3 Months Modified Files ========================

2012-07-10 13:02 - 2010-11-20 13:01 - 00726316 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-10 13:01 - 2012-03-04 07:59 - 00001634 ____A C:\Windows\setupact.log
2012-07-10 13:00 - 2012-07-10 13:00 - 00890230 ____A (Farbar) C:\Users\Bill\Desktop\FRST.exe
2012-07-10 12:44 - 2012-03-11 16:55 - 00000904 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002UA.job
2012-07-10 12:30 - 2012-05-27 07:25 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-10 07:30 - 2012-05-27 07:25 - 00000878 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-09 13:44 - 2012-03-11 16:55 - 00000852 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-333680662-3317831912-918726619-1002Core.job
2012-07-09 12:43 - 2012-07-09 12:43 - 00595968 ____A (OldTimer Tools) C:\Users\Bill\Desktop\OTL.exe
2012-07-09 12:42 - 2012-07-09 12:42 - 04574937 ____A (Swearware) C:\Users\Bill\Desktop\ComboFix.exe
2012-07-09 05:20 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-09 05:20 - 2009-07-13 20:34 - 00021280 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-09 05:12 - 2012-03-04 07:58 - 00010248 ____A C:\Windows\PFRO.log
2012-07-09 05:12 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-08 05:59 - 2009-07-13 18:04 - 00000215 ____A C:\Windows\system.ini
2012-07-08 05:30 - 2012-07-08 05:30 - 00000000 ____A C:\Users\Bill\Desktop\New Text Document.txt
2012-07-07 22:14 - 2012-07-07 22:14 - 00000512 ____A C:\Users\Bill\Desktop\MBR.dat
2012-07-07 21:53 - 2012-07-07 21:53 - 04731392 ____A (AVAST Software) C:\Users\Bill\Downloads\aswMBR.exe
2012-07-07 20:18 - 2012-07-07 20:18 - 00881475 ____A C:\Users\Bill\Downloads\SecurityCheck.exe
2012-07-07 19:55 - 2012-07-07 19:55 - 00004486 ____A C:\Users\Bill\Desktop\Attach.txt
2012-07-07 19:44 - 2012-07-07 19:44 - 00607260 ____R (Swearware) C:\Users\Bill\Downloads\dds.scr
2012-07-07 14:47 - 2012-07-07 14:47 - 02116179 ____A C:\Users\Bill\Downloads\tdsskiller.zip
2012-07-07 14:42 - 2012-07-07 14:41 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Downloads\tdsskiller (1).exe
2012-07-04 04:39 - 2009-07-13 18:04 - 00002577 ____A C:\Windows\System32\config.nt
2012-07-03 08:21 - 2012-06-24 07:25 - 00353688 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSP.sys
2012-07-03 08:21 - 2012-06-24 07:25 - 00021256 ____A (AVAST Software) C:\Windows\System32\Drivers\aswFsBlk.sys
2012-07-03 08:21 - 2012-06-24 07:24 - 00721000 ____A (AVAST Software) C:\Windows\System32\Drivers\aswSnx.sys
2012-07-03 08:21 - 2012-06-24 07:24 - 00057656 ____A (AVAST Software) C:\Windows\System32\Drivers\aswMonFlt.sys
2012-07-03 08:21 - 2012-06-24 07:24 - 00054232 ____A (AVAST Software) C:\Windows\System32\Drivers\aswTdi.sys
2012-07-03 08:21 - 2012-06-24 07:24 - 00044784 ____A (AVAST Software) C:\Windows\System32\Drivers\aswRdr2.sys
2012-07-03 08:21 - 2012-06-24 07:23 - 00227648 ____A (AVAST Software) C:\Windows\System32\aswBoot.exe
2012-07-03 08:21 - 2012-06-24 07:23 - 00041224 ____A (AVAST Software) C:\Windows\avastSS.scr
2012-07-02 16:01 - 2012-07-07 14:47 - 02135640 ____A (Kaspersky Lab ZAO) C:\Users\Bill\Desktop\123.com
2012-07-02 14:14 - 2012-03-11 16:56 - 00002391 ____A C:\Users\Bill\Desktop\Google Chrome.lnk
2012-06-28 18:12 - 2012-06-28 18:12 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk
2012-06-28 18:03 - 2012-06-28 18:03 - 00001815 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2012-06-25 14:37 - 2009-07-13 20:33 - 00436920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-06-24 10:06 - 2012-06-24 10:06 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\System32\npdeployJava1.dll
2012-06-24 10:06 - 2012-06-24 10:06 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaws.exe
2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\javaw.exe
2012-06-24 10:06 - 2012-06-24 10:06 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\System32\java.exe
2012-06-24 10:06 - 2011-05-19 12:43 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\System32\deployJava1.dll
2012-06-24 07:25 - 2012-06-24 07:25 - 00001994 ____A C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2012-06-24 07:22 - 2012-06-24 07:21 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup (1).exe
2012-06-24 07:17 - 2012-06-24 07:17 - 00374616 ____A C:\Users\Bill\Downloads\avast! Professional Antivirus 7 + Anti Spyware Free DownloadSetup.exe
2012-06-23 05:33 - 2012-06-23 05:33 - 74761776 ____A C:\Users\Bill\Downloads\avast_free_antivirus_setup.exe
2012-06-21 16:45 - 2012-06-21 16:45 - 00002959 ____A C:\Users\Bill\Desktop\HiJackThis.lnk
2012-06-21 16:44 - 2012-06-21 16:44 - 01402880 ____A C:\Users\Bill\Downloads\HiJackThis.msi
2012-06-19 04:36 - 2012-06-19 04:36 - 00001067 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-06-18 14:50 - 2012-02-23 15:39 - 00000487 ____A C:\user.js
2012-06-15 14:39 - 2012-06-15 14:39 - 00009754 ____A C:\Users\Bill\Downloads\imgburn_write.txt
2012-06-15 14:39 - 2012-02-13 08:21 - 00004944 ____A C:\Users\Bill\Downloads\dvdflick.log
2012-06-14 20:33 - 2012-06-14 20:22 - 00085096 ____A C:\Users\Bill\Downloads\dvdauthor.txt
2012-06-14 20:22 - 2012-06-14 20:22 - 00000766 ____A C:\Users\Bill\Downloads\dvdauthor.xml
2012-06-14 20:22 - 2012-06-14 20:17 - 00002701 ____A C:\Users\Bill\Downloads\mplex_title1.txt
2012-06-14 20:17 - 2012-06-14 20:13 - 00002700 ____A C:\Users\Bill\Downloads\mplex_title0.txt
2012-06-14 20:13 - 2012-06-14 20:07 - 00038504 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title1_track0_source0.txt
2012-06-14 20:07 - 2012-06-14 20:03 - 00031351 ____A C:\Users\Bill\Downloads\ffmpeg_audio_title0_track0_source0.txt
2012-06-14 20:03 - 2012-06-14 17:54 - 01138836 ____A C:\Users\Bill\Downloads\ffmpeg_video_title1_source0.txt
2012-06-14 17:54 - 2012-02-13 08:21 - 00875352 ____A C:\Users\Bill\Downloads\ffmpeg_video_title0_source0.txt
2012-06-03 19:35 - 2011-04-29 13:01 - 56731752 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-06-02 14:19 - 2012-06-24 07:44 - 01933848 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-24 07:44 - 00577048 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-24 07:44 - 00053784 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-24 07:44 - 00045080 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-24 07:44 - 00035864 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:12 - 2012-06-24 07:44 - 02422272 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:12 - 2012-06-24 07:44 - 00088576 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 11:19 - 2012-06-24 07:44 - 00171904 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 11:12 - 2012-06-24 07:44 - 00033792 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-05-27 07:26 - 2012-05-27 07:26 - 00002170 ____A C:\Users\Public\Desktop\Google Earth.lnk
2012-05-27 07:23 - 2012-05-27 07:22 - 00739816 ____A (Google Inc.) C:\Users\Bill\Downloads\GoogleEarthSetup.exe
2012-05-19 17:05 - 2012-05-19 16:39 - 236609077 ____A C:\Users\Bill\Downloads\zzz-10765.mp4
2012-05-17 15:11 - 2012-06-25 13:56 - 12314624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-05-17 14:48 - 2012-06-25 13:56 - 09737728 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-05-17 14:45 - 2012-06-25 13:56 - 01800192 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-05-17 14:36 - 2012-06-25 13:56 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-05-17 14:35 - 2012-06-25 13:56 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-05-17 14:35 - 2012-06-25 13:56 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-05-17 14:33 - 2012-06-25 13:56 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-05-17 14:31 - 2012-06-25 13:56 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-05-17 14:29 - 2012-06-25 13:56 - 00716800 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-05-17 14:29 - 2012-06-25 13:56 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-05-17 14:27 - 2012-06-25 13:56 - 01793024 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-05-17 14:25 - 2012-06-25 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-05-17 14:24 - 2012-06-25 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-05-17 14:20 - 2012-06-25 13:56 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-05-14 17:05 - 2012-06-24 07:54 - 02343936 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-05-12 10:05 - 2011-04-30 19:22 - 00002479 ____A C:\Users\Public\Desktop\Safari.lnk
2012-05-12 05:13 - 2011-04-30 07:18 - 00114960 ____A C:\Users\Bill\AppData\Local\GDIPFONTCACHEV1.DAT
2012-05-08 15:26 - 2009-07-13 18:04 - 00000478 ____A C:\Windows\win.ini
2012-05-08 15:02 - 2012-05-08 15:02 - 00004314 ____A C:\Users\Bill\Documents\MS Office 2007.mds
2012-05-08 15:02 - 2012-05-08 14:58 - 1302560768 ____A C:\Users\Bill\Documents\MS Office 2007.iso
2012-05-03 15:07 - 2012-05-03 15:07 - 00008316 ____A C:\Users\Bill\Downloads\BUI-72.rtf
2012-04-30 20:44 - 2012-06-24 07:54 - 00164352 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-29 13:34 - 2012-04-29 13:33 - 03949785 ____A C:\Users\Bill\Downloads\Motorblok_demontage.wmv
2012-04-27 20:41 - 2012-06-24 07:55 - 00919040 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorets.dll
2012-04-27 19:17 - 2012-06-24 07:55 - 00183808 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-25 20:45 - 2012-06-24 07:54 - 00129536 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 20:45 - 2012-06-24 07:54 - 00058880 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 20:41 - 2012-06-24 07:54 - 00008192 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-23 20:36 - 2012-06-24 07:54 - 01158656 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 20:36 - 2012-06-24 07:54 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 20:36 - 2012-06-24 07:54 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-18 16:56 - 2012-04-18 16:56 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2012-04-18 16:56 - 2012-04-18 16:56 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts
2012-04-15 17:59 - 2012-04-15 17:59 - 00007649 ____A C:\Users\Bill\Downloads\Filter Tubes List.zip


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 34%
Total physical RAM: 1013.99 MB
Available physical RAM: 662.28 MB
Total Pagefile: 1013.99 MB
Available Pagefile: 658.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1969.93 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:74.52 GB) (Free:18.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
4 Drive f: (BRADS DRIVE) (Removable) (Total:0.93 GB) (Free:0.78 GB) FAT
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 74 GB 9 MB
Disk 1 No Media 0 B 0 B
Disk 2 Online 954 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 74 GB 31 KB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 C NTFS Partition 74 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 953 MB 16 KB

==================================================================================

Disk: 2
Partition 1
Type : 06
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 F BRADS DRIVE FAT Removable 953 MB Healthy

==================================================================================

==========================================================

Last Boot: 2012-07-07 23:52

======================= End Of Log ==========================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users